Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Easily ingest Microsoft Edge for Business data into CrowdStrike Falcon® Next-Gen SIEM for unified visibility across endpoints, browsers, and beyond. View browser security insights alongside other threat indicators to accelerate detection, minimize context switching, and improve triage accuracy.
Types of events generated by this data connector:
- Browser Extension Installations: Generates when a user installs a new browser extension.
- Password Events: Generates when a user creates or updates a password that is either reused across multiple sites or has been exposed in a known data breach.
- Interstitial Navigation Events: Generates when a user attempts to navigate to a website flagged as malicious—such as phishing, malware, or deceptive content.
Prerequisites
- Access to the Falcon Console with Administrator or Connector Manager permissions
- A valid CrowdStrike Falcon Next-Gen SIEM or Next-Gen SIEM 10GB subscription
- Microsoft Edge for Business managed via Microsoft 365 Admin Center
- Available CrowdStrike cloud: US-1, US-2, EU-1, or US-GOV-1
- Admin access to the Microsoft 365 Admin Center
Falcon Console Setup
1. Configure and activate the Microsoft Edge for Business Data Connector
In the Falcon Console, navigate to:
Data Connectors > Data Connectors > Data ConnectionsClick + Add connection.
Filter or sort to locate:
- Connector name: Microsoft Edge for Business Data Connector
- Vendor: Microsoft
- Product: Microsoft Edge Browser
- Connector Type: Push
- Author: Microsoft
In the New connection dialog, review metadata and click Configure.
If prompted with a pre-production state warning, click Accept to proceed.
Provide a name and optional description, accept the Terms and Conditions, then click Save.
Once saved, return to
Data Connectors > Data Connectors > Data Connections, click the menu (⋮) next to the Connector, and select Generate API key.Important: Copy and securely store the API Key and API URL. These values are displayed only once and are required for Microsoft 365 setup.
Configure the Connector in the Microsoft 365 Admin Center
2. Configure Microsoft Edge policies and Connector credentials
Go to: https://admin.microsoft.com
- Admins must set up a configuration policy to assign to any Connector configuration. Follow this guide to create a configuration policy.
- Once you have at least one configuration policy created, visit the Connectors page in the Edge Management Service to access the Connectors page in the Edge Management Service.
Navigate to:
Show all > Settings > Microsoft EdgeOn the Policies for Microsoft Edge page:
- Select the Configuration policies tab
- Click Create policy
- Name your policy
- Policy Type: Cloud
- Platform: Windows 10 and 11
- Assign to user groups or all users
- Review and create
Navigate to the Connectors tab.
In the CrowdStrike tile, click Set up.
Select the policy created above and enter:
- URL: Paste the API URL from the Falcon Console
- Port:
443 - API Key: Paste the generated API key
Click Test Connection to verify successful connectivity.
Under User & Browser Events, select the event types to forward, including:
- Extension Installations
- Password Events
- Interstitial Navigation Events
Click Save configuration.
Verify Setup
3. Confirm data ingestion into Falcon Next-Gen SIEM
Note
Wait at least 15 minutes after connector setup before verifying ingestion.
In the Falcon Console, return to:
Data Connectors > Data Connectors > Data ConnectionsConfirm the Status column reads Active.
Click the menu (⋮) under Actions, then select Show events.
In Advanced Event Search, confirm events appear by running the query:
If you need to manually verify data ingestion, run this query, and confirm that at least one match is generated
#Vendor = "microsoft" | #event.module = "edge"