Add enterprise webhook policy parity across ADMX, deployment templates and docs

docs/deployment/chrome-edge-deployment-instructions/windows/manual-deployment.md

@@ -10,6 +10,7 @@ This script is designed to deploy the extension to both Chrome and Edge. It is r
 
 1. Review the Extension Configuration Settings and Custom Branding Settings variables and update those to your desired values. The current values in the script are the default values. Leaving any unchanged will set the defaults.
 2. If you are leveraging a RMM that has the ability to define the variables in the deployment section of scripting, then you may be able to remove this section and enter the variable definitions into the RMM scripting pages.
+3. For webhook deployment, configure `$enableGenericWebhook`, `$webhookUrl`, and `$webhookEvents` in the script. Supported events are documented in [Webhook Documentation](../../../webhooks.md).
 
 <a href="https://raw.githubusercontent.com/CyberDrain/Check/refs/heads/main/enterprise/Deploy-Windows-Chrome-and-Edge.ps1" class="button primary">Download the Script from GitHub</a>
 {% endtab %}

enterprise/Check-Extension-Policy.reg

@@ -13,16 +13,25 @@ Windows Registry Editor Version 5.00
 "showNotifications"=dword:00000001
 "enableValidPageBadge"=dword:00000000
 "enablePageBlocking"=dword:00000001
-"enableCippReporting"=dword:00000001
-"cippServerUrl"=""
-"cippTenantId"=""
-"customRulesUrl"=""
-"updateInterval"=dword:00000018
-"enableDebugLogging"=dword:00000000
-
-; Custom branding configuration
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\customBranding]
-"companyName"="CyberDrain"
+"enableCippReporting"=dword:00000001
+"cippServerUrl"=""
+"cippTenantId"=""
+"customRulesUrl"=""
+"updateInterval"=dword:00000018
+"enableDebugLogging"=dword:00000000
+
+; Generic webhook configuration (optional)
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\genericWebhook]
+"enabled"=dword:00000000
+"url"=""
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\genericWebhook\events]
+"1"="detection_alert"
+"2"="page_blocked"
+
+; Custom branding configuration
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\customBranding]
+"companyName"="CyberDrain"
 "productName"="Check"
 "supportEmail"=""
 "primaryColor"="#F77F00"
@@ -45,16 +54,25 @@ Windows Registry Editor Version 5.00
 "showNotifications"=dword:00000001
 "enableValidPageBadge"=dword:00000000
 "enablePageBlocking"=dword:00000001
-"enableCippReporting"=dword:00000001
-"cippServerUrl"=""
-"cippTenantId"=""
-"customRulesUrl"=""
-"updateInterval"=dword:00000018
-"enableDebugLogging"=dword:00000000
-
-; Custom branding configuration for Chrome
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\customBranding]
-"companyName"="CyberDrain"
+"enableCippReporting"=dword:00000001
+"cippServerUrl"=""
+"cippTenantId"=""
+"customRulesUrl"=""
+"updateInterval"=dword:00000018
+"enableDebugLogging"=dword:00000000
+
+; Generic webhook configuration for Chrome (optional)
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\genericWebhook]
+"enabled"=dword:00000000
+"url"=""
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\genericWebhook\events]
+"1"="detection_alert"
+"2"="page_blocked"
+
+; Custom branding configuration for Chrome
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\customBranding]
+"companyName"="CyberDrain"
 "productName"="Check"
 "supportEmail"=""
 "primaryColor"="#F77F00"

enterprise/README.md

@@ -26,8 +26,9 @@ This folder contains enterprise deployment resources for the Check Microsoft 365
 ## Quick Links
 
 - **Chrome/Edge Deployment**: See `Deploy-Windows-Chrome-and-Edge.ps1` for Windows, `macos-linux/` for macOS/Linux
-- **Firefox Deployment**: See `firefox/policies.json` template and [Firefox Deployment Guide](../docs/deployment/firefox-deployment.md)
-- **Configuration Schema**: See `../config/managed_schema.json` for all available settings
+- **Firefox Deployment**: See `firefox/policies.json` template and [Firefox Deployment Guide](../docs/deployment/firefox-deployment.md)
+- **Configuration Schema**: See `../config/managed_schema.json` for all available settings
+- **Webhook Configuration**: See `../docs/webhooks.md` for webhook payloads and supported event types
 
 ## Security Considerations
 

enterprise/Remove-Windows-Chrome-and-Edge.ps1

@@ -58,6 +58,41 @@ function Remove-ExtensionSettings {
             }
         }
 
+        # Remove generic webhook subkey and event properties
+        $genericWebhookKey = "$ManagedStorageKey\genericWebhook"
+        if (Test-Path $genericWebhookKey) {
+            $webhookEventsKey = "$genericWebhookKey\events"
+            if (Test-Path $webhookEventsKey) {
+                $eventProperties = Get-ItemProperty -Path $webhookEventsKey -ErrorAction SilentlyContinue
+                if ($eventProperties) {
+                    $eventProperties.PSObject.Properties | Where-Object { $_.Name -match '^\d+$' } | ForEach-Object {
+                        Remove-ItemProperty -Path $webhookEventsKey -Name $_.Name -Force -ErrorAction SilentlyContinue
+                        Write-Host "Removed webhook event property: $($_.Name) from $webhookEventsKey"
+                    }
+                }
+                try {
+                    Remove-Item -Path $webhookEventsKey -Force -ErrorAction SilentlyContinue
+                    Write-Host "Removed webhook events subkey: $webhookEventsKey"
+                } catch {
+                    # Key may not be empty or may have been removed already
+                }
+            }
+
+            foreach ($property in @("enabled", "url")) {
+                if (Get-ItemProperty -Path $genericWebhookKey -Name $property -ErrorAction SilentlyContinue) {
+                    Remove-ItemProperty -Path $genericWebhookKey -Name $property -Force -ErrorAction SilentlyContinue
+                    Write-Host "Removed generic webhook property: $property from $genericWebhookKey"
+                }
+            }
+
+            try {
+                Remove-Item -Path $genericWebhookKey -Force -ErrorAction SilentlyContinue
+                Write-Host "Removed generic webhook subkey: $genericWebhookKey"
+            } catch {
+                # Key may not be empty or may have been removed already
+            }
+        }
+
         # Remove custom branding subkey and all its properties
         $customBrandingKey = "$ManagedStorageKey\customBranding"
         if (Test-Path $customBrandingKey) {

enterprise/Test-Extension-Policy.ps1

@@ -33,6 +33,12 @@ $testBranding = @{
   logoUrl = ""
 }
 
+$testGenericWebhook = @{
+  enabled = 0
+  url = ""
+  events = @("detection_alert", "page_blocked")
+}
+
 function Set-TestPolicies {
   param([string]$PolicyKey)
 
@@ -55,6 +61,22 @@ function Set-TestPolicies {
   foreach ($key in $testBranding.Keys) {
     New-ItemProperty -Path $brandingKey -Name $key -PropertyType String -Value $testBranding[$key] -Force | Out-Null
   }
+
+  $genericWebhookKey = "$PolicyKey\genericWebhook"
+  if (!(Test-Path $genericWebhookKey)) {
+    New-Item -Path $genericWebhookKey -Force | Out-Null
+  }
+  New-ItemProperty -Path $genericWebhookKey -Name "enabled" -PropertyType DWord -Value $testGenericWebhook.enabled -Force | Out-Null
+  New-ItemProperty -Path $genericWebhookKey -Name "url" -PropertyType String -Value $testGenericWebhook.url -Force | Out-Null
+
+  $webhookEventsKey = "$genericWebhookKey\events"
+  if (!(Test-Path $webhookEventsKey)) {
+    New-Item -Path $webhookEventsKey -Force | Out-Null
+  }
+  Remove-ItemProperty -Path $webhookEventsKey -Name * -Force -ErrorAction SilentlyContinue | Out-Null
+  for ($i = 0; $i -lt $testGenericWebhook.events.Count; $i++) {
+    New-ItemProperty -Path $webhookEventsKey -Name ($i + 1) -PropertyType String -Value $testGenericWebhook.events[$i] -Force | Out-Null
+  }
 
   Write-Output "Applied test policies to: $PolicyKey"
 }
@@ -71,6 +93,12 @@ function Show-CurrentPolicies {
       Write-Output "`nCustom Branding:"
       Get-ItemProperty -Path $brandingKey | Format-List
     }
+
+    $genericWebhookKey = "$PolicyKey\genericWebhook"
+    if (Test-Path $genericWebhookKey) {
+      Write-Output "`nGeneric Webhook:"
+      Get-ItemProperty -Path $genericWebhookKey | Format-List
+    }
   } else {
     Write-Output "No policies set at: $PolicyKey"
   }

enterprise/admx/Check-Extension.admx

@@ -113,14 +113,44 @@
       </elements>
     </policy>
 
-    <!-- CIPP Tenant ID -->
-    <policy name="CheckCippTenantId" class="Machine" displayName="$(string.CheckCippTenantId)" explainText="$(string.CheckCippTenantId_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy" presentation="$(presentation.CheckCippTenantId)">
-      <parentCategory ref="CheckExtensionEdge" />
-      <supportedOn ref="SUPPORTED_WIN7" />
-      <elements>
-        <text id="CippTenantId" valueName="cippTenantId" />
-      </elements>
-    </policy>
+    <!-- CIPP Tenant ID -->
+    <policy name="CheckCippTenantId" class="Machine" displayName="$(string.CheckCippTenantId)" explainText="$(string.CheckCippTenantId_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy" presentation="$(presentation.CheckCippTenantId)">
+      <parentCategory ref="CheckExtensionEdge" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <text id="CippTenantId" valueName="cippTenantId" />
+      </elements>
+    </policy>
+
+    <!-- Generic Webhook Enabled -->
+    <policy name="CheckGenericWebhookEnabled" class="Machine" displayName="$(string.CheckGenericWebhookEnabled)" explainText="$(string.CheckGenericWebhookEnabled_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\genericWebhook" valueName="enabled">
+      <parentCategory ref="CheckExtensionEdge" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <enabledValue>
+        <decimal value="1" />
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0" />
+      </disabledValue>
+    </policy>
+
+    <!-- Generic Webhook URL -->
+    <policy name="CheckGenericWebhookUrl" class="Machine" displayName="$(string.CheckGenericWebhookUrl)" explainText="$(string.CheckGenericWebhookUrl_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\genericWebhook" presentation="$(presentation.CheckGenericWebhookUrl)">
+      <parentCategory ref="CheckExtensionEdge" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <text id="GenericWebhookUrl" valueName="url" />
+      </elements>
+    </policy>
+
+    <!-- Generic Webhook Events -->
+    <policy name="CheckGenericWebhookEvents" class="Machine" displayName="$(string.CheckGenericWebhookEvents)" explainText="$(string.CheckGenericWebhookEvents_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy\genericWebhook\events" presentation="$(presentation.CheckGenericWebhookEvents)">
+      <parentCategory ref="CheckExtensionEdge" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <list id="GenericWebhookEventsList" valueName="events" valuePrefix="" />
+      </elements>
+    </policy>
 
     <!-- Custom Rules URL -->
     <policy name="CheckCustomRulesUrl" class="Machine" displayName="$(string.CheckCustomRulesUrl)" explainText="$(string.CheckCustomRulesUrl_Explain)" key="SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\knepjpocdagponkonnbggpcnhnaikajg\policy" presentation="$(presentation.CheckCustomRulesUrl)">
@@ -297,14 +327,44 @@
       </elements>
     </policy>
 
-    <!-- CIPP Tenant ID - Chrome -->
-    <policy name="CheckCippTenantIdChrome" class="Machine" displayName="$(string.CheckCippTenantIdChrome)" explainText="$(string.CheckCippTenantIdChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy" presentation="$(presentation.CheckCippTenantIdChrome)">
-      <parentCategory ref="CheckExtensionChrome" />
-      <supportedOn ref="SUPPORTED_WIN7" />
-      <elements>
-        <text id="CippTenantIdChrome" valueName="cippTenantId" />
-      </elements>
-    </policy>
+    <!-- CIPP Tenant ID - Chrome -->
+    <policy name="CheckCippTenantIdChrome" class="Machine" displayName="$(string.CheckCippTenantIdChrome)" explainText="$(string.CheckCippTenantIdChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy" presentation="$(presentation.CheckCippTenantIdChrome)">
+      <parentCategory ref="CheckExtensionChrome" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <text id="CippTenantIdChrome" valueName="cippTenantId" />
+      </elements>
+    </policy>
+
+    <!-- Generic Webhook Enabled - Chrome -->
+    <policy name="CheckGenericWebhookEnabledChrome" class="Machine" displayName="$(string.CheckGenericWebhookEnabledChrome)" explainText="$(string.CheckGenericWebhookEnabledChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\genericWebhook" valueName="enabled">
+      <parentCategory ref="CheckExtensionChrome" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <enabledValue>
+        <decimal value="1" />
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0" />
+      </disabledValue>
+    </policy>
+
+    <!-- Generic Webhook URL - Chrome -->
+    <policy name="CheckGenericWebhookUrlChrome" class="Machine" displayName="$(string.CheckGenericWebhookUrlChrome)" explainText="$(string.CheckGenericWebhookUrlChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\genericWebhook" presentation="$(presentation.CheckGenericWebhookUrlChrome)">
+      <parentCategory ref="CheckExtensionChrome" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <text id="GenericWebhookUrlChrome" valueName="url" />
+      </elements>
+    </policy>
+
+    <!-- Generic Webhook Events - Chrome -->
+    <policy name="CheckGenericWebhookEventsChrome" class="Machine" displayName="$(string.CheckGenericWebhookEventsChrome)" explainText="$(string.CheckGenericWebhookEventsChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy\genericWebhook\events" presentation="$(presentation.CheckGenericWebhookEventsChrome)">
+      <parentCategory ref="CheckExtensionChrome" />
+      <supportedOn ref="SUPPORTED_WIN7" />
+      <elements>
+        <list id="GenericWebhookEventsListChrome" valueName="events" valuePrefix="" />
+      </elements>
+    </policy>
 
     <!-- Custom Rules URL - Chrome -->
     <policy name="CheckCustomRulesUrlChrome" class="Machine" displayName="$(string.CheckCustomRulesUrlChrome)" explainText="$(string.CheckCustomRulesUrlChrome_Explain)" key="SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\benimdeioplgkhanklclahllklceahbe\policy" presentation="$(presentation.CheckCustomRulesUrlChrome)">