How to List Microsoft Office Add-ins Across All Mac and Windows Devices
Using Kolide, you can easily view and query Microsoft Office Add-ins across your fleet.
Introduction
Microsoft Office Add-ins are plugins that extend the functionality of Microsoft Office programs like Word, Excel, PowerPoint, OneNote, Project, and Outlook.
Office Add-ins are built on web technologies and can do almost anything a standard web-app running in a browser can do. In practice, Office Add-ins can add new UI elements (like menus or toolbars), create new embeddable objects, or extend functionality (ex: automatically convert UPS tracking numbers into hyperlinks)
You can learn more about Microsoft Office Add-ins by reading Microsoft's developer documentation
What Microsoft Office Add-in Data Can Kolide Collect?
Kolide's endpoint agent bundles in osquery to efficiently collect Microsoft Office Add-ins from Mac and Windows devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.
Kolide meticulously documents every piece of data returned so you can understand the results.
Microsoft Office Add-ins Schema
| Column | Type | Description | |
|---|---|---|---|
| id | Primary Key |
Unique identifier for the object |
|
| device_id | Foreign Key |
Device associated with the entry |
|
| device_name | Text |
Display name of the device associated with the entry |
|
| addin_id | Text |
A unique identifier associated with the add-in |
|
| addin_store_id | Text |
The unique identifier associated with the Office add-in in the add-in store |
|
| addin_store_url | Text |
The url associated with the Office add-in in the add-in store Note on data collection: This value is |
|
| addin_type | Enum::Text |
The type of add-in Can be one of the following:
|
|
| capabilities | Text[] |
The list of compatible Office document types and products |
|
| default_locale | Text |
Specifies the default culture name of the locale used by strings in the Office Add-in |
|
| description | Text |
The author-provided description for the Office add-in |
|
| icon_url | Text |
An external URL to the icon associated with the add-in |
|
| microsoft_app_source_average_rating | Float |
The average rating (0 - 5) for this add-in in the Microsoft Office Add-Ons App Source directory |
|
| microsoft_app_source_latest_version | Text |
The latest version available for this add-in in the Microsoft Office Add-Ons App Source directory |
|
| microsoft_app_source_latest_version_released_at | Timestamp |
The time the latest version was published for this add-in Microsoft Office Add-Ons App Source directory |
|
| microsoft_app_source_report | Jsonb |
The raw JSON response from Microsoft Office Add-Ons App Source |
|
| microsoft_app_source_updated_at | Timestamp |
The freshness of the Microsoft Office Add-Ons App Source data associated with this add-in |
|
| name | Text |
The display name of the Office add-in |
|
| path | Text |
Path to the Office add-in's manifest |
|
| permissions | Text |
Specifies the level of API access for the Office add-in. Microsoft Office Add-in Permissions Reference |
|
| schema | Text |
The XMLNS specific version of the manifest spec |
|
| source_location_url | Text |
Specifies the source file locations for the Office Add-in |
|
| version | Text |
The text representation of the version |
|
| version_major | Bigint |
|
|
| version_minor | Bigint |
|
|
| version_patch | Bigint |
|
|
| version_subpatch | Bigint |
|
|
| version_pre | Text |
|
|
| version_build | Text |
|
|
| collected_at | Timestamp |
Time the row of data was first collected in the database |
|
| updated_at | Timestamp |
Time the row of data was last changed in the database |
|
What Can You Do With This Information?
Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:
SELECT
device_name,
CASE WHEN LENGTH(hostnames) > 63
THEN CONCAT(SUBSTRING(hostnames,1,64),'...')
ELSE hostnames
END AS hostnames_truncated,
address
FROM device_etc_hosts
WHERE hostnames ILIKE '%adobe%'| addin_name | permissions | version | device_name |
|---|---|---|---|
| Grammarly | ReadWriteDocument | 1.2.0.0 | Mac-mini |
| Grammarly | ReadWriteDocument | 1.2.0.0 | Jasons-MacBook-Pro |
| Grammarly | ReadWriteDocument | 1.2.0.0 | Ashleys-iMac |
| Grammarly | ReadWriteDocument | 1.2.0.0 | Larrys-MacBook-Pro |
| Grammarly | ReadWriteDocument | 1.2.0.0 | Lenovo-Thinkpad |
Why Should I Collect Microsoft Office Add-ins?
Microsoft Office Add-ins depending on their permissions, may have the ability to read and alter the content of documents.
Microsoft Office Add-ins are cataloged and tracked to facilitate a number of potential purposes, for example:
- Reviewing installed add-ins to verify the desired configuration of Microsoft Office (eg. PhishMe's extension is installed in Outlook)
- Discovering potential malicious add-ins
End-User Privacy Consideration
Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.
Microsoft Office Add-ins which you install could reveal suggestive details about the tools you like to use to generate documents or to assist with answering email (if you use Microsoft Outlook).
Cataloging Microsoft Add-ins will not allow Kolide admins to view documents, emails, or other sensitive materials authored in those programs.
When you use Kolide to list Microsoft Office Add-in data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.
