View Other Properties

Contents

View Other Properties

How to List Microsoft Office Add-ins Across All Mac and Windows Devices

Using Kolide, you can easily view and query Microsoft Office Add-ins across your fleet.

Introduction

Microsoft Office Add-ins are plugins that extend the functionality of Microsoft Office programs like Word, Excel, PowerPoint, OneNote, Project, and Outlook.

Office Add-ins are built on web technologies and can do almost anything a standard web-app running in a browser can do. In practice, Office Add-ins can add new UI elements (like menus or toolbars), create new embeddable objects, or extend functionality (ex: automatically convert UPS tracking numbers into hyperlinks)

You can learn more about Microsoft Office Add-ins by reading Microsoft's developer documentation

What Microsoft Office Add-in Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Microsoft Office Add-ins from Mac and Windows devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Microsoft Office Add-ins Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

addin_id Text

A unique identifier associated with the add-in

addin_store_id Text

The unique identifier associated with the Office add-in in the add-in store

addin_store_url Text

The url associated with the Office add-in in the add-in store

Note on data collection: This value is NULL in situations where addin_store_id does not start with "WA"

addin_type Enum::Text

The type of add-in

Can be one of the following:

  • ContentApp - Allows new embeds
  • TaskPaneApp - Extends the UI via a pane
  • MailApp - Adds features to Microsoft Outlook
capabilities Text[]

The list of compatible Office document types and products

default_locale Text

Specifies the default culture name of the locale used by strings in the Office Add-in

description Text

The author-provided description for the Office add-in

icon_url Text

An external URL to the icon associated with the add-in

microsoft_app_source_average_rating Float

The average rating (0 - 5) for this add-in in the Microsoft Office Add-Ons App Source directory

microsoft_app_source_latest_version Text

The latest version available for this add-in in the Microsoft Office Add-Ons App Source directory

microsoft_app_source_latest_version_released_at Timestamp

The time the latest version was published for this add-in Microsoft Office Add-Ons App Source directory

microsoft_app_source_report Jsonb

The raw JSON response from Microsoft Office Add-Ons App Source

microsoft_app_source_updated_at Timestamp

The freshness of the Microsoft Office Add-Ons App Source data associated with this add-in

name Text

The display name of the Office add-in

path Text

Path to the Office add-in's manifest

permissions Text

Specifies the level of API access for the Office add-in. Microsoft Office Add-in Permissions Reference

schema Text

The XMLNS specific version of the manifest spec

source_location_url Text

Specifies the source file locations for the Office Add-in

version Text

The text representation of the version

version_major Bigint

version's semver major version (ex: 4.2.1 would yield 4)

version_minor Bigint

version's semver minor version (ex: 4.2.1 would yield 2)

version_patch Bigint

version's semver patch version (ex: 4.2.1 would yield 1)

version_subpatch Bigint

version's numeric status fourth position number (ex: 4.2.1.6 would yield 6)

version_pre Text

version's semver pre-release version (ex: 1.2.3-prerelease+build would yield pre-release)

version_build Text

version's semver build version (ex: 1.2.3-prerelease+build would yield build)

collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

What Can You Do With This Information?

Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:

Review and audit the installation of Potentially Unwanted Apps (eg. Grammarly)
Kolide SQL
SELECT 
  device_name, 
  CASE WHEN LENGTH(hostnames) > 63 
       THEN CONCAT(SUBSTRING(hostnames,1,64),'...') 
       ELSE hostnames 
    END AS hostnames_truncated,
  address
 FROM device_etc_hosts 
 WHERE hostnames ILIKE '%adobe%'
Example Results
addin_name permissions version device_name
Grammarly ReadWriteDocument 1.2.0.0 Mac-mini
Grammarly ReadWriteDocument 1.2.0.0 Jasons-MacBook-Pro
Grammarly ReadWriteDocument 1.2.0.0 Ashleys-iMac
Grammarly ReadWriteDocument 1.2.0.0 Larrys-MacBook-Pro
Grammarly ReadWriteDocument 1.2.0.0 Lenovo-Thinkpad

Why Should I Collect Microsoft Office Add-ins?

Microsoft Office Add-ins depending on their permissions, may have the ability to read and alter the content of documents.

Microsoft Office Add-ins are cataloged and tracked to facilitate a number of potential purposes, for example:

  • Reviewing installed add-ins to verify the desired configuration of Microsoft Office (eg. PhishMe's extension is installed in Outlook)
  • Discovering potential malicious add-ins

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

Microsoft Office Add-ins which you install could reveal suggestive details about the tools you like to use to generate documents or to assist with answering email (if you use Microsoft Outlook).

Cataloging Microsoft Add-ins will not allow Kolide admins to view documents, emails, or other sensitive materials authored in those programs.

When you use Kolide to list Microsoft Office Add-in data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.

Share this story:

Related Device Properties:

New
VSCode Extensions
software, extensions, ide, developers
New
Chrome Extensions
google, software, web-browsers, extensions
New
Firefox Add-ons
mozilla, software, web-browsers, extensions
View full list of Kolide's Device Properties
Book A Demo
Book A Demo