Credential Risk Detection is available to organizations on a Dashlane Business Plus plan.
Upgrade to Dashlane Business Plus
Estimated time to complete: 20 minutes
Admins can use the master data management (MDM) tool Group Policy (GPO) to set up Credential Risk Detection for company-managed Google Chrome and Microsoft Edge desktop browsers on Windows.
Note: You can't use Jamf on Windows or Intune and GPO on macOS.
More about Credential Risk Detection
What is GPO?
Looking to set up Risk detection on macOS using Jamf?
Looking to set up Risk detection on macOS using Intune?
Although Credential Risk Detection is most beneficial when rolled out to your entire organization, you can start with a smaller group (or just yourself) during setup and extend it to more employees anytime. To add more employees, update the groups included in your Credential Risk Detection policy.
Process overview
Prerequisites
Make sure you have the appropriate access needed to set up Credential Risk Detection:
- Admin access to a Dashlane Business Plus account
- Admin access to Group Policy (GPO) on Windows
- Permission to deploy policies to devices using GPO
Set up Credential Risk Detection on Windows using GPO
Setting up Risk Detection involves four main steps:
- Configure the Risk Detection policy
- Confirm the policy was applied correctly
- Deploy the Dashlane Extension
- Turn on Risk Detection
If you prefer, watch the Windows + GPO step-by-step video
Review insights and take action
After Credential Risk Detection is turned on, any at-risk passwords entered by employees in company-managed desktop browsers will be logged in the Activity Log and displayed on the Insights tab on the Risk Detection page.
When you identify an employee with risky password practices, you can invite them to your Dashlane plan. With Dashlane, they can use the Password Generator to create strong, secure passwords and store their credentials safely in an encrypted vault.
More about Risk Detection insights
1: Configure the Risk Detection policy
Don't skip this step, even if you've already deployed the Dashlane extension.
What if the extension has already been deployed?
You must deploy the Credential Risk Detection policies before you deploy the Dashlane extension. This order ensures the extension installs silently. If you don't deploy the policies to your targeted machines, your employees will be asked to log in to Dashlane on every login screen. If you deploy the extension before the policies, employees might create a personal account before the policies are applied.
What is a silent deployment?
A "silent deployment" of the Dashlane browser extension means installing the extension on employees' company-managed desktop browsers without any visible prompts or interaction needed from the employee. Admins must configure the managed device policy before they deploy Credential Risk Detection to avoid inadvertently notifying employees about Dashlane.
Note: If you're deploying to both Chrome and Edge, you must complete these steps for both browsers.
In the Dashlane Admin Console, start the setup:
- Open the Dashlane Admin Console
- From the menu, select Risk Detection. On the Risk Detection page, select Start setup.
- Select the Group Policy (GPO) tab and the browsers you're deploying to. Ensure your selection is accurate before downloading the XML files so your GPO is created correctly.
- In the Windows guidelines section, select Download all XML files.
- On a domain-joined server, open Group Policy Management, right-click and select Run as administrator. You're going to create a new Policy Object
- Right-click on Group Policy Object and select New
- You can name this new GPO CRD Policy and select OK
- Right-click on the CRD Policy you created and select Edit
- Go to User Configuration, Preferences, Windows Settings, Registry
- Drag the .xml templates you downloaded in the Admin Console and drop them in the Registry window
- Select Yes when asked if you want to import the pasted document.
- Close the Group Policy Management Editor
- Back in the Group Policy Management window, right-click your OU (organizational unit) from the "Group Policy Management" folder and select Link an Existing GPO.
- Select CRD Policy and OK
- Right-click on CRD Policy in the Domains folders and select Enforced
After performing these steps, the deployment might take up to eight hours, but it's usually faster.
2: Confirm the policy was applied correctly
To ensure Risk Detection's proactive threat monitoring doesn't alert or disrupt employees, you must wait for the policy to take effect in your MDM before deploying the Dashlane extension to enrolled devices and activating the feature.
Check the policy was applied:
- Using a device that was part of the group the script was deployed to, go to Registry Editor and select the following folders for Chrome and Edge:
HKEY_LOCAL_MACHINE > Software > Policies > Google > Chrome > 3rdparty > extensions
HKEY_LOCAL_MACHINE > Software > Policies > Microsoft > Edge > 3rdparty > extensions
- You'll see a folder named using the Dashlane Extension ID. Under that folder, the policy folder contains the actual values of the Risk Detection policy.
In the Dashlane Admin Console, confirm the policy was applied:
- On the Risk Detection page, go to step 2 and select the confirmation checkbox.
- Select Continue.
3: Deploy the Dashlane Extension
You can skip this step if you've previously deployed the extension.
You must deploy the Credential Risk Detection policies before you deploy the Dashlane extension. This order ensures the extension installs silently. If you don't deploy the policies to your targeted machines, your employees will be asked to log in to Dashlane on every login screen. If you deploy the extension before the policies, employees might create a personal account before the policies are applied.
Return to step 1 to deploy the policy
What if the extension has already been deployed?
If you're deploying to both Chrome and Edge, repeat these steps for each browser.
Create new GPO policy
- Open all folders within Group Policy Management until you see the "Group Policy Objects" folder. Right-click that folder and select New.
- In the New GPO pop-up, enter "DashlaneGPO" or "Dashlane Extension" for the Name and then select OK.
- Right-click your OU from the "Group Policy Management" folder and select Link an Existing GPO. For example, if the domain is "dashlanenyc.com" and the OU is "Dashlane-Client", the target computers are in the "Dashlane-Client" folder.
- In the Select GPO pop-up, select the "Dashlane-GPO" you created and select OK.
Download the template and configure the extension GPO in Chrome
- Download the “policy_templates.zip” template file
- Right-click the "policy_templates.zip" file in Explorer, select Rename, and rename it "chrome_policy_templates".
- Select the "chrome_policy_templates" file that you just renamed and then select Extract all.
- In the Select a Destination and Extract Files pop-up, select Browse, select your "Downloads" folder, and select Extract.
- In the "Downloads" folder, open the "chrome_policy_templates" folder that you just extracted, and open the "windows" folder inside it.
- In the "windows" folder, open the "admx" folder.
- Select the two files named "chrome.admx" and "google.admx", right-click the two files, and select Copy.
- Open "C:/Windows" in a new Explorer window, right-click on the "Policy Definitions" folder, and select Paste.
- Return to the "admx" folder again, open the "en-US" folder inside that, select the two files named "chrome.adml" and "google.adml", right-click the two files, and select Copy.
- Return to the "Policy Definitions" folder again, right-click the "en-US" folder, and select Paste.
- Right-click your OU from the "Group Policy Management" folder, as you did at the beginning of this article, and select Edit.
- In the Group Policy Management Editor, open "Computer Configuration", "Policies", "Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer, "Google", "Google Chrome", and "Extensions". Then right-click "Configure the list of force-installed apps and extensions" and select Edit.
- In the Configure the list of force-installed apps and extensions pop-up, select Enabled, and select Show. In the Show Contents pop-up, paste
fdjamakpfbbddfjaooikfcpapjohcfmg;https://clients2.google.com/service/update2/crxand select OK.
Download the template and configure the extension GPO in Edge
- Download Windows 64-bit Policy
- In the Download Microsoft Edge Policy File pop-up, select Accept and download.
- Open the "MicrosoftEdgePolicyTemplates" file you just downloaded in Explorer and save it to your "Downloads" folder.
- Select "MicrosoftEdgePolicyTemplates" file in your "Downloads" folder and then select Extract all.
- In the Select a Destination and Extract Files pop-up, select Browse, select your "Downloads" folder, and select Extract.
- In the "Downloads" folder, open the "MicrosoftEdgePolicyTemplates" folder that you just extracted, and open the "windows" folder inside it.
- In the "windows" folder, open the "admx" folder.
- Select the three files named "msedge.admx", "msedgeupdate.admx", and "msdegewebview2.admx", right-click the three files, and select Copy.
- Open "C:/Windows" in a new Explorer window, right-click on the "Policy Definitions" folder, and select Paste.
- Return to the "admx" folder again, open the "en-US" folder inside that, select the three files named "msedge.admx", "msedgeupdate.admx", and "msdegewebview2.admx", right-click the three files, and select Copy.
- Return to the "Policy Definitions" folder again, right-click the "en-US" folder, and select Paste.
- Right-click your OU from the "Group Policy Management" folder, as you did at the beginning of this article, and select Edit.
- In the Group Policy Management Editor, open "Computer Configuration", "Policies", "Administrative Templates: Policy definitions (ADMX files) retrieved from the local computer, "Microsoft Edge", and "Extensions". Then right-click "Control which extensions are installed silently" and select Edit.
- In the Configure the list of force-installed apps and extensions pop-up, select Enabled, and select Show. In the Show Contents pop-up, paste
gehmmocbbkpblljhkekmfhjpfbkclbph, and select OK.
In the Dashlane Admin Console:
- On the Risk Detection page, go back to step 3 and select Continue.
4: Turn on Risk Detection
Activate Risk Detection to get insights on risky password behavior across company devices. The associated activity logs detail the employee and the website accessed but don't include the password itself.
In the Dashlane Admin Console:
- On the Risk Detection page, go to step 4 and select Turn on.
After Credential Risk Detection is turned on, any at-risk passwords entered by employees in company-managed desktop browsers will be logged in the Activity Log and displayed on the Insights tab on the Risk Detection page.
When you identify an employee with risky password practices, you can invite them to your Dashlane plan. With Dashlane, they can use the Password Generator to create strong, secure passwords and store their credentials safely in an encrypted vault.
More about Risk Detection insights
Watch the Windows + GPO setup video
You can watch a step-by-step video of the Windows + GPO setup. Turn on the sound to hear the voiceover.
If you have any issues turning on this feature, please contact our Support team.
Contact an agent through the Admin Console
Chat with our bot
Common questions
The Dashlane extension has already been deployed to all members. How can I turn on Credential Risk Detection?
If the extension has already been deployed and you want to turn on Credential Risk Detection for existing employees, you can skip steps 2 and 3 in the setup guide. You can turn on the feature after deploying the Credential Risk Detection policy.
What is Microsoft's GPO?
A Group Policy Object (GPO) is a virtual collection of policy settings. Group Policy settings are contained in a GPO. A GPO can represent policy settings in the file system and in the Active Directory.