we recently added much more fine grained control for extensions with the ExtensionSettings policy https://www.chromium.org/administrators/policy-list-3#ExtensionSettings (more details here https://www.chromium.org/administrators/policy-list-3/extension-settings-full ). It allows you to filter extensions by permissions for example which should allow you to achieve what you need. In your case simply blacklist all extensions that need the "vpnProvider" API and you should be safe. You can still selectively whitelist VPN extensions you require in your company.

Thank you - Is there a solution relevant to Chrome Browser on Windows? It seems that the vpnProvider API is only relevant for Chrome OS, so Chrome Extensions for Browser don't need to implement that API.  

Otherwise, this would be exactly what I am looking for.

I would guess that a vpn like extension on Windows will need at least the 
"proxy" permission to set the browser to make requests through its tunnel so blocking this API should be sufficient. If not you can share a particular extension you have in mind that needs to be blocked and this should help figure out what else permissions might need to be limited.

Yes! - pastarmovj@chromium.org - proxy setting working perfectly.  I looked for that yesterday but somehow missed it.  Sorry, but thanks for your assistance!

HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionSettings (Reg_SZ)> {"*":{"blocked_permissions": ["proxy"], "installation_mode":"blocked}}