Edge Managed Deployment
Updated: May 25, 2026
Deploy the FireTail AI Monitor extension to Edge across your organisation with managed configuration, so end users never interact with credentials directly.
Edge is Chromium-based, so credentials are delivered via chrome.storage.managed. The extension reads this at startup; no user input is required.
If you are deploying the browser extension from the ZIP file below, follow the steps for manual deployment below to find the Edge add-on ID. Otherwise, the Edge add-on ID is phkbmioaghjcghbdlabpdbnbafbbelij.
Download for Edge
Configuration reference
| Key | Type | Required | Description |
|---|---|---|---|
firetailProjectToken |
string | Yes | FireTail project token. How to generate a project token |
firetailAPIRegion |
string | Yes | The region of the FireTail SaaS to use: eu or us |
macOS - Manual Deployment
- Download the ZIP file above and extract it.
- Visit edge://extensions/ and toggle on Developer mode.
- Click Load unpacked, then select the extracted folder.
- Locate the ID for the new FireTail Edge add-on.
- Create a new file and paste in the plist fragment below.
- Replace
<EDGE_ADDON_ID>and<REGION>with your values. - Generate two UUIDs and replace both instances of
<GENERATED_UUID>. - Save as
edge-firetail.mobileconfig.
- Replace
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadType</key> <string>Configuration</string>
<key>PayloadVersion</key> <integer>1</integer>
<key>PayloadScope</key> <string>System</string>
<key>PayloadIdentifier</key> <string>com.firetail.edge.extension</string>
<key>PayloadUUID</key> <string><GENERATED_UUID></string>
<key>PayloadDisplayName</key> <string>Firetail Edge Extension Policy</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string>
<key>PayloadVersion</key> <integer>1</integer>
<key>PayloadIdentifier</key> <string>com.firetail.edge.extension.mcx</string>
<key>PayloadUUID</key> <string><GENERATED_UUID></string>
<key>PayloadEnabled</key> <true/>
<key>PayloadContent</key>
<dict>
<key>com.microsoft.Edge</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ExtensionSettings</key>
<dict>
<key><EDGE_ADDON_ID></key>
<dict>
<key>firetailAPIRegion</key>
<string><REGION></string>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>- Open a terminal and run the following command to ensure a clean installation:
sudo profiles remove -identifier com.firetail.edge.extension. - Open
edge-firetail.mobileconfigto install the FireTail Edge Extension Policy.- You may be prompted to open System Settings to approve and complete installation.
- Run the following commands in a terminal, then reopen Edge:
sudo killall cfprefsd
sudo killall EdgeWindows - Intune (recommended)
Force-install the extension
In Intune, create a Settings catalog configuration profile for Windows 10 and later, targeting Microsoft Edge. Add the Control which extensions are installed silently (ExtensionInstallForcelist) setting with the following value:
<EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crxPush managed credentials
In the same profile, add a custom OMA-URI:
- OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Edge~Policy~microsoft_edge~3rdparty~extensions~<EDGE_ADDON_ID>~policy - Data type: String
- Value:
{
"firetailProjectToken": "<PROJECT_TOKEN>",
"firetailAPIRegion": "<REGION>"
}Windows - Group Policy
- Download the Microsoft Edge ADMX templates from Microsoft and copy them to your central policy store:
Copy-Item msedge.admx "C:\Windows\PolicyDefinitions\"
Copy-Item en-US\msedge.adml "C:\Windows\PolicyDefinitions\en-US\"- In Group Policy Management Console, navigate to:
Computer Configuration -> Administrative Templates -> Microsoft Edge -> Extensions - Enable Configure extension management settings and paste:
{
"<EDGE_ADDON_ID>": {
"installation_mode": "force_installed",
"update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
"toolbar_pin": "force_pinned"
}
}- Under 3rd party extensions ->
<EDGE_ADDON_ID>-> Extension policy, enable the policy and paste:
{
"firetailProjectToken": "<PROJECT_TOKEN>",
"firetailAPIRegion": "<REGION>"
}- Run
gpupdate /forceon a test device and restart Edge.
macOS - Jamf Pro
Deploy a configuration profile via your MDM (Jamf Pro, Intune, or Workspace ONE) targeting the com.microsoft.Edge domain. Set the scope to device-level so users cannot remove the extension.
Example plist fragment:
<key>ExtensionInstallForcelist</key>
<array>
<string><EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
</array>
<key>3rdparty</key>
<dict>
<key>extensions</key>
<dict>
<key><EDGE_ADDON_ID></key>
<dict>
<key>firetailProjectToken</key>
<string><PROJECT_TOKEN></string>
<key>firetailAPIRegion</key>
<string><REGION></string>
</dict>
</dict>
</dict>Linux - JSON policy files
Create the following files as root with permissions root:root / 0644.
/etc/opt/edge/policies/managed/firetail-install.json:
{
"ExtensionInstallForcelist": [
"<EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crx"
]
}/etc/opt/edge/policies/managed/firetail-config.json:
{
"3rdparty": {
"extensions": {
"<EDGE_ADDON_ID>": {
"firetailProjectToken": "<PROJECT_TOKEN>",
"firetailAPIRegion": "<REGION>"
}
}
}
}Verifying the deployment
- On a target device, open
edge://policy. ConfirmExtensionInstallForcelistis present and the3rdpartyblock for your extension ID shows status OK. - Open
edge://extensions. The FireTail AI Monitor should be installed and not removable by the user. - Open the extension's service worker console (
edge://extensions-> Details -> Inspect views: service worker) and run:
chrome.storage.managed.get(null).then(console.log)You should see the exact payload you pushed.
- Interact with an AI provider and confirm events appear in the FireTail platform.