Edge Managed Deployment

Updated: May 13, 2026

Deploy the FireTail AI Monitor extension to Edge across your organisation with managed configuration, so end users never interact with credentials directly.

Edge is Chromium-based, so credentials are delivered via chrome.storage.managed. The extension reads this at startup; no user input is required.

The Edge add-on ID is: phkbmioaghjcghbdlabpdbnbafbbelij

Configuration reference

Key	Type	Required	Description
`firetailProjectToken`	string	Yes	FireTail project token. How to generate a project token
`firetailAPIRegion`	string	Yes	The region of the FireTail SaaS to use: `eu` or `us`

Windows - Intune (recommended)

Force-install the extension

In Intune, create a Settings catalog configuration profile for Windows 10 and later, targeting Microsoft Edge. Add the Control which extensions are installed silently (ExtensionInstallForcelist) setting with the following value:

<EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crx

Push managed credentials

In the same profile, add a custom OMA-URI:

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Edge~Policy~microsoft_edge~3rdparty~extensions~<EDGE_ADDON_ID>~policy
Data type: String
Value:

{
  "firetailProjectToken": "<PROJECT_TOKEN>",
  "firetailAPIRegion": "<REGION>"
}

Windows - Group Policy

Download the Microsoft Edge ADMX templates from Microsoft and copy them to your central policy store:

Copy-Item msedge.admx "C:\Windows\PolicyDefinitions\"
Copy-Item en-US\msedge.adml "C:\Windows\PolicyDefinitions\en-US\"

In Group Policy Management Console, navigate to: Computer Configuration -> Administrative Templates -> Microsoft Edge -> Extensions
Enable Configure extension management settings and paste:

{
  "<EDGE_ADDON_ID>": {
    "installation_mode": "force_installed",
    "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
    "toolbar_pin": "force_pinned"
  }
}

Under 3rd party extensions -> <EDGE_ADDON_ID> -> Extension policy, enable the policy and paste:

{
  "firetailProjectToken": "<PROJECT_TOKEN>",
  "firetailAPIRegion": "<REGION>"
}

Run gpupdate /force on a test device and restart Edge.

macOS - Jamf Pro

Deploy a configuration profile via your MDM (Jamf Pro, Intune, or Workspace ONE) targeting the com.microsoft.Edge domain. Set the scope to device-level so users cannot remove the extension.

Example plist fragment:

<key>ExtensionInstallForcelist</key>
<array>
  <string><EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
</array>
<key>3rdparty</key>
<dict>
  <key>extensions</key>
  <dict>
    <key><EDGE_ADDON_ID></key>
    <dict>
      <key>firetailProjectToken</key>
      <string><PROJECT_TOKEN></string>
      <key>firetailAPIRegion</key>
      <string><REGION></string>
    </dict>
  </dict>
</dict>

Linux - JSON policy files

Create the following files as root with permissions root:root / 0644.

/etc/opt/edge/policies/managed/firetail-install.json:

{
  "ExtensionInstallForcelist": [
    "<EDGE_ADDON_ID>;https://edge.microsoft.com/extensionwebstorebase/v1/crx"
  ]
}

/etc/opt/edge/policies/managed/firetail-config.json:

{
  "3rdparty": {
    "extensions": {
      "<EDGE_ADDON_ID>": {
        "firetailProjectToken": "<PROJECT_TOKEN>",
        "firetailAPIRegion": "<REGION>"
      }
    }
  }
}

Verifying the deployment

On a target device, open edge://policy. Confirm ExtensionInstallForcelist is present and the 3rdparty block for your extension ID shows status OK.
Open edge://extensions. The FireTail AI Monitor should be installed and not removable by the user.
Open the extension's service worker console (edge://extensions -> Details -> Inspect views: service worker) and run:

chrome.storage.managed.get(null).then(console.log)

You should see the exact payload you pushed.

Interact with an AI provider and confirm events appear in the FireTail platform.