Firefox Managed Deployment

Deploy the FireTail AI Monitor extension to Firefox across your organisation with managed configuration, so end users never interact with credentials directly.

Firefox supports two deployment mechanisms:

• Enterprise Policy (recommended for Windows environments using Intune or Group Policy)
• Managed Storage Native Manifest (all platforms)

The Firefox extension ID is: firetail-ai-monitor@firetail.app

Configuration reference

Windows - Intune (Enterprise Policy)

1. Download the Firefox ADMX templates from Mozilla.
2. In Intune, go to Devices -> Configuration profiles -> Create -> Windows 10 and later -> Imported Administrative Templates, and upload firefox.admx and firefox.adml.
3. Set the 3rd Party Extension Settings policy:

{
  "firetail-ai-monitor@firetail.app": {
    "firetailProjectToken": "<PROJECT_TOKEN>",
    "firetailAPIRegion": "<REGION>"
  }
}

4. Set the Extension Settings policy to force-install the extension:

{
  "firetail-ai-monitor@firetail.app": {
    "installation_mode": "force_installed",
    "install_url": "https://addons.mozilla.org/firefox/downloads/latest/firetail-ai-monitor/latest.xpi"
  }
}

5. Assign the profile to your device or user groups and sync.

Windows - Group Policy

1. Install the Firefox ADMX templates on your domain controller:

Copy-Item firefox.admx "C:\Windows\PolicyDefinitions\"
Copy-Item en-US\firefox.adml "C:\Windows\PolicyDefinitions\en-US\"

2. In Group Policy Management Console, create or edit a GPO for your target OU and navigate to: Computer Configuration -> Administrative Templates -> Mozilla -> Firefox
3. Configure 3rd Party Extension Settings with the credential payload.
4. Configure Extension Settings to force-install the extension.
5. Run gpupdate /force on a test device and restart Firefox.

All platforms - Managed Storage Native Manifest

Deploy a JSON file to a system-protected location. Firefox reads this at startup and populates browser.storage.managed. The file should not be modifiable by standard users.

Create a file named firetail-ai-monitor@firetail.app.json:

{
  "name": "firetail-ai-monitor@firetail.app",
  "description": "FireTail AI Monitor managed configuration",
  "type": "storage",
  "data": {
    "firetailProjectToken": "<PROJECT_TOKEN>",
    "firetailAPIRegion": "<REGION>"
  }
}

Place the file in the appropriate system-protected directory:

On macOS and Linux, set file permissions to root:root / 0644.

Windows - Intune PowerShell script

$path = "C:\ProgramData\Mozilla\ManagedStorage\firetail-ai-monitor@firetail.app.json"
New-Item -ItemType Directory -Force -Path (Split-Path $path) | Out-Null
@{
    name        = "firetail-ai-monitor@firetail.app"
    description = "FireTail AI Monitor managed configuration"
    type        = "storage"
    data        = @{
        firetailProjectToken = "<PROJECT_TOKEN>"
      firetailAPIRegion    = "<REGION>"
    }
} | ConvertTo-Json -Depth 3 | Set-Content -Path $path -Force

macOS - Jamf Pro script

MANIFEST="/Library/Application Support/Mozilla/ManagedStorage/firetail-ai-monitor@firetail.app.json"
mkdir -p "$(dirname "$MANIFEST")"
cat > "$MANIFEST" <<'EOF'
{
  "name": "firetail-ai-monitor@firetail.app",
  "description": "FireTail AI Monitor managed configuration",
  "type": "storage",
  "data": {
    "firetailProjectToken": "<PROJECT_TOKEN>",
    "firetailAPIRegion": "<REGION>"
  }
}
EOF
chown root:wheel "$MANIFEST"
chmod 644 "$MANIFEST"

Verifying the deployment

1. Open about:policies in Firefox — the FireTail policy should be listed.
2. In the browser console, run:

browser.storage.managed.get().then(console.log)

You should see the exact payload you deployed. Note that browser.storage.managed.set() will throw an error — managed storage is intentionally read-only.

3. Interact with an AI provider and confirm events appear in the FireTail platform.