Overview Deploy the Velatir browser extension to managed devices with pre-configured settings. This guide covers deployment via Microsoft Intune (Windows), SCCM / Configuration Manager (Windows), and Jamf Pro (macOS).
Extension Details Browser Extension ID Store Link Chrome bbiokppljpbjgiogcoggjnfffbeiihjaChrome Web Store Edge phgnjcoglpdamjjmidheehacjbkgkoocEdge Add-ons Firefox velatir@velatir.comFirefox Add-ons
Managed Configuration The extension accepts configuration via managed storage:
Property Type Description apiTokenstring Your Velatir API key organizationNamestring Display name shown in the extension
Additional properties (endpoint, organizationId, enabledServices) are available for advanced configurations. Contact support if you need these.
Microsoft Intune (Windows) Method A: MSI via Line-of-Business App (Recommended) This is the simplest and most reliable method. It works on all Windows editions (Pro, Enterprise, Education), deploys to all browsers in one step, and configures the API token and organisation name automatically.
Contact hello@velatir.com to request the MSI installer file.
MSI Properties Property Required Description API_TOKENYes Your Velatir API token (e.g., vltr_...) ORGANIZATION_NAMEYes Your organisation’s display name shown in the extension ADDLOCALNo Comma-separated list of browsers. Defaults to all. Options: Chrome, Edge, Firefox
Steps
Sign in to the Microsoft Intune admin center
Navigate to Apps > All apps , then click + Add
Select Line-of-Business app as the App Type
Upload VelatirExtension.msi in the App package file field and click OK
In App information , fill in the following:
Name : Velatir Browser ExtensionDescription : Velatir AI compliance browser extensionPublisher : VelatirSet Ignore app version to No
In the Command-line arguments field, enter:
/qn API_TOKEN="vltr_yourApiTokenHere" ORGANIZATION_NAME="Your Organization"
Click OK , then click Next
In the Assignments tab, click Add group and select the device groups to deploy to
Click Next , review your configuration, and click Create
To deploy to specific browsers only , add ADDLOCAL to the command-line arguments:/qn API_TOKEN="vltr_yourApiTokenHere" ORGANIZATION_NAME="Your Organization" ADDLOCAL=Chrome,Edge
Updating the API Token To rotate the API token, update the command-line arguments with the new token value and redeploy. Reinstalling overwrites the existing registry keys:
/qn API_TOKEN="vltr_newTokenHere" ORGANIZATION_NAME="Your Organization"
The MSI writes registry keys to force-install the extension from each browser’s official store and configure managed storage with your API token. No files are copied beyond a marker in Program Files\Velatir. Uninstalling removes all registry keys cleanly.
Intune Remediations require Windows Enterprise or Education editions. They silently do nothing on Windows Pro . No error is shown and the scripts will not execute. If your fleet includes Windows Pro devices, use Method A: MSI via Line-of-Business App instead.
Use this method to write registry keys directly via PowerShell scripts. This gives you fine-grained control over per-browser deployment.
Go to Devices > Remediations > Create script package
Name it (e.g., “Velatir Chrome Extension Deployment”)
Add the detection and remediation scripts for your browser (see tabs below)
Configure the script package:
Run this script using the logged-on credentials: No
Enforce script signature check: No
Run script in 64-bit PowerShell: Yes
Assign to your device groups
Set the schedule (e.g., once per day)
Chrome
Edge
Firefox (Registry)
Firefox (policies.json)
Detection script (Detect-VelatirChrome.ps1):$ExtensionId = "bbiokppljpbjgiogcoggjnfffbeiihja" $ForcelistPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" $PolicyPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\ $ExtensionId \policy" # Check if extension is in force install list $ForcelistExists = $false if ( Test-Path $ForcelistPath ) { $Values = Get-ItemProperty - Path $ForcelistPath - ErrorAction SilentlyContinue foreach ( $Property in $Values .PSObject.Properties ) { if ( $Property .Value -like " $ExtensionId ;*" ) { $ForcelistExists = $true break } } } # Check if policy configuration exists $PolicyExists = ( Test-Path $PolicyPath ) -and ( Get-ItemProperty - Path $PolicyPath - Name "apiToken" - ErrorAction SilentlyContinue) if ( $ForcelistExists -and $PolicyExists ) { Write-Output "Velatir Chrome extension is configured" exit 0 } else { Write-Output "Velatir Chrome extension needs configuration" exit 1 }
Remediation script (Remediate-VelatirChrome.ps1):# Configuration - UPDATE THESE VALUES $ApiToken = "your-api-token-here" $OrganizationName = "Your Organization" # Extension details $ExtensionId = "bbiokppljpbjgiogcoggjnfffbeiihja" $UpdateUrl = "https://clients2.google.com/service/update2/crx" # Registry paths $ForcelistPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" $PolicyPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\ $ExtensionId \policy" # Create ExtensionInstallForcelist if ( -not ( Test-Path $ForcelistPath )) { New-Item - Path $ForcelistPath - Force | Out-Null } # Find next available index $NextIndex = 1 $ExistingValues = Get-ItemProperty - Path $ForcelistPath - ErrorAction SilentlyContinue if ( $ExistingValues ) { $Indices = $ExistingValues .PSObject.Properties | Where-Object { $_ .Name -match '^\d+$' } | ForEach-Object { [ int ] $_ .Name } if ( $Indices ) { $NextIndex = ( $Indices | Measure-Object - Maximum).Maximum + 1 } # Check if already exists foreach ( $Property in $ExistingValues .PSObject.Properties ) { if ( $Property .Value -like " $ExtensionId ;*" ) { $NextIndex = $null break } } } if ( $NextIndex ) { Set-ItemProperty - Path $ForcelistPath - Name $NextIndex - Value " $ExtensionId ; $UpdateUrl " } # Create 3rdparty policy configuration if ( -not ( Test-Path $PolicyPath )) { New-Item - Path $PolicyPath - Force | Out-Null } Set-ItemProperty - Path $PolicyPath - Name "apiToken" - Value $ApiToken - Type String Set-ItemProperty - Path $PolicyPath - Name "organizationName" - Value $OrganizationName - Type String Write-Output "Velatir Chrome extension configured successfully"
Detection script (Detect-VelatirEdge.ps1):$ExtensionId = "phgnjcoglpdamjjmidheehacjbkgkooc" $ForcelistPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" $PolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\ $ExtensionId \policy" $ForcelistExists = $false if ( Test-Path $ForcelistPath ) { $Values = Get-ItemProperty - Path $ForcelistPath - ErrorAction SilentlyContinue foreach ( $Property in $Values .PSObject.Properties ) { if ( $Property .Value -like " $ExtensionId ;*" ) { $ForcelistExists = $true break } } } $PolicyExists = ( Test-Path $PolicyPath ) -and ( Get-ItemProperty - Path $PolicyPath - Name "apiToken" - ErrorAction SilentlyContinue) if ( $ForcelistExists -and $PolicyExists ) { Write-Output "Velatir Edge extension is configured" exit 0 } else { Write-Output "Velatir Edge extension needs configuration" exit 1 }
Remediation script (Remediate-VelatirEdge.ps1):# Configuration - UPDATE THESE VALUES $ApiToken = "your-api-token-here" $OrganizationName = "Your Organization" # Extension details $ExtensionId = "phgnjcoglpdamjjmidheehacjbkgkooc" $UpdateUrl = "https://edge.microsoft.com/extensionwebstorebase/v1/crx" # Registry paths $ForcelistPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" $PolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\ $ExtensionId \policy" # Create ExtensionInstallForcelist if ( -not ( Test-Path $ForcelistPath )) { New-Item - Path $ForcelistPath - Force | Out-Null } $NextIndex = 1 $ExistingValues = Get-ItemProperty - Path $ForcelistPath - ErrorAction SilentlyContinue if ( $ExistingValues ) { $Indices = $ExistingValues .PSObject.Properties | Where-Object { $_ .Name -match '^\d+$' } | ForEach-Object { [ int ] $_ .Name } if ( $Indices ) { $NextIndex = ( $Indices | Measure-Object - Maximum).Maximum + 1 } foreach ( $Property in $ExistingValues .PSObject.Properties ) { if ( $Property .Value -like " $ExtensionId ;*" ) { $NextIndex = $null break } } } if ( $NextIndex ) { Set-ItemProperty - Path $ForcelistPath - Name $NextIndex - Value " $ExtensionId ; $UpdateUrl " } # Create 3rdparty policy configuration if ( -not ( Test-Path $PolicyPath )) { New-Item - Path $PolicyPath - Force | Out-Null } Set-ItemProperty - Path $PolicyPath - Name "apiToken" - Value $ApiToken - Type String Set-ItemProperty - Path $PolicyPath - Name "organizationName" - Value $OrganizationName - Type String Write-Output "Velatir Edge extension configured successfully"
Detection script (Detect-VelatirFirefox.ps1):$ExtensionId = "velatir@velatir.com" $ExtensionSettingsPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox" $PolicyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\ $ExtensionId " # Check if ExtensionSettings contains our extension $ExtSettingsExists = $false if ( Test-Path $ExtensionSettingsPath ) { $ExtSettings = Get-ItemProperty - Path $ExtensionSettingsPath - Name "ExtensionSettings" - ErrorAction SilentlyContinue if ( $ExtSettings -and $ExtSettings .ExtensionSettings -like "* $ExtensionId *" ) { $ExtSettingsExists = $true } } # Check if 3rdparty policy configuration exists $PolicyExists = ( Test-Path $PolicyPath ) -and ( Get-ItemProperty - Path $PolicyPath - Name "apiToken" - ErrorAction SilentlyContinue) if ( $ExtSettingsExists -and $PolicyExists ) { Write-Output "Velatir Firefox extension is configured" exit 0 } else { Write-Output "Velatir Firefox extension needs configuration" exit 1 }
Remediation script (Remediate-VelatirFirefox.ps1):# Configuration - UPDATE THESE VALUES $ApiToken = "your-api-token-here" $OrganizationName = "Your Organization" # Extension details $ExtensionId = "velatir@velatir.com" $InstallUrl = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi" # Registry paths $FirefoxPolicyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox" $ThirdPartyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\ $ExtensionId " # Create Firefox policy key if needed if ( -not ( Test-Path $FirefoxPolicyPath )) { New-Item - Path $FirefoxPolicyPath - Force | Out-Null } # Set ExtensionSettings as a JSON string $ExtensionSettings = @ { $ExtensionId = @ { installation_mode = "force_installed" install_url = $InstallUrl } } | ConvertTo-Json - Compress Set-ItemProperty - Path $FirefoxPolicyPath - Name "ExtensionSettings" - Value $ExtensionSettings - Type String # Create 3rdparty policy configuration if ( -not ( Test-Path $ThirdPartyPath )) { New-Item - Path $ThirdPartyPath - Force | Out-Null } Set-ItemProperty - Path $ThirdPartyPath - Name "apiToken" - Value $ApiToken - Type String Set-ItemProperty - Path $ThirdPartyPath - Name "organizationName" - Value $OrganizationName - Type String Write-Output "Velatir Firefox extension configured successfully"
As an alternative, you can deploy a policies.json file to the Firefox installation directory. Remediation script (Remediate-VelatirFirefoxJson.ps1):# Configuration - UPDATE THESE VALUES $ApiToken = "your-api-token-here" $OrganizationName = "Your Organization" $PolicyDir = "C:\Program Files\Mozilla Firefox\distribution" $PolicyFile = " $PolicyDir \policies.json" # Create distribution directory if ( -not ( Test-Path $PolicyDir )) { New-Item - Path $PolicyDir - ItemType Directory - Force | Out-Null } # Build policy - merge with existing if present $Policy = @ { policies = @ {} } if ( Test-Path $PolicyFile ) { try { $Policy = Get-Content $PolicyFile - Raw | ConvertFrom-Json - AsHashtable } catch { $Policy = @ { policies = @ {} } } } $Policy .policies.ExtensionSettings = @ { "velatir@velatir.com" = @ { installation_mode = "force_installed" install_url = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi" } } $Policy .policies . "3rdparty" = @ { Extensions = @ { "velatir@velatir.com" = @ { apiToken = $ApiToken organizationName = $OrganizationName } } } $Policy | ConvertTo-Json - Depth 10 | Set-Content - Path $PolicyFile - Encoding UTF8 Write-Output "Velatir Firefox policies.json configured successfully"
Firefox updates may remove the distribution folder. If using this method, schedule the remediation to run regularly (e.g., once per day) to ensure the file is recreated after updates.
Method C: Settings Catalog (Force Install Only) Use this method if you only need to force-install the extension without pre-configured settings. Users will need to enter their API token manually after installation.
The Intune Settings Catalog does not support Firefox extension deployment. For Firefox, use Method A or Method B.
Sign in to the Microsoft Intune admin center
Go to Devices > Configuration > Create > New policy
Select:
Platform : Windows 10 and laterProfile type : Settings catalog
Name your profile (e.g., “Velatir Chrome Extension”)
Click Add settings and search for Google Chrome
Select Google Chrome > Extensions
Enable Configure the list of force-installed apps and extensions
Add the following value:
bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
Assign to your device groups and create the profile
Create a new Settings catalog profile
Search for Microsoft Edge > Extensions
Enable Control which extensions are installed silently
Add the following value:
phgnjcoglpdamjjmidheehacjbkgkooc;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Assign to your device groups
SCCM / Configuration Manager (Windows) If your organisation uses Microsoft SCCM (ConfigMgr) instead of Intune, you can deploy the Velatir browser extension using the pre-built MSI installer that Velatir provides. No need to build anything. Just pass your API token and organisation name as properties at install time.
Contact hello@velatir.com to request the MSI installer file.
MSI Properties Property Required Description API_TOKENYes Your Velatir API token (e.g., vltr_...) ORGANIZATION_NAMEYes Your organisation’s display name shown in the extension ADDLOCALNo Comma-separated list of browsers. Defaults to all. Options: Chrome, Edge, Firefox
Step 1: Create an Application
Open the Configuration Manager Console
Navigate to Software Library > Application Management > Applications
Click Create Application > Manually specify the application information
Add a Deployment Type and select Script Installer
Set the content location to the network share containing VelatirExtension.msi
All browsers (Chrome, Edge, and Firefox): msiexec /i VelatirExtension.msi API_TOKEN=vltr_yourApiTokenHere ORGANIZATION_NAME="Your Organization" /qn
Specific browsers only (e.g., Chrome and Edge): msiexec /i VelatirExtension.msi API_TOKEN=vltr_yourApiTokenHere ORGANIZATION_NAME="Your Organization" ADDLOCAL=Chrome,Edge /qn
Uninstall command: msiexec /x VelatirExtension.msi /qn
Use a registry-based detection rule to check if the extension is already configured:
Setting Value Hive HKEY_LOCAL_MACHINEKey SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policyValue apiTokenData Type String Rule The registry setting must exist
Setting Value Hive HKEY_LOCAL_MACHINEKey SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\phgnjcoglpdamjjmidheehacjbkgkooc\policyValue apiTokenData Type String Rule The registry setting must exist
Setting Value Hive HKEY_LOCAL_MACHINEKey SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\velatir@velatir.comValue apiTokenData Type String Rule The registry setting must exist
Step 4: Deploy
Right-click the application > Deploy
Select the target Device Collection
Set purpose to Required (auto-install) or Available (self-service via Software Center)
Set a deployment schedule and complete the wizard
Updating the API Token To rotate the API token, re-deploy the MSI with the new value. Reinstalling overwrites the existing registry keys:
msiexec /i VelatirExtension.msi API_TOKEN=vltr_newTokenHere ORGANIZATION_NAME="Your Organization" /qn
The MSI writes registry keys to force-install the extension from the browser’s official store and configure managed storage with your API token. No files are copied beyond a marker in Program Files\Velatir. Uninstalling removes all registry keys cleanly.
Jamf Pro (macOS) Combined Configuration Profile (Chrome + Edge) If you deploy both Chrome and Edge, you can use a single .mobileconfig profile that handles force-install and managed storage for both browsers. Upload this to Jamf Pro as a Configuration Profile (or any MDM that supports .mobileconfig files).
Replace XXXXXXXXXXXX with your Velatir API token and Your Organization with your organisation’s display name before deploying.
velatir-browser-extension.mobileconfig
<? xml version = "1.0" encoding = "UTF-8" ?> <! DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" > < plist version = "1.0" > < dict > < key > PayloadContent </ key > < array > <!-- Chrome: Force install --> < dict > < key > PayloadType </ key > < string > com.google.Chrome </ string > < key > PayloadIdentifier </ key > < string > com.velatir.chrome.forcelist </ string > < key > PayloadUUID </ key > < string > 5ECD8344-941A-45C0-BE37-7E13BCBBBBBE </ string > < key > PayloadVersion </ key > < integer > 1 </ integer > < key > ExtensionInstallForcelist </ key > < array > < string > bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx </ string > </ array > </ dict > <!-- Chrome: Extension managed storage --> < dict > < key > PayloadType </ key > < string > com.google.Chrome.extensions.bbiokppljpbjgiogcoggjnfffbeiihja </ string > < key > PayloadIdentifier </ key > < string > com.velatir.chrome.extension.config </ string > < key > PayloadUUID </ key > < string > 5102578B-1554-4556-B895-591A7621A7F8 </ string > < key > PayloadVersion </ key > < integer > 1 </ integer > < key > apiToken </ key > < string > XXXXXXXXXXXX </ string > < key > organizationName </ key > < string > Your Organization </ string > </ dict > <!-- Edge: Force install --> < dict > < key > PayloadType </ key > < string > com.microsoft.Edge </ string > < key > PayloadIdentifier </ key > < string > com.velatir.edge.forcelist </ string > < key > PayloadUUID </ key > < string > 590735BD-010D-4C3E-BB5B-0FF9DE7577B8 </ string > < key > PayloadVersion </ key > < integer > 1 </ integer > < key > ExtensionInstallForcelist </ key > < array > < string > phgnjcoglpdamjjmidheehacjbkgkooc;https://edge.microsoft.com/extensionwebstorebase/v1/crx </ string > </ array > </ dict > <!-- Edge: Extension managed storage --> < dict > < key > PayloadType </ key > < string > com.microsoft.Edge.extensions.phgnjcoglpdamjjmidheehacjbkgkooc </ string > < key > PayloadIdentifier </ key > < string > com.velatir.edge.extension.config </ string > < key > PayloadUUID </ key > < string > 963ED0A7-556F-45A6-8F17-A0DBDF3DA264 </ string > < key > PayloadVersion </ key > < integer > 1 </ integer > < key > apiToken </ key > < string > XXXXXXXXXXXX </ string > < key > organizationName </ key > < string > Your Organization </ string > </ dict > </ array > < key > PayloadDisplayName </ key > < string > Velatir Browser Extension </ string > < key > PayloadIdentifier </ key > < string > com.velatir.browser.profile </ string > < key > PayloadType </ key > < string > Configuration </ string > < key > PayloadUUID </ key > < string > D582F777-FEBE-4B67-A3DC-35FD07F37E03 </ string > < key > PayloadVersion </ key > < integer > 1 </ integer > </ dict > </ plist >
Chrome Extension
In Jamf Pro, go to Computers > Configuration Profiles > New
Name the profile (e.g., “Velatir Chrome Extension”)
Select Application & Custom Settings > External Applications > Add
Set Source to Custom Schema or Upload
Set Preference Domain to com.google.Chrome
Upload or paste the following plist content:
<? xml version = "1.0" encoding = "UTF-8" ?> <! DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" > < plist version = "1.0" > < dict > < key > ExtensionInstallForcelist </ key > < array > < string > bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx </ string > </ array > < key > 3rdparty </ key > < dict > < key > extensions </ key > < dict > < key > bbiokppljpbjgiogcoggjnfffbeiihja </ key > < dict > < key > apiToken </ key > < string > your-api-token-here </ string > < key > organizationName </ key > < string > Your Organization </ string > </ dict > </ dict > </ dict > </ dict > </ plist >
Scope the profile to your target computers
Save the configuration profile
Edge Extension
Create a new Configuration Profile
Add Application & Custom Settings > External Applications
Set Preference Domain to com.microsoft.Edge
Use the following plist content:
<? xml version = "1.0" encoding = "UTF-8" ?> <! DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" > < plist version = "1.0" > < dict > < key > ExtensionInstallForcelist </ key > < array > < string > phgnjcoglpdamjjmidheehacjbkgkooc;https://edge.microsoft.com/extensionwebstorebase/v1/crx </ string > </ array > < key > 3rdparty </ key > < dict > < key > extensions </ key > < dict > < key > phgnjcoglpdamjjmidheehacjbkgkooc </ key > < dict > < key > apiToken </ key > < string > your-api-token-here </ string > < key > organizationName </ key > < string > Your Organization </ string > </ dict > </ dict > </ dict > </ dict > </ plist >
Scope and save the profile
Firefox Extension Firefox on macOS uses the preference domain org.mozilla.firefox and requires EnterprisePoliciesEnabled to be set to true.
Create a new Configuration Profile
Add Application & Custom Settings > External Applications
Set Preference Domain to org.mozilla.firefox
Use the following plist content:
<? xml version = "1.0" encoding = "UTF-8" ?> <! DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" > < plist version = "1.0" > < dict > < key > EnterprisePoliciesEnabled </ key > < true /> < key > ExtensionSettings </ key > < dict > < key > velatir@velatir.com </ key > < dict > < key > installation_mode </ key > < string > force_installed </ string > < key > install_url </ key > < string > https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi </ string > </ dict > </ dict > < key > 3rdparty </ key > < dict > < key > Extensions </ key > < dict > < key > velatir@velatir.com </ key > < dict > < key > apiToken </ key > < string > your-api-token-here </ string > < key > organizationName </ key > < string > Your Organization </ string > </ dict > </ dict > </ dict > </ dict > </ plist >
Scope and save the profile
The EnterprisePoliciesEnabled key must be set to true. Without it, Firefox ignores all enterprise policy configuration on macOS.
Verification Windows
Trigger an Intune sync on the device or wait for the scheduled check-in
Verify policies are applied:
Chrome : Navigate to chrome://policy and click Reload policies Edge : Navigate to edge://policy and click Reload policies Firefox : Navigate to about:policies
Verify you see:
Chrome/Edge : ExtensionInstallForcelist with the Velatir extension ID, and your configured apiToken and organizationNameFirefox : ExtensionSettings containing velatir@velatir.com with force_installed mode
Confirm the extension is installed:
Chrome : chrome://extensionsEdge : edge://extensionsFirefox : about:addons (should show “Installed by enterprise policy”)
macOS
After the Jamf profile deploys, verify the plist files exist:
# Chrome ls /Library/Managed \ Preferences/com.google.Chrome.plist # Edge ls /Library/Managed \ Preferences/com.microsoft.Edge.plist # Firefox ls /Library/Managed \ Preferences/org.mozilla.firefox.plist
Check the applied settings:
# Chrome defaults read /Library/Managed \ Preferences/com.google.Chrome # Firefox defaults read /Library/Managed \ Preferences/org.mozilla.firefox
Verify policies in the browser:
Chrome : chrome://policyEdge : edge://policyFirefox : about:policies
Confirm the extension is installed:
Chrome : chrome://extensionsEdge : edge://extensionsFirefox : about:addons
Troubleshooting Extension not installing
Windows : Verify the device has synced with Intune. Check Devices > Monitor > Device configuration status macOS : Verify the configuration profile is installed under System Settings > Privacy & Security > Profiles Firefox (macOS) : Ensure EnterprisePoliciesEnabled is set to true in the plist. Firefox ignores all policies without it.Ensure the browser is installed before the policy applies
Check the browser’s policy page for errors (chrome://policy, edge://policy, or about:policies for Firefox)
Configuration not appearing
Windows : Remediations run on a schedule. Trigger a manual sync or wait for the next runWindows : Verify the scripts are running in 64-bit PowerShell contextmacOS : Check that the preference domain matches exactly (com.google.Chrome, com.microsoft.Edge, or org.mozilla.firefox)Firefox (Windows) : If using policies.json, check that the file exists at C:\Program Files\Mozilla Firefox\distribution\policies.json. Firefox updates can remove this directory.Restart the browser after policy changes
Policy conflicts (Windows) If multiple Intune profiles configure ExtensionInstallForcelist, they may conflict. Use Remediations instead of Settings Catalog to avoid this issue, as Remediations can check for existing entries and add new ones without overwriting.
32-bit vs 64-bit context (Windows) Registry changes may be written to WOW6432Node if the script runs in 32-bit context. Always enable Run script in 64-bit PowerShell in your Remediation settings.
Intune Remediations require Windows Enterprise or Education editions. On Windows Pro devices, Remediations silently fail with no error logged. If you deployed using Remediations (Method B) and some devices are not picking up the extension, check the Windows edition with winver. Switch to Method A: MSI via Line-of-Business App for Windows Pro devices.
Browser Extension Overview General extension features and manual installation
Get API Token Set up your Velatir account and get an API token
