Skip to main content

Deploy Nudge Browser Extension through Intune

A guide for Intune customers to deploy the Nudge Browser Extension to MacOS and Windows devices.

Velizar Demirev avatar
Written by Velizar Demirev
Updated over 3 weeks ago

Windows

To deploy to Windows devices, follow the steps by browser below. Create one policy per browser type. Do not combine multiple browser types in one policy.

Existing force-installed extensions

Follow these instructions if you already have a force install list. Be sure to use the same force install list for each browser to prevent policy conflicts during deployment.

  1. Go to DevicesManaged DevicesConfiguration and search for your existing browser force install list. If you currently have extensions force installed, Each browser type should have its own force install list.

  2. Go to Configuration Settings in the profile and click Edit.

  3. Open the setting Configure list of force-installed apps and extensions.

    1. For all Chromium-based browsers (Chrome, Edge, Brave, etc.,) add the following:

      1. Extension ID:diaecjfdpohehjhliaephjnpnlmeajfa

      2. Update URL: https://clients2.google.com/service/update2/crx

    2. For Firefox browsers, add in the Firefox add the following:

      1. Extension ID: nudge-security-browser-helper@nudge.security

      2. Update URL: https://addons.mozilla.org/firefox/downloads/latest/nudge-security-browser-helper/latest.xpi

  4. Next, create a registry entry to configure the deployment key.

    1. Go to Script and Remediations, click Add, and add then select Windows.

    2. In the new template, add a name (e.g., Nudge Security Google Chrome Registry Settings).

    3. Next, upload the Powershell script from Step 2 in the Nudge Deployment Instructions (configure the deployment key) into the Script location.

    4. For the remaining settings, ensure the following settings are configured:

      1. Run as logged‑on user = No

      2. Signature check = No

      3. 64‑bit host = Yes

    5. Next, select the device groups you’d like to assign the extension to.

    6. Review and confirm your settings.

    7. Click Save.

New deployments

If this is your first time force-installing a browser extension through Intune, follow the instructions below.

Chrome

  1. In Intune, go to DevicesManaged DevicesConfigurationCreateNew Policy.

  2. Select Windows as your target platform and Settings catalog as the Profile type. Then click the Create button.

  3. Enter a name (e.g., Nudge Security) for the profile, and a description if required, then click Next.

  4. In the Setting picker, add the Configure the list of force‑installed apps and extensions by clicking Google Chrome → Extensions → Configure the list of force‑installed apps and extensions. Note that each browser should have it’s own policy, do not add multiple settings for multiple browsers.

  5. Toggle the Configure the list of force-installed apps to Enabled. Paste the following string into the value field: diaecjfdpohehjhliaephjnpnlmeajfa;<https://clients2.google.com/service/update2/crx>

  6. Click Next at the bottom of the page and set any scope tags you require.

  7. On the following page, assign target groups or apply to all users and groups, if required. Click Next.

  8. On the final page, review the profile for any errors and finally click Create.

  9. Next, create a registry entry to configure the deployment key. Go to Script and Remediations, click Add, and add then select Windows.

  10. In the new template, add a name (e.g., Nudge Security Google Chrome Registry Settings).

  11. Use the PowerShell script Nudge Security provides to configure the deployment policy. In Nudge Security, go to Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management → Select just Chrome → Confirm Browsers → Step 2: Configure Deployment Policy → Download PowerShell script.

  12. Upload the script into the Script location.

  13. For the remaining settings, ensure the following settings are configured:

    1. Run as logged‑on = No.

    2. Signature = No.

    3. 64‑bit = Yes.

  14. Next, select the device groups you’d like to assign the extension to.

  15. Review and confirm your settings.

  16. Click Save.

Edge

  1. In Intune, go to DevicesManaged DevicesConfigurationCreateNew Policy.

  2. Select Windows as your target platform and Settings catalog as the Profile type. Then click the Create button.

  3. Enter a name (e.g., Nudge Security) for the profile, and a description if required, then click Next.

  4. In the Setting picker, search for the browser you’re looking to deploy to, select the right settings and then click X at the top right. Each browser should have it’s own policy - do not add multiple setting select for different browsers to the same policy.

  5. In the Setting picker, add the Control which extensions are installed silently by clicking Edge → Microsoft Edge\Extensions → Control which extensions are installed silently. Note that each browser should have it’s own policy, do not add multiple settings for multiple browsers.

  6. Toggle the Control which extensions are installed silently to Enabled. Paste the following string into the value field: diaecjfdpohehjhliaephjnpnlmeajfa;<https://clients2.google.com/service/update2/crx>

  7. Click Next at the bottom of the page and set any scope tags you require.

  8. On the following page, assign target groups or apply to all users and groups, if required. Click Next.

  9. On the final page, review the profile for any errors and finally click Create.

  10. Next, create a registry entry to configure the deployment key. Go to Script and Remediations, click Add, and add then select Windows.

  11. In the new template, add a name (e.g., Nudge Security Microsoft Edge Registry Settings).

  12. Use the PowerShell script Nudge Security provides to configure the deployment policy. In Nudge Security, go to Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management → Select just Edge → Confirm Browsers → Step 2: Configure Deployment Policy → Download PowerShell script.

  13. Upload the script into the Script location.

  14. For the remaining settings, ensure the following settings are configured:

    1. Run as logged‑on = No.

    2. Signature = No.

    3. 64‑bit = Yes.

  15. Next, select the device groups you’d like to assign the extension to.

  16. Review and confirm your settings.

  17. Click Save.

Brave

Unlike Chrome and Edge, Intune does not have built-in templates for Brave. Thus, you’ll need to import the Brave templates into Intune before proceeding.

  1. Follow the steps below to pull in Brave .admx into Intune:

    1. To begin, get the required files from Brave. Download the policy_templates.zip file.

    2. Extract the policy files. Remember the location of these files as you'll be importing them into Intune in the following steps.

    3. In Microsoft Endpoint Manager, select Devices > Configuration > Import ADMX > Import.

  2. In Intune, go to DevicesManaged DevicesConfigurationCreateNew Policy.

  3. Select Windows as your target platform and Templates as the Profile type. Then search and click on Imported Administrative Templates. Then click the Create button.

  4. Enter a name (i.e. Nudge Security Extension Brave Installation) for the profile, and a description if required, then click Next.

  5. Select Computer Configuration and then, in the Setting name listing, go to Brave → Brave → Extensions → Configure the list of force-installed apps and extensions.

  6. When a page opens on the right side of your screen, scroll down, click the Enabled radio button, and paste the following string into the value field and then click OK: diaecjfdpohehjhliaephjnpnlmeajfa;<https://clients2.google.com/service/update2/crx>

  7. Click Next at the bottom of the page and set any scope tags you require.

  8. On the following page, assign target groups or apply to all users and groups, if required. Click Next.

  9. On the final page, review the profile for any errors and finally click Create.

  10. Next we need to create a registry entry to configure the deployment key. Head to Script and Remediations, click Add, and add then select Windows.

  11. In the new template, add a name (e.g., Nudge Security Brave Registry Settings).

  12. Use the PowerShell script Nudge Security provides to configure the deployment policy. In Nudge Security, go to Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management → Select just Brave → Confirm Browsers → Step 2: Configure Deployment Policy → Download PowerShell script.

  13. Upload the script into the Script location.

  14. For the remaining settings, ensure the following settings are configured:

    1. Run as logged‑on = No.

    2. Signature = No.

    3. 64‑bit = Yes.

  15. Next, select the device groups you’d like to assign the extension to.

  16. Review and confirm your settings.

  17. Click Save.

Firefox

Unlike Chrome and Edge, Intune does not have built-in templates for Firefox. Thus, you’ll need to import the Firefox templates into Intune before proceeding.

  1. Follow the steps below to pull in Firefox .admx into Intune:

    1. Get the required files from Mozilla. Download the policy_templates_vX.YY.zip file associated with the latest release.

    2. Extract the policy files. Remember the location of these files as you'll be importing them into Intune in the next step.

    3. In Microsoft Endpoint Manager, select Devices > Configuration Profiles > Import ADMX > Import.

    4. Import the ADMX templates. This is a two-part process because you need to import both the mozilla.* and firefox.* templates. First, click on the ADMX file selector and browse to the location where the policy templates were extracted. Select and import mozilla.admx. Next, in the ADML file selector, locate the mozilla.adml file underneath the language locale policy templates folder. Finally, click Next and then Create on the subsequent screen.

    5. Next, repeat the previous steps, but import the firefox.admx and firefox.adml template files instead.

  2. In Intune, go to DevicesManaged DevicesConfigurationCreateNew Policy.

  3. Select Windows as your target platform and Templates as the Profile type. Then search and click on Imported Administrative Templates. Then click the Create button.

  4. Enter a name (i.e. Nudge Security Extension Firefox Installation) for the profile, and a description if required, then click Next.

  5. Select Computer Configuration and then, in the Setting name listing, go to Mozilla → Firefox → Extensions → Extensions to Install.

  6. When a page opens on the right side of your screen, scroll down, click the Enabled radio button, and paste the following string into the value field and then click OK: https://addons.mozilla.org/firefox/downloads/latest/nudge-security-browser-helper/latest.xpi

  7. Next, click on the Prevent extensions from being disabled or removed setting. Click the Enabled radio button, and paste the following string into the value field and then click OK: nudge-security-browser-helper@nudge.security

  8. Click Next at the bottom of the page and set any scope tags you require.

  9. On the following page, assign target groups, or set it to apply to all users and groups, if required. Click Next.

  10. On the final page, review the profile for any errors and finally click Create.

  11. Next we need to create a registry entry to configure the deployment key. Head to Script and Remediations, click Add, and add then select Windows.

  12. In the new template, add a name (e.g., Nudge Security Mozilla Firefox Registry Settings).

  13. Use the PowerShell script Nudge Security provides to configure the deployment policy. In Nudge Security, go to Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management → Select just Firefox → Confirm Browsers → Step 2: Configure Deployment Policy → Download script.

  14. Upload the script into the Script location.

  15. For the remaining settings, ensure the following settings are configured:

    1. Run as logged‑on = No.

    2. Signature = No.

    3. 64‑bit = Yes.

  16. Next, select the device groups you’d like to assign the extension to.

  17. Review and confirm your settings.

  18. Click Save.

MacOS

Existing force-installed extensions

Follow these instructions if you already have a force install list for browsers. Be sure to use the same force install list for each browser to prevent policy conflicts during deployment.

  1. Go to DevicesManaged DevicesConfiguration and search for your existing browser force install list. If you currently have extensions force installed, Eeach browser type should have its own force install list.

  2. Go to Configuration Settings in the profile and click Edit.

  3. Open the setting Configure list of force-installed apps and extensions.

    1. For all Chromium-based browsers (Chrome, Edge, Brave, etc.,) add the following:

      1. Extension ID:diaecjfdpohehjhliaephjnpnlmeajfa

      2. Update URL: https://clients2.google.com/service/update2/crx

    2. For Firefox browsers, add in the Firefox add the following:

      1. Extension ID: nudge-security-browser-helper@nudge.security

      2. Update URL: https://addons.mozilla.org/firefox/downloads/latest/nudge-security-browser-helper/latest.xpi

  4. Next, create a registry entry to configure the deployment key.

    1. Next, we’ll configure the deployment policy. Create a new profile by heading to Devices → macOS → Configuration profiles → Create profile.

    2. Add a name (e.g., Nudge Security Google Chrome MacOS Registry Settings).

    3. Set preference domain name to: com.google.Chrome.extensions.diaecjfdpohehjhliaephjnpnlmeajfa

    4. Head to the Nudge app and grab the deployment policy PLIST file by going to Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management → select your browser → MacOS. Download the PLIST file in Step 2 of the instructions.

    5. Upload the Install Extension PLIST linked below, before upload replace the string DEPLOYMENT_KEY_HERE with your key copied from the Nudge application earlier.

      Download PLIST

    6. Assign groups/devices as required.

    7. Sync devices with Intune as desired and/or use Company Portal on targeted devices to force a sync/check-in while testing the policy deployments.

New deployments

To deploy the Nudge browser extension to macOS devices through Microsoft Intune, you’ll use two configuration profiles generated by Nudge:

  1. Install Extension PLIST – installs and force-enables the Nudge extension.

  2. Configure Deployment Key PLIST – associates the installed extension with your Nudge instance via your organization’s unique deployment key.

You can find both files in Nudge → Settings → Browser Extension → Enroll New Users → Managed Deployment → Device Management, then select your browser.

  • Step 1: Download the “Install Extension” PLIST.

  • Step 2: Copy the "Deployment Key" value in the PLIST file.

Each browser has its own configuration requirements described below.

Chrome

  1. In Intune, go to Devices → macOS → Configuration → Create → New Policy

  2. Set Profile type to Templates and Category to Preference file.

  3. Add a name (e.g., Nudge Security Google Chrome MacOS Install)

  4. Set preference domain name to: com.google.Chrome

  5. Upload the Install Extension PLIST below:

    Download PLIST

  6. Assign groups/devices as required.

  7. Next, we’ll configure the deployment policy. Create a new profile by heading to Devices → macOS → Configuration profiles → Create profile.

  8. Add a name (e.g., Nudge Security Google Chrome MacOS Registry Settings).

  9. Set preference domain name to: com.google.Chrome.extensions.diaecjfdpohehjhliaephjnpnlmeajfa

  10. Upload the Install Extension PLIST linked below, before upload replace the string DEPLOYMENT_KEY_HERE with your key copied from the Nudge application earlier

    Download PLIST

  11. Assign groups/devices as required

  12. Sync devices with Intune as desired and/or use Company Portal on targeted devices to force a sync/check-in while testing the policy deployments

Edge

  1. In Intune, go to Devices → macOS → Configuration profiles → Create profile.

  2. Set Profile type to Settings Catalog and Category to Microsoft Edge > Control which extensions are installed silently.

  3. Past in the following value for Edge and check the box.

    diaecjfdpohehjhliaephjnpnlmeajfa;<https://clients2.google.com/service/update2/crx>

  4. Next, we’ll configure the deployment policy. Create a new profile by heading to Devices → macOS → Configuration profiles → Create profile.

  5. Add a name (e.g., Nudge Security Microsoft Edge MacOS Registry Settings)

  6. Set preference domain name to: com.microsoft.Edge.extensions.diaecjfdpohehjhliaephjnpnlmeajfa

  7. Upload the Configure Extension PLIST below, before upload replace the string DEPLOYMENT_KEY_HERE with your key copied from the Nudge application earlier

    Download PLIST

  8. Assign groups/devices as required.

  9. Sync devices with Intune as desired and/or use Company Portal on targeted devices to force a sync/check-in while testing the policy deployments.

Firefox

Firefox requires that managed storage be defined separately from the extension bundle itself for security purposes.

  1. In Intune, navigate to Devices → macOS → Configuration → Create → New Policy

  2. Set Profile type to Templates and Category to Preference file.

  3. Add a name (e.g., Nudge Security Mozilla Firefox MacOS Install)

  4. Set preference domain name to: org.mozilla.firefox

  5. Upload the Extension PLIST linked below

    Download PLIST

  6. Assign groups/devices as required

  7. Next, we’ll configure the deployment policy. Create a new profile by heading to Devices → macOS → Scripts → Add.

  8. Add a name (e.g., Nudge Security Mozilla Firefox MacOS Registry Settings)

  9. In Step 2B of the instruction in the Nudge product, you will find a Bash script that you can download, upload it into this policy.

    1. Run script as signed-in user = No

    2. Hide secript notifications on devices = Yes

    3. Script Frequency = Every 1 day

  10. Assign groups/devices as required

  11. Sync devices with Intune as desired and/or use Company Portal on targeted devices to force a sync/check-in while testing the policy deployments

Brave

  1. In Intune, navigate to Devices → macOS → Configuration profiles → Create profile.

  2. Set Profile type to Templates and Category to Preference file.

  3. Add a name (e.g., Nudge Security Brave MacOS Install).

  4. Set preference domain name to: com.brave.Browser

  5. Upload the Install Extension PLIST:

    Download PLIST

  6. Assign groups/devices as required.

  7. Next, we’ll configure the deployment policy. Create a new profile by heading to Devices → macOS → Configuration profiles → Create profile.

  8. Add a name (e.g., Nudge Security Brave MacOS Registry Settings)

  9. Preference domain name: com.brave.Browser.extensions.diaecjfdpohehjhliaephjnpnlmeajfa

  10. Upload the Configure Extension PLIST below, before upload replace the string DEPLOYMENT_KEY_HERE with your key copied from the Nudge application earlier.

    Download PLIST

  11. Assign groups/devices as required.

  12. Sync devices with Intune as desired and/or use Company Portal on targeted devices to force a sync/check-in while testing the policy deployments.

Final Notes on MacOS

  • Both PLISTs (only one for Firefox) must be deployed for the extension to function properly.

  • If only the “Install Extension” PLIST is applied, the extension will install but remain unlinked from your organization’s Nudge instance.

  • After deployment, it may take some time for the configuration to sync to devices and take effect. Also, restarting the the browser is often needed for it to consume the new policy.

Verifying installation

Once the extension is installed and configured, you will start to see users showing as Connected in Browser Extension settings page in Nudge. The user discovery process may take up to 72 hours. To manually verify a successful installation and configuration, use the following steps:

Chrome, Edge, and Brave

Verify Extension Installation

Navigate to chrome://extensions in Google Chrome to check if the Nudge Browser extension appears on the list. If the extension is not listed, see the following section for checking the ExtensionInstallForceList.

Verify Extension Deployment Policy Access

Open the extension’s status page by navigating to: chrome-extension://diaecjfdpohehjhliaephjnpnlmeajfa/options.html. Check the deployment status:

  • “Configured” → The extension is fully installed and operational.

  • “Waiting for User” → The extension is still in the user discovery process.

  • “NO_DEPLOYMENT_KEY” → There is an issue with the deployment policy.

Firefox

Verify Extension Installation

Navigate to about:addons in Firefox to check if the Nudge Browser extension appears on the list. If the extension is not listed, see the following section for checking the ExtensionSettings.

Verify Extension Deployment Policy Access

Open the extension’s status page by navigating to: about:addons, find "Nudge Security Browser Extension" and click on "Preferences."

  • “Configured” → The extension is fully installed and operational.

  • “Waiting for User” → The extension is still in the user discovery process.

  • “NO_DEPLOYMENT_KEY” → There is an issue with the deployment policy.

Troubleshooting

Check the ExtensionInstallForceList Policy: Go to chrome://policy and locate the ExtensionInstallForceList policy. If the extension appears in the list, but is not installed, restart Chrome and try again. If the extension does not appear, check for possible policy conflicts in the next step.

Resolve Policy Conflicts: Policy conflicts can occur when ‘ExtensionInstallForceList’ is being initialized in two places. To resolve:

  • Consolidate all force-installed extensions into a single configuration entry in your MDM or Group Policy settings.

  • Ensure there are no duplicate or conflicting entries.

Validate Deployment Policy Configuration: Go to chrome://policy, scroll down to the section "Nudge Security Browser Extension" and confirm that the policy is correctly applied. If not, return to the deployment key policy in Intune to verify the format and preference domain have been entered in correctly.

If you still need assistance after following this guide, feel free to reach out to Nudge support through the Intercom chat in the bottom right of your screen.

Did this answer your question?