InvestigAItor

MDM Deployment (Intune)

Deploy InvestigAItor to cloud-managed Windows, macOS, and ChromeOS devices using Microsoft Intune or any MDM that supports Chrome/Edge extension policies.

Tip: Sign in to the admin dashboard and refresh this page to see your enrollment key pre-filled.

Prerequisites

  • Microsoft Intune (or equivalent MDM) with device management enabled
  • Chrome or Edge installed on target devices
  • Your Enrollment Key from the InvestigAItor admin dashboard (Settings → General)

Step 1: Create a Configuration Profile

  1. Sign in to the Microsoft Intune admin center
  2. Go to Devices → Configuration profiles → Create profile
  3. Select:
    • Platform: Windows 10 and later
    • Profile type: Settings catalog
  4. Name it InvestigAItor Extension

Step 2: Add the force-install policy

  1. In the Settings catalog, click Add settings
  2. Search for Configure the list of force-installed extensions (under Google Chrome → Extensions, or Microsoft Edge → Extensions)
  3. Enable the setting and add:
ncibbcpcjhieaffkncaeemcfihlhkcdg;https://investigaitor.org/extension-update.xml

Step 3: Add managed configuration (silent enrollment)

  1. Search for Extension management settings in the same Settings catalog
  2. Enable it and paste the following (single line):
{"ncibbcpcjhieaffkncaeemcfihlhkcdg":{"installation_mode":"force_installed","update_url":"https://investigaitor.org/extension-update.xml","managed_config":{"enrollmentKey":"YOUR_ENROLLMENT_KEY","userName":"%USERNAME%","deviceName":"%COMPUTERNAME%"}}}

Formatted version for reference:

{
  "ncibbcpcjhieaffkncaeemcfihlhkcdg": {
    "installation_mode": "force_installed",
    "update_url": "https://investigaitor.org/extension-update.xml",
    "managed_config": {
      "enrollmentKey": "YOUR_ENROLLMENT_KEY",
      "userName": "%USERNAME%",
      "deviceName": "%COMPUTERNAME%"
    }
  }
}

Replace YOUR_ENROLLMENT_KEY with the enrollment key from your admin dashboard.

What the variables do:

Variable
Purpose
%USERNAME%
Logged-in username for billing and activity attribution
%COMPUTERNAME%
Machine hostname for device identification
userEmail
Optional. Falls back to Chrome profile email if not set.

Step 4: Assign and deploy

  1. Click Next through Scope tags
  2. Under Assignments, select the device groups you want to deploy to
  3. Review and click Create

Step 5: Verify

  • In Intune: Check the profile's deployment status under Monitor → Device status
  • On the device: Open chrome://policy. Confirm ExtensionInstallForcelist is present
  • In the dashboard: Go to Devices. The machine should appear within a few minutes

Other MDM platforms

Any MDM that supports Chrome browser extension policies can deploy InvestigAItor using the same force-install value and managed config JSON above.

Google Workspace (ChromeOS)

  1. Go to admin.google.com
  2. Navigate to Devices → Chrome → Apps & extensions → Users & browsers
  3. Click +Add Chrome app or extension by ID
  4. Enter: ncibbcpcjhieaffkncaeemcfihlhkcdg
  5. Set installation policy to Force install
  6. Under Policy for extensions, add the managed config JSON with your enrollment key

Incognito and Guest mode

To enable monitoring in Incognito, add the extension ID to the Allow Incognito policy in your Intune settings catalog (under Google Chrome → Extensions). To prevent bypass via Guest mode, set Browser Guest Mode to Disabled in Chrome device policies.

Having issues? See the Troubleshooting page.