Skip to main content

Migrate to CrowdStrike-hosted edition - Firefox

note:

This page applies to deployments running the Pangea-hosted edition of the extension, version 0.6.x.

If you're already running the CrowdStrike-hosted edition, version 1.x.x, you don't need to migrate.

The AIDR Firefox browser extension has moved from Pangea hosting to a CrowdStrike update server. This change enables

Site Access monitoring. You need to migrate only if you need Site Access rules in your browser collector policies.

The extension ID and update URL differ between editions:

Extension IDXPI URL
Oldpangea-aidr-extension@pangea.cloudhttps://pangea.cloud/firefox-aidr-extension/aidr-extension-latest.xpi
Newaidr-extension@crowdstrike.comhttps://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi

Update your deployment policies and configuration to reference the new ID and XPI URL.

What to expect

  • You might need to correlate old and new device IDs:
    • New device IDs in the collector Devices tab. Both old and new device entries appear until you remove the old entries.
    • New COLLECTOR INSTANCE ID values in Findings. During the transition, old and new device IDs appear in the COLLECTOR INSTANCE ID column on the Findings page.
    • New Collector Instance Id values in Visibility. During the transition, old and new device IDs appear as Collector Instance Id on the Visibility page.

Requirements

Before you begin, verify that the extension update URL is reachable from your target network.

  1. On a target device, open the following URL in a browser: 

    https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi
  2. Confirm that the browser displays a download prompt or an extension installation dialog.

If the URL is blocked or unreachable, update your firewall or proxy rules to allow access to the extension host domain before you proceed.

Jamf (macOS)

Jamf supports an atomic update-in-place approach. You can edit the existing configuration profile rather than creating a new one. When Jamf pushes the updated profile, macOS replaces the old ExtensionSettings and 3rdparty entries in a single operation.

Step 1 - Update configuration profile

warning:

The org.mozilla.firefox plist contains all Firefox enterprise policies, not just the AIDR extension. When you edit the plist, modify only the AIDR-related entries. Preserve all other extensions and policies.

  1. In Jamf, go to Computers > Configuration Profiles.
  2. Find the configuration profile that manages the AIDR Firefox extension.
  3. On the configuration profile page, under Options, expand Application & Custom Settings and click Upload.
  4. Click Edit.
  5. In the Upload payload for the org.mozilla.firefox preference domain, find Property List.
    1. In the plist, find the ExtensionSettings dictionary.
      1. Replace the pangea-aidr-extension@pangea.cloud key with the new extension ID: 

        aidr-extension@crowdstrike.com
      2. Replace the install_url value with the new extension URL: 

        https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi
    2. In the plist, find the 3rdparty dictionary.
      1. Replace the pangea-aidr-extension@pangea.cloud key with the new extension ID: 

        aidr-extension@crowdstrike.com
    3. In the plist, add an Extensions > Uninstall array to the top-level dictionary, alongside ExtensionSettings and 3rdparty. This forces removal of the old extension: 

      <key>Extensions</key>
      <dict>
         <key>Uninstall</key>
         <array>
             <string>pangea-aidr-extension@pangea.cloud</string>
         </array>
      </dict>
  6. Click Save.
  7. In the Redistribution Options dialog:
    1. Select Distribute to All.
    2. Click Save.
  8. Review the saved profile:
    1. Verify that the ExtensionSettings dictionary references only the new extension ID and URL:
      • aidr-extension@crowdstrike.com
      • https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi
    2. Verify that the 3rdparty > Extensions dictionary references only the new extension ID:
      • aidr-extension@crowdstrike.com
    3. Verify that no remaining entries reference pangea-aidr-extension@pangea.cloud, except under the Uninstall key.
tip:

After you confirm that the old extension is removed from all target machines, remove the Extensions > Uninstall entry from the configuration profile.

Step 2 - Verify migration

Spot-check the migration on target machines to confirm the new extension is active and configured.

To apply the profile update immediately without waiting for the next scheduled check-in, run the following command on the target machine:

sudo jamf recon
Browser

On a target machine, restart Firefox and verify that the extension is installed and configured:

  1. In Firefox, go to about:addons > Extensions.
    1. Confirm that the AIDR extension is enabled.
    2. Click the extension and confirm that it shows version 1.x.x.
    3. Confirm that AIDR version 0.6.x is not listed on the about:addons page.
  2. Go to about:policies.

    1. Under ExtensionSettings, confirm that aidr-extension@crowdstrike.com and https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi are listed with force_installed mode.

      ...
      {"aidr-extension@crowdstrike.com":{"install_url":"https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi","installation_mode":"force_installed"}}
      ...

    2. Under 3rdparty > Extensions, confirm that aidr-extension@crowdstrike.com is listed with the correct configuration values.

      • Required:
        • urlTemplate
        • registrationIdentity
      • Optional:
        • userId
        • userFullName
        • hostname
    3. Confirm that no references to pangea.cloud appear, except under Extensions > Uninstall.

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

macOS plist

Verify that no pangea-aidr-extension@pangea.cloud entries remain in the managed configuration profile, except under the Extensions > Uninstall key.

On a target machine, display the managed preferences and inspect the 3rdparty and ExtensionSettings sections:

plutil -p /Library/Managed\ Preferences/org.mozilla.firefox.plist
  1. Under ExtensionSettings, confirm that the extension ID and update URL appear with force_installed mode: 
    {
    ...
    "ExtensionSettings" => {
     ...
     "aidr-extension@crowdstrike.com" => {
        "install_url" => "https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi"
        "installation_mode" => "force_installed"
     }
    }
    }
  2. Under 3rdparty > Extensions, confirm that the extension ID (aidr-extension@crowdstrike.com) appears with the correct configuration values. 
    {
    ...
    "3rdparty" => {
     "Extensions" => {
        ...
        "aidr-extension@crowdstrike.com" => {
        "hostname" => "<computername>"
        "registrationIdentity" => "eyJzIj...YiOjF9"
        "urlTemplate" => "https://api.crowdstrike.com/aidr/aiguard"
        "userFullName" => "<fullname>"
        "userId" => "<username>"
        }
     }
    }
    }
tip:

For troubleshooting:

  • Confirm that the managed preferences file exists and is owned by root:

    ls -la /Library/Managed\ Preferences/org.mozilla.firefox.plist
    -rw-r--r--  1 root  wheel  967 Apr 26 13:21 /Library/Managed Preferences/org.mozilla.firefox.plist

Microsoft Intune (Windows)

A Microsoft Intune PowerShell script configures the AIDR extension. The script writes registry values that persist after you remove or unassign the script. To migrate, apply the new configuration, deploy the new extension, and clean up residual registry values.

Step 1 - Deploy new configuration script

Create a Platform Script with the new extension configuration. This prepares managed storage before the swap. The old extension continues to operate from its existing registry values. You remove those values separately after the swap.

Copy this script and save it as Configure-FirefoxAIDR-CrowdStrike.ps1.

Configure Firefox AIDR Extension - CrowdStrike > Configure-FirefoxAIDR-CrowdStrike.ps1
# Firefox AIDR Extension Configuration (CrowdStrike-hosted)
$ErrorActionPreference = "Stop"

try {
  # Registry path for Firefox 3rdparty extensions
  $registryPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com"

  # Create path
  if (-not (Test-Path $registryPath)) {
    New-Item -Path $registryPath -Force | Out-Null
  }

  # Set configuration values
  Set-ItemProperty -Path $registryPath -Name "registrationIdentity" `
    -Value "eyJzIj...YiOjF9 `
    -Type String -Force

  Set-ItemProperty -Path $registryPath -Name "urlTemplate" `
    -Value "https://api.crowdstrike.com/aidr/aiguard" `
    -Type String -Force

  # Use REG_EXPAND_SZ to expand %...% variables at read time

  New-ItemProperty -Path $registryPath -Name "userId" `
    -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

  New-ItemProperty -Path $registryPath -Name "userFullName" `
    -Value "%USERNAME%" -PropertyType ExpandString -Force | Out-Null

  New-ItemProperty -Path $registryPath -Name "hostname" `
    -Value "%COMPUTERNAME%" -PropertyType ExpandString -Force | Out-Null

  # Verify
  $config = Get-ItemProperty -Path $registryPath
  Write-Output "Configuration applied successfully"
  Write-Output "  - registrationIdentity: Set"
  Write-Output "  - urlTemplate: $($config.urlTemplate)"
  Write-Output "  - userId: $($config.userId)"
  Write-Output "  - userFullName: $($config.userFullName)"
  Write-Output "  - hostname: $($config.hostname)"

  Exit 0
} catch {
  Write-Error "Failed: $($_.Exception.Message)"
  Exit 1
}
tip:

You can reuse the registrationIdentity and urlTemplate values between the Pangea-hosted and CrowdStrike-hosted editions. Copy these values from the collector page in the AIDR console or from your existing configuration script.

Add a Platform Script:

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
  3. Click + Add and select Windows 10 and later.
  4. On the Add PowerShell script page:
    1. Basics > Name: Configure Firefox AIDR Extension - CrowdStrike
    2. Click Next.
    3. Script settings:
      1. Script location: Select the Configure-FirefoxAIDR-CrowdStrike.ps1 file.
      2. Run this script using the logged on credentials: No (run as System)
      3. Enforce script signature check: No
      4. Run script in 64-bit PowerShell host: Yes
    4. Click Next.
    5. Assignments: Add groups, users, or devices.
    6. Click Next.
    7. Review + create: Review script configuration.
    8. Click Create.

note:

Platform scripts don't execute immediately. Registry changes might take additional time to appear after the script runs.

To trigger the script sooner on a target device, restart the machine or restart the Intune Management Extension service:

Restart-Service -Name IntuneManagementExtension

Allow a few minutes for the script to execute after the service restart.

Step 2 - Verify configuration

Before you swap extensions, verify that the script has executed and applied the new extension configuration.

Intune admin center
  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    1. Click the AIDR script name.
    2. Verify that Device status and User status show Succeeded.
note:

Status reports update after each device check-in and might take time to reflect the latest state. Allow enough time for devices to check in before you review the results.

Windows registry

On a target machine, verify the extension configuration.

Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com"

Confirm that the output includes the managed field values.

  • Required:
    • urlTemplate
    • registrationIdentity
  • Optional:
    • userId
    • userFullName
    • hostname

Step 3 - Swap extensions in force-install policy

In a single policy edit, replace the old extension entry and configure the old extension for removal.

caution:

Firefox does not automatically uninstall an extension when you remove its entry from the ExtensionSettings JSON. The old extension becomes unmanaged but remains installed. The steps below configure both the new force-install entry and the Extensions to Uninstall policy in the same edit session.

warning:

Firefox uses a single ExtensionSettings JSON value for all force-installed extensions. The JSON you enter replaces the entire value. Extensions not included in the JSON lose their force-managed status, and users can remove them. If your organization force-installs other Firefox extensions, include them in the JSON alongside the AIDR extension entry.

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Configuration > Policies.
  3. Click the existing Administrative Templates policy that force-installs the AIDR Mozilla Firefox extension.
  4. Click Edit in the Configuration settings section.
  5. Search for Extension Management (JSON on one line). You can also manually navigate to Computer Configuration > Mozilla > Firefox > Extensions.
  6. Click the Extension Management (JSON on one line) entry that is enabled for your policy:
    1. Verify Enabled is selected.
    2. Update the JSON value: replace the old extension entry with the new one.
      Old entry to remove
      {
        "pangea-aidr-extension@pangea.cloud": {
          "installation_mode": "force_installed",
          "install_url": "https://pangea.cloud/firefox-aidr-extension/aidr-extension-latest.xpi"
        }
      }
      New entry to add
      {
        "aidr-extension@crowdstrike.com": {
          "installation_mode": "force_installed",
          "install_url": "https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi"
        }
      }
    3. Click OK.
  7. Search for Extensions to Uninstall.
  8. Click the Extensions to Uninstall entry:
    1. Select Enabled.
    2. Enter the extension ID to be removed: 
      pangea-aidr-extension@pangea.cloud
    3. Click OK.
  9. Click Review + save.
  10. Click Save.
note:

Intune notifies online devices when a policy changes. The policy update typically applies within minutes. If a device is offline, the update applies at the next scheduled check-in, up to 8 hours.

To confirm a specific device received the update:

  1. Go to Devices > All devices.
  2. Select the device.
  3. Click Sync.

After you confirm the old extension is removed across target devices, remove the Extensions to Uninstall entry to keep the policy clean.

Step 4 - Verify migration

Intune admin center
  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Configuration > Policies.
    1. Click the AIDR Administrative Templates policy that force-installs the Firefox extension.
    2. Under Device and user check-in status, confirm the policy shows Succeeded.
  3. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    1. Click the AIDR script name.
    2. Verify that Device status and User status show Succeeded.
note:

Status reports update after each device check-in and might take time to reflect the latest state. Allow enough time for devices to check in before you review the results.

Browser

On a target machine, restart Firefox and verify that the extension is installed and configured:

  1. In Firefox, go to about:addons > Extensions.
    1. Confirm that the AIDR extension is enabled.
    2. Click the extension and confirm that it shows version 1.x.x.
    3. Confirm that AIDR version 0.6.x is not listed on the about:addons page.
  2. Go to about:policies.

    1. Under ExtensionSettings, confirm that aidr-extension@crowdstrike.com and https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi are listed with force_installed mode.

      ...
      {"aidr-extension@crowdstrike.com":{"install_url":"https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi","installation_mode":"force_installed"}}
      ...

    2. Under 3rdparty > Extensions, confirm that aidr-extension@crowdstrike.com is listed with the correct configuration values.

      • Required:
        • urlTemplate
        • registrationIdentity
      • Optional:
        • userId
        • userFullName
        • hostname

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

Windows registry

  1. On a target machine, verify that the force-install policy includes the new extension.

    (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox" -Name ExtensionSettings).ExtensionSettings
    Confirm that the output includes an entry with the extension ID and update URL:
    {
      "aidr-extension@crowdstrike.com": {
          "install_url": "https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi",
          "installation_mode": "force_installed"
      }
    }

  2. On a target machine, verify the extension configuration.

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com"

    Confirm that the output includes the managed field values.

    • Required:
      • urlTemplate
      • registrationIdentity
    • Optional:
      • userId
      • userFullName
      • hostname

Step 5 - Clean up old registry values

  1. Log in to Microsoft Intune at intune.microsoft.com.
  2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
  3. Delete the old configuration Platform Script.
  4. To remove the residual registry values that the old configuration script wrote, deploy a cleanup script. Copy this script and save it as Remove-Old-FirefoxAIDR-configuration.ps1.

    Remove Configuration for old Firefox AIDR Extension > Remove-Old-FirefoxAIDR-configuration.ps1
    # Remove old AIDR Firefox extension residual registry values
    $ErrorActionPreference = "Stop"
    try {
       $oldExtensionId = "pangea-aidr-extension@pangea.cloud"

       # Remove old extension configuration
       $oldConfigPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$oldExtensionId"
       if (Test-Path $oldConfigPath) {
           Remove-Item -Path $oldConfigPath -Recurse -Force
           Write-Output "Removed old extension configuration"
       }

       Write-Output "Cleanup complete."
       Exit 0
    } catch {
       Write-Error "Failed: $($_.Exception.Message)"
       Exit 1
    }

  5. Add a Platform Script:

    1. Log in to Microsoft Intune at intune.microsoft.com.
    2. Go to Devices > Manage devices > Scripts and remediations > Platform scripts.
    3. Click + Add and select Windows 10 and later.
    4. On the Add PowerShell script page:
      1. Basics > Name: Remove Configuration for old Firefox AIDR Extension
      2. Click Next.
      3. Script settings:
        1. Script location: Select the Remove-Old-FirefoxAIDR-configuration.ps1 file.
        2. Run this script using the logged on credentials: No (run as System)
        3. Enforce script signature check: No
        4. Run script in 64-bit PowerShell host: Yes
      4. Click Next.
      5. Assignments: Add groups, users, or devices assigned to the old configuration.
      6. Click Next.
      7. Review + create: Review script configuration.
      8. Click Create.

    note:

    Platform scripts don't execute immediately. Registry changes might take additional time to appear after the script runs.

    To trigger the script sooner on a target device, restart the machine or restart the Intune Management Extension service:

    Restart-Service -Name IntuneManagementExtension

    Allow a few minutes for the script to execute after the service restart.

  6. On a target machine, verify that the old extension is no longer in the registry: 

    reg query "HKLM\SOFTWARE\Policies\Mozilla\Firefox" /s /f "pangea-aidr-extension@pangea.cloud"
    Expected output: End of search: 0 match(es) found.
  7. In the Intune admin center, delete the cleanup Platform Script.

Group Policy (Windows)

A Group Policy Object (GPO) configures the AIDR extension through Administrative Template policies, Registry Preferences, and a startup script. To migrate, update the registry items and startup script to point to the new extension, swap the ExtensionSettings policy, apply the policy, and clean up old entries.

Step 1 - Update computer-level registry items

Update the Key Path on each existing computer-level registry item to point to the new extension. The values stay the same.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Preferences > Windows Settings > Registry.
  2. For each registry item (urlTemplate, registrationIdentity, hostname):
    1. Right-click the item and select Properties.
    2. Update Key Path:

      Old key path
      SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\pangea-aidr-extension@pangea.cloud
      New key path
      SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com
    3. Click OK.

Step 2 - Update startup script

The GPO startup script writes userId and userFullName as REG_EXPAND_SZ values. Update the registry path in the script to target the new extension ID.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown).
  2. Double-click Startup, then select the Scripts tab.
  3. Click Show Files to open the SYSVOL Startup folder in Explorer.
  4. Open the AIDR startup script, such as Configure-FirefoxAIDR-UserFields.bat, in a text editor.
  5. In the script, replace the registry path in both reg add commands. The updated script should look like this:
    Configure-FirefoxAIDR-UserFields.bat
    @echo off
    REM Write user identity fields to Firefox managed storage as REG_EXPAND_SZ.
    REM The OS expands %USERNAME% per user session at read time.
    REM Double %% is a batch escape - cmd.exe reduces %% to % before passing to reg.exe.

    reg add "HKLM\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com" /v userId /t REG_EXPAND_SZ /d "%%USERNAME%%" /f
    reg add "HKLM\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com" /v userFullName /t REG_EXPAND_SZ /d "%%USERNAME%%" /f
  6. Save the script.
tip:

If your existing script uses %%USERDOMAIN%%\%%USERNAME%% for userId (common in multi-domain environments), preserve that format. The example above uses only %%USERNAME%%.

warning:

Startup scripts run only at machine boot. gpupdate /force does not trigger them. The user identity fields (userId, userFullName) appear under the new extension path only after target machines restart.

Step 3 - Update ExtensionSettings policy

Firefox uses JSON format in the ExtensionSettings administrative template policy.

Replace the old extension entry with the new one. The ExtensionSettings JSON must contain only the new extension entry for AIDR.

warning:

Firefox uses a single ExtensionSettings JSON value for all force-installed extensions. The JSON you enter replaces the entire value. Extensions not included in the JSON lose their force-managed status, and users can remove them. If your organization force-installs other Firefox extensions, include them in the JSON alongside the AIDR extension entry.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Policies > Administrative Templates > Mozilla > Firefox > Extensions.
  2. Double-click Extension Management.
  3. In the Extension Management dialog, update the JSON value. Replace the old extension entry with the new one:
    Old entry
    {
     "pangea-aidr-extension@pangea.cloud": {
        "install_url": "https://pangea.cloud/firefox-aidr-extension/aidr-extension-latest.xpi",
        "installation_mode": "force_installed"
     }
    }
    New entry
    {
     "aidr-extension@crowdstrike.com": {
        "install_url": "https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi",
        "installation_mode": "force_installed"
     }
    }
  4. Click OK.

Step 4 - Uninstall old extension

Firefox does not automatically uninstall an extension when you remove its entry from the ExtensionSettings JSON. The old extension becomes unmanaged but remains installed.

You can use the Extensions to Uninstall administrative template policy to remove the old extension from target machines.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Policies > Administrative Templates > Mozilla > Firefox > Extensions.
  2. Double-click Extensions to Uninstall.
  3. Select Enabled.
  4. Click Show next to the extension list.
  5. Add the old extension ID: 

    pangea-aidr-extension@pangea.cloud
  6. Click OK twice.

This writes to the registry at SOFTWARE\Policies\Mozilla\Firefox\Extensions\Uninstall\1.

Step 5 - Apply policy

Domain-joined machines automatically refresh Group Policy every 90 minutes, with a random offset of up to 30 minutes. Computer Configuration settings also apply at startup, and User Configuration settings at logon.

To apply the updated policy sooner, you can use one of the Group Policy update methods:

  • Run Invoke-GPUpdate from a domain controller or an admin workstation with Remote Server Administration Tools (RSAT) to remotely trigger a refresh on target machines:

    Invoke-GPUpdate -Computer "<target-machine-name>" -RandomDelayInMinutes 0 -Force

  • In the Group Policy Management console, right-click the target OU and select Group Policy Update. This creates a remote scheduled task on each computer in the OU, with up to a 10-minute random delay.

  • To test on a target machine, run:

    gpupdate /force

Step 6 - Verify migration

Spot-check the migration on a target machine to confirm that the new extension is active and configured.

Browser

On a target machine, restart Firefox and verify that the extension is installed and configured:

  1. In Firefox, go to about:addons > Extensions.
    1. Confirm that the AIDR extension is enabled.
    2. Click the extension and confirm that it shows version 1.x.x.
    3. Confirm that AIDR version 0.6.x is not listed on the about:addons page.
  2. Go to about:policies.

    1. Under ExtensionSettings, confirm that aidr-extension@crowdstrike.com and https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi are listed with force_installed mode.

      ...
      {"aidr-extension@crowdstrike.com":{"install_url":"https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi","installation_mode":"force_installed"}}
      ...

    2. Under 3rdparty > Extensions, confirm that aidr-extension@crowdstrike.com is listed with the correct configuration values.

      • Required:
        • urlTemplate
        • registrationIdentity
      • Optional:
        • userId
        • userFullName
        • hostname

  3. Open the AIDR extension from the browser toolbar and verify its status.

    After successful registration, the extension status progresses through Configured and Ready to Active.

    To confirm that the extension connects to AIDR, see Verify Deployment .

Windows registry

  1. On a target machine, verify that the force-install policy includes the new extension.

    (Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox" -Name ExtensionSettings).ExtensionSettings
    Confirm that the output includes an entry with the extension ID and update URL:
    {
      "aidr-extension@crowdstrike.com": {
          "install_url": "https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi",
          "installation_mode": "force_installed"
      }
    }

  2. On a target machine, verify the extension configuration.

    Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\aidr-extension@crowdstrike.com"

    Confirm that the output includes the managed field values.

    • Required:
      • urlTemplate
      • registrationIdentity
    • Optional:
      • userId
      • userFullName
      • hostname

Step 7 - Clean up old entries

Remove the Extensions to Uninstall policy entry
  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Policies > Administrative Templates > Mozilla > Firefox > Extensions.
  2. Double-click Extensions to Uninstall.
  3. Click Show to open the Show Contents dialog:
    1. If pangea-aidr-extension@pangea.cloud is the only entry, click Cancel to close the dialog, and select Not Configured in the Extensions to Uninstall dialog.
    2. Otherwise, remove pangea-aidr-extension@pangea.cloud, and click OK to close the dialog.
  4. In the Extensions to Uninstall dialog, click OK.
Remove old registry entries

GPO Registry Preferences don't automatically remove old registry entries when you change the Key Path. To remove them, you can create GPO-native Delete action items.

  1. In Group Policy Management Editor for AIDR policy, go to Computer Configuration > Preferences > Windows Settings > Registry.
  2. Right-click and select New > Registry Item. Use these values in the New Registry Properties dialog:
    • Action: Delete
    • Hive: HKEY_LOCAL_MACHINE
    • Key Path: 

      SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\pangea-aidr-extension@pangea.cloud
    Leave all other fields empty. This deletes the entire key and all its subkeys.
  3. Click OK.
  4. Apply the updated policy:

    Domain-joined machines automatically refresh Group Policy every 90 minutes, with a random offset of up to 30 minutes. Computer Configuration settings also apply at startup, and User Configuration settings at logon.

    To apply the updated policy sooner, you can use one of the Group Policy update methods:

    • Run Invoke-GPUpdate from a domain controller or an admin workstation with Remote Server Administration Tools (RSAT) to remotely trigger a refresh on target machines:

      Invoke-GPUpdate -Computer "<target-machine-name>" -RandomDelayInMinutes 0 -Force

    • In the Group Policy Management console, right-click the target OU and select Group Policy Update. This creates a remote scheduled task on each computer in the OU, with up to a 10-minute random delay.

    • To test on a target machine, run:

      gpupdate /force
  5. On a target machine, verify that the old entries are removed: 

    Test-Path -Path "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\pangea-aidr-extension@pangea.cloud"
    Expected output: False
  6. After you confirm cleanup across target machines, remove the temporary Delete items from the GPO to keep the configuration clean.
  7. Verify that no old policy references remain on a target machine:

    On a target machine, restart Firefox and verify that the extension is installed and configured:

    1. In Firefox, go to about:addons > Extensions.
      1. Confirm that the AIDR extension is enabled.
      2. Click the extension and confirm that it shows version 1.x.x.
    2. Go to about:policies.

      1. Under ExtensionSettings, confirm that aidr-extension@crowdstrike.com and https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi are listed with force_installed mode.

        ...
        {"aidr-extension@crowdstrike.com":{"install_url":"https://update-crx.falcon.crowdstrike.com/aidr/v1/xpi/latest.xpi","installation_mode":"force_installed"}}
        ...

      2. Under 3rdparty > Extensions, confirm that aidr-extension@crowdstrike.com is listed with the correct configuration values.

        • Required:
          • urlTemplate
          • registrationIdentity
        • Optional:
          • userId
          • userFullName
          • hostname
      3. Confirm that no references to pangea.cloud appear, except under Extensions > Uninstall.

    3. Open the AIDR extension from the browser toolbar and verify its status.

      After successful registration, the extension status progresses through Configured and Ready to Active.

      To confirm that the extension connects to AIDR, see Verify Deployment .

©2026 CrowdStrike. All rights reserved.

PrivacyTerms of UseLegal Notices