🔧 Integration Guide

​

Introduction

This document provides step-by-step instructions on integrating ExtensionTotal into your environment. ExtensionTotal offers two agent-less integration methods:

1. MDM-based (e.g. Jamf, Intune, SCCM, JumpCloud) Script Integration
2. Proxy Chaining with Secure Web Gateway / Proxy (e.g. Zscaler, Palo Alto SWG)

Choose the method that best suits your infrastructure and security policies.

---

​

Integration Method 1: MDM-Based Script Configuration

This method integrates ExtensionTotal with your machines via Mobile Device Management (MDM), using a periodic script to configure selected or automatically discovered third-party products to communicate with ExtensionTotal Firewall.

​

Jamf Guide

Prerequisites

• Access to your JAMF portal
• The configuration script provided by ExtensionTotal.
• Internet access from managed devices.

Integrations Steps

1. Set Up the Policy Script

• Navigate to Settings > Search “Scripts” > Select “Scripts” under Computer Management.
• Click on “+New” at the top right of the screen.
• Choose a Display Name and Category for the script.
  • Example: "Configure ExtensionTotal".
• Select the Script tab on the top navigation bar.
• Paste the ExtensionTotal configuration script provided through your dashboard.
• Click Save at the bottom right.

2. Set Up the Recurring Policy

• Navigate to Computers > Policies under Content Management.
• Click on “+New” at the top right of the screen.
• Choose a Display Name for the policy.
  • Example: "Configure ExtensionTotal".
• Under Trigger, select Recurring Check-in.
• Under Execution Frequency, set it to Ongoing.

3. Add the Script to the Policy

• Navigate to Scripts on the left pane.
• Click on Configure and add the script created in the previous section.

4. Configure the Scope

• Navigate to the Scope tab at the top.
• Configure the target machines or groups to apply the policy to.
• Click Save at the bottom right.

​

Intune Guide

Prerequisites

• Access to the Intune management dashboard.
• Intune remediation requires Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) or Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
• The configuration script provided by ExtensionTotal.
• Internet access from managed devices.

Integrations Steps

1. Navigate to the Scripts and Remediations Section

• Go to Devices > Manage Devices > Scripts and Remediations.
• Click Create to start creating a new policy.

2. Name the Policy

• Enter a Display Name (e.g., "ExtensionTotal Configuration") and a brief Description for the policy.
• Click Next to proceed.

3. Add the Detection Script

• Under the Detection Script tab, select the provided ExtensionTotal configuration script.
• Click Next to continue.

4. Configure Script Execution

• Ensure the option “Run this script using logged-on credentials” is set to Yes.
• Click Next.

5. Assign Scopes (Optional)

• If required, assign specific scopes to limit where the policy will apply.

6. Scope the Policy to Device Groups

• Under the Included Groups tab, select the desired group of machines to apply the policy to.
• Click Next.

7. Set the Recurrence Schedule

• Under the Schedule tab:
  • Set the frequency to Hourly, repeating every 1 hour.
• Click Apply and then Next.

8. Deploy the Policy

• Review the configuration to ensure accuracy.
• Click Create to enable and deploy the policy.

​

SCCM Guide

Prerequisites

• Access to your SCCM
• The configuration script provided by ExtensionTotal.
• Internet access from managed devices.

Integrations Steps

1. Create a Configuration Item (CI):
   • Navigate to Assets and Compliance > Compliance Settings > Configuration Items.
   • Click Create Configuration Item and give it a descriptive name (e.g., “ExtensionTotal Configuration Script”).
   • Choose Windows Desktops and Servers (Custom) for the configuration item type.
   • In the Settings tab, add a new setting:
   • Choose Script as the setting type.
   • Select PowerShell as the script language.
   • Paste ExtensionTotal’s PowerShell script in the script window.
2. Set Compliance with Minimal Focus:
   • When defining the compliance rules, configure it so that the script always passes as “compliant” if it runs successfully.
3. Create a Configuration Baseline:
   • Go to Assets and Compliance > Compliance Settings > Configuration Baselines.
   • Click Create Configuration Baseline and name it (e.g., “Recurring ExtensionTotal Configuration”).
   • Add the Configuration Item (CI) you created in the previous step.
4. Deploy the Configuration Baseline:
   • Right-click the baseline and choose Deploy.
   • Select the target device collection where the script should be run.
   • Under the Schedule tab, click on New Schedule
     • In the Custom Schedule window, select Simple Recurrence.
     • Choose Hourly from the dropdown menu.
     • Set the recurrence to 3 hours (enter “3” in the hours field).
     • Click OK to save the schedule
     • The frequency will affect the management dashboard’s remediation window and update period.
   • Enable the Remediation option so the script runs every time the baseline is evaluated, effectively making it your periodic task.

---

​

Integration Method 2: Proxy Chaining Integration

​

Palo Alto Proxy Guide

This method integrates ExtensionTotal into your environment by configuring your Palo Alto proxy to chain with ExtensionTotal’s proxy for specific URLs. Note that unless combined with an MDM integration, some ExtensionTotal capabilities will be limited; see the table at the bottom of the guide to learn more.

Prerequisites

• Access to the Palo Alto proxy management console.
• Admin privileges for proxy configuration.
• Chained proxy details and credentials are provided by ExtensionTotal.

Integration Steps

1. Identify Target URLs:

   Copy the list below of URLs and domains that should be routed through the ExtensionTotal proxy:

   https://marketplace.visualstudio.com/_apis/public/gallery
   https://marketplace.visualstudio.com/items
   https://*.vo.msecnd.net/extensions
   
   You may receive more URLs from the ExtensionTotal Dashboard..
   

2. Configure Proxy Chaining:

   • In your Palo Alto proxy, go to the Policy Management section.
   • Create a new policy for proxy chaining or modify an existing policy.
   • Add the list of URLs/domains to be routed through ExtensionTotal’s proxy.

3. Set ExtensionTotal’s Proxy as the Second Proxy:

   • Enter the ExtensionTotal proxy endpoint as the secondary proxy in the chaining configuration.

4. Apply the Policy:

   • Save and apply the policy across the relevant devices and user groups.

---

​

Capabilities Support

The following table outlines the capabilities of the platform according to the integration method.

Capability	MDM Only	Network Only	MDM + Network
VSCode Discovery	✅	✅	✅
Jetbrains Discovery	✅	✅	✅
VSCode Remediation	✅	✅	✅
JetBrains Remediation	✅	✖️	✅
VSCode Prevention (Search)	✅	✅	✅
Jetbrains Prevention (Search)	✅	✅	✅
VSCode Side-loading	✅	✅	✅
Jetbrains Side-loading	✅	✖️	✅
VSCode inside Virtual Machine	✔️ Only if MDM is installed inside the VM	✅	✅
Jetbrains inside Virtual Machine	✔️ Only if MDM is installed inside the VM	✔️ Search prevention + Discovery	✅

---

​

Support and Troubleshooting

If you encounter any issues during the integration process, please follow these steps:

1. Check Logs:

   • Review logs on your MDM or proxy to identify potential misconfigurations.
   • Confirm that the devices have internet access and the scripts are running on schedule.

2. Contact Support:

   • For MDM-related issues, ensure the correct permissions and profiles are applied to the relevant devices.
   • For proxy chaining issues, verify the chaining policy and the connectivity with the ExtensionTotal proxy.

3. Escalate to ExtensionTotal Support:

   If issues persist, contact ExtensionTotal Support:

   • Email: support@extensiontotal.com

---

​

Summary

ExtensionTotal offers two seamless, agent-less integration methods:

• MDM-based integration using a recurring script to configure settings.
• Proxy chaining with SWG to route specific domains through ExtensionTotal’s proxy.

Both methods ensure that ExtensionTotal continuously monitors and assesses potential risks without adding overhead to your environment. If you have any questions or need further assistance, our support team is ready to help.