● Operator Guide

Quilr Endpoint Deployment — Standard Operating Procedure

A sequential, operator-facing runbook for deploying, validating, and troubleshooting Quilr’s endpoint security components across macOS and Windows fleets. Select a track below to launch its step-by-step wizard — each step gates the next, with Back / Next controls throughout.

Platforms macOS 12+ · Windows 10/11 MDM Intune · Jamf · Kandji · ManageEngine Audience Endpoint / IT operators

Step 1 — choose your deployment track

🛡ī¸

Endpoint Agent

System-level agent with a network/content filter (macOS) and WinDivert driver (Windows). Intercepts AI traffic for native apps and non-Chromium browsers.

Launch wizard · Step 1 →
🧩

Browser Extension

WebExtension plus a native-messaging agent for Chrome, Edge, and Safari. Covers the Chromium browsers the endpoint agent excludes.

Launch wizard · Step 1 →

Endpoint Agent — the six steps

  1. 1
    Prerequisites
    Tenant environment, supported OS, MDM admin access, network allow-list, and the install bundle.
  2. 2
    Prerequisites Validation
    Confirm every Quilr backplane host is reachable on TCP/443 and bypassed from SSL inspection.
  3. 3
    Manual Installation
    Single-device install via Terminal/CLI — trust CAs, install the package, approve extensions.
  4. 4
    Validate Manual Install
    Five per-platform checks plus a live claude.ai interception test and cert-chain verification.
  5. 5
    Installing using MDM
    Fleet rollout via Intune, Jamf Pro, Kandji, or ManageEngine Endpoint Central.
  6. 6
    Troubleshooting
    30-second triage, log paths, common failures, and the escalation diagnostic bundle.
ℹī¸
Golden rule of sequencing Always establish trust before traffic: deploy the CA certificates first, then configuration profiles, then the agent package. The agent’s leaf certificate must chain to a Quilr root already present in the system trust store before the service makes its first outbound connection.

Content mirrors the official Quilr documentation at installdocs.quilrai.dev. Always confirm tenant-specific values (tenant ID, environment hosts, MSI product code) with Quilr support before rollout.