How to install Chrome and Chrome extensions with Intune

How to install Chrome and Chrome extensions with Intune

So you hate yourself or you work in a big company. Either way, you will probably have to set up Intune at some point (assuming you use cloud-based solutions). Here's how to install Chrome and how to install Chrome extensions with Intune

Installing Chrome

Start by heading to the chrome enterprise download center and download the chrome MSI package

Download Chrome Browser for Your Business - Chrome Enterprise
Get the essential tools to deploy Chrome Browser for your enterprise. Explore bundles, MSI, policy templates and beta downloads.

Get the Intune Content Prep Tool from here and download the IntuneWinAppUtil.exe

After the file is downloaded move it to a separate folder. In the folder create a folder named Dest and one named Source. Now take the MSI file from google and move it to the Source folder.

Now your file structure should look something like this

Open IntuneWinAppUtil and put the entire path to the Source folder

You can easily get the entire path by going to your file explorer and clicking on the path field (where the arrow is pointing in the reference image below)

Now it will ask you for the setup file. Take the full name of the MSI file (including the file extension) and past that in

Then proceed to specify the output folder. So far your terminal should look like this

It will then ask you if you want to specify catalog folder put N

After all, is done hit enter and let the software do its job

Now in the Dest folder, you should see a file called googlechromestandaloneenterprise64.intunewin

All that's left now is adding it to intune.

Open Intune > Apps > Add > Win32

Proceed to upload the .intunewin file found in the Dest folder

Fill out the app information click next. Then click next again

Under requirements select Operating system architecture and check off the 64-bit box

And then select the minimum operating system

Then click next.

Under step 4 select manually configure detection rules and then click next

When it comes to dependencies you don't need any so click next again and again

Then under step 7 select the groups you wish to install chrome to. For me, I'll be putting it under All devices

And then create it

Now intune will upload and take care of chrome. Wait a couple minutes and let it finish (you will see a notification in the top right)

Managing Extensions

Now extensions are an even bigger pain. There are a couple ways of doing it but here we'll be doing it using ADMX Configuration policies.

Head on back to the chrome download center and move over to policies

Download Chrome Browser for Your Business - Chrome Enterprise
Get the essential tools to deploy Chrome Browser for your enterprise. Explore bundles, MSI, policy templates and beta downloads.

Move from Windows to Manage Policies and download the ADMX Policy template

Unzip the zip folder it gives you and then move to the following directory

policy_templates > windows > admx

Take the contents of chrome.admx and copy them for later.

Now head back to Intune and create a new configuration profile and use the custom template

Name the first profile Chrome - ADMX Ingestion

Then add a new OMA-URI row

Name the row ADMX Ingestion and set the OMA-URI to ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx

Set the data type to string and paste the contents you copied earlier from chrome.admx

Click next and assign it to the devices you want and click next then review + create.

Now we have to create a new custom profile and name it ADMX Config Now create a new row again and name it ExtensionInstallForcelist with the OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallForcelist

As for the string put in the following

<enabled/>
<data id="ExtensionInstallForcelistDesc"value="1&#xF000;ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx&#xF000;2&#xF000;hdokiejnpimakedhajhdlcegeplioahd;https://clients2.google.com/service/update2/crx"/>

Now you see where it says ppnbnpeolgkicgegkbkbjmhlideopiji and hdokiejnpimakedhajhdlcegeplioahd these are what you replace with your own extension IDs. So let us say you wanted Grammarly you'd open the extension in the chrome webstore

Note the last part of the URL (highlighted) with the random letters. This is the extension ID that you want to replace the other IDs with

After that is done click save, set it to the devices and then you're done. Next time your computer syncs with intune it'll have the extensions installed on Chrome.

If you want to check if the policy applied itself correctly you can go to the URL bar and enter chrome://policy which will bring up all the device policies set for that instance of Chrome.

This is what it should look like

Show Comments