How to Deploy Google Chrome with Intune

8 min readJan 30, 2024

Google Chrome is a free web browser for Windows users. In this post, we will show you how to deploy it for the enterprise through Microsoft Intune.

Prerequisites

Before you begin, the following criteria should be met for a Chrome deployment:

OS version : Windows 10 version 1607 or later (Enterprise, Pro or Education editions).
The application size must not be greater than 30 GB per app.
Devices must be enrolled in Intune and either:
Azure AD registered (Workplace Join)
Azure AD joined (Entra ID Joined)
Hybrid Azure AD joined

Prepare Win32 App content for Intune

Before we can add a Win32 app to Microsoft Intune for deployment, we must prepare the app by using the Microsoft Win32 Content Prep Tool.

1. Download the Microsoft Win32 Content Prep Tool from GitHub as a .zip file. Extract the zipped file we’ve the prep tool (IntuneWinAppUtil.exe), the license, a readme, and the release notes.

TeAmLdRTNfahLBjneJLPgF2W6EJ6DQQlLiOZYOrmwfJ5cs6sBRCNhogNjjds

2. Create the folders for package creation. For example, we’ve created:

D:IntuneInput: This folder is for all setup files (.exe, .msi, folders …). All files and folders in this folder will be compressed into an .intunewin file.
D:IntuneOutput: Output folder for the generated .intunewin file.
IntuneWinAppUtil.exe: Copy the extracted file to D:Intune fodder. The Intune Win32 prep tool compresses all files and folders when it creates .intunewin file. Hence, it’s important to not keep the tool in application installation source folder.

JcYkj3tK3Dgb1hhYx8UDYoj4svLQIv6yWcAHBhKxuigGo7MCdq3avafXzkSV

3. Download Google Chrome installer (.msi) from https://chromeenterprise.google/browser/download. Rename it then copy the downloaded file to D:IntuneInput folder.

dKYwuL16BJw24sU9JrnzLd8qtQtO1ZPrffaX0FhKTANPmodZ6v3oNW0ikhDy

4. Now, open the PowerShell (Terminal) and change the directory to root of the folder you created (D:Intune).

PS C:> cd D:Intune PS D:Intune> ls Directory: D:Intune Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 1/26/2024 8:39 AM Input d----- 1/26/2024 8:39 AM Output -a---- 1/26/2024 8:42 AM 55184 IntuneWinAppUtil.exe

5. Run IntuneWinAppUtil.exe and provide the required information.

IntuneWinAppUtil.exe

PS D:Intune> .IntuneWinAppUtil.exe Please specify the source folder: "D:IntuneInput" Please specify the setup file: "D:IntuneInputGoogleChrome.msi" Please specify the output folder: "D:IntuneOutput" Do you want to specify catalog folder (Y/N)?N

For instance, below is the output when we create .intunewin package for the Acrobat Reader application. But it would work for Google Chrome as well.

Gwertweccdsfsdfsdsess543453534dasvtintunesadsaE8I3dssdfsdfsdfdsaofGF65756WSr5345365fsd

When completed, you can go to the output folder to verify the intunewin package has been created.

40ajQ90iYloMkg6ETZVQc2CUi5LcmkGFNbtnYOjTfv4c00xSpfXCx9Hs3u2U

The package is ready for upload and delivery to managed devices using Microsoft Intune.

Bonus: If you don’t want to do the above steps manually. You can download the compressed file that we’ve created for this post. So, you can go to the next step immediately after downloading the intunewin package.

Download .intunewin

Deploy Google Chrome with Intune (Win32)

The package (.intunewin) has been created. Now, we can use the Microsoft Intune admin center to deploy it on the managed devices remotely and automatically.

App information

1. Login to Microsoft Intune Admin Center and navigate to Apps > All apps > Click on +Add.

2. On the flyer window at the right side of the screen, select Windows app (Win32) from the App type drop-down list and click on Select.

zMtOl1J3BX5KxkApjISmRkiLiaY62C9fcPYLkjJTazo9CVKYbJxrFrs5FDTu

3. On the App package file page, click on the browse button and select the package that you’ve converted in the previous steps. Click on OK to proceed.

7itdVGH2NN8DUcmPLWOxqqXfEnerM4NLaN2UyiF39KCrPqZEP02l1oJGprvL

4. Fill in the other details such as Application Name, Description, Publisher and version, etc. Click on Next to move to the next page.

t7d1Wlq88QyBCvIGS3TMGRB0309V4E5piRNXP9j9gIDJTSiJ5mOFzsysdULO

Program

1. The Install and Uninstall command fields are automatically populated if the package is being created from an MSI installer. If not, you can enter them manually as follows:

Install command: msiexec /i “GoogleChrome.msi” /qn
Uninstall command: msiexec.exe /x AC76BA86–7AD7–1033–7B44-AC0F074E4100 /qn

2. Device restart behavior: Select No specific action to suppress device restarts after the app has been successfully installed.

7yEGTCzGOGVjGYzUxWv1KQOVnJs4yGHS4NlQhXk11HfkkBH2MNLJ91PlCLF5

Bonus: We can use PowerShell scripts or batch files to trigger the installation. This approach will provide better control and sequence. For example:

You can update the command line to enable verbose logging.
You want to send an email after the app is installed.

Related: Visit this post to read more about using batch files instead of a single-line command in Install / Uninstall command in Intune.

Requirements

1. On the Requirements page, you need to configure the mandatory requirements at least.

Win32 Apps Requirements are rules that must met for the application to get installed.
You can specify the requirements when creating Win32 app.
The application will install only if requirements are met.

For example, we have configured the following mandatory requirements for the deployment.

Operating System architecture: 64-bit
Minimum Operating System: Windows 10 1607

SpPmruW3lGjtlPa4Lkh0GZJv5UVnCLW9oiyFbQAbZ7katymxaaVZgnstjyqc

Detection rule

1. On the Detection rules page, you need to configure at least one Detection rule.

The Intune Detection Rules are used to determine the presence of a Win32 app.
The detection rules ensure that app installation only starts if it’s not installed yet.
Related: How to use the Intune Detection Rules.

To add a Detection rule, select “Manually configure detection rules” in Rule format and click on Add link.

2. On the flyer window, you can select any one of the below detection rule types:

MSI: In most cases, the MSI product code will populate automatically. Otherwise, you need to provide the MSI product code manually.
File: Verify based on file or folder detection, date, version, or size.
Registry: Verify based on value, string, integer, or version.

XS9tLk7HUCeINNokb15nrkIGp5WG1OZvvlTIQVBcMgbNx1Dx343StnT4WN9A

Dependencies (Optional)

App dependencies are applications that must be installed before a Win32 app can be installed. Here can chain applications and it’s dependencies to get installed in a sequence. This setting is optional.

Supersedence (Optional)

In Microsoft Intune, Supersedence enables you to update and replace existing Win32 apps with newer versions of the same app or an entirely different Win32 app. This is an optional feature hence we will skip this.

Assignment

In most cases, it makes sense to choose Add all devices for the Required section of the assignments to catch all endpoints. But you can choose any specific device groups you have if you’re looking to install only on a subset of devices.

Gwertweccdsfsdfsdsess543453534dasvt9fdczhwyioo5365tertsadsaE8I3dssdfsdfsdfdsaofGF65756WSr5345365fsd

Quick snapshot about Assignment in Intune:

Available for enrolled devices: Assign the app to groups of users who can install the app from the Company Portal app or website.
Available with or without enrollment: Assign this app to groups of users whose devices are not enrolled with Intune. Users must be assigned an Intune license, see Intune Licenses.
Required: The app is installed on devices in the selected groups. Some platforms may have additional prompts for the end user to acknowledge before app installation begins.
Uninstall: The app is uninstalled from devices in the selected groups if Intune has previously installed the application onto the device via an “Available for enrolled devices” or “Required” assignment using the same deployment.

You can also configure the following settings on the Assignment page.

End User notifications
Delivery optimization priority
App Availability
App Installation deadline

We would also recommend changing the end-user notifications to hide all toast notifications unless you’re interested in getting slack messages from every single concerned user in the office about the strange installation notification they’re receiving.

QETT367VuomecMYjc8n5W1qD1CRAwLVRpAcY4ojsUob0xEK5YVvwR0fbMNNA

Review + create

Click on the Next on Assignment page to move to Review + create page. On the Review + create page, review the settings and click on Create.

You can monitor the progress from the Notification area.

PMyVLdCWAXELNEqSWJM93BfBcNep31GRDyHYOXOSccrcvOa8DuyHGiLBdsgM

Sync devices with Intune

Once the app is created, it will be installed on the managed devices on the next time they check in with Intune. For quick check in, you can restart a managed device or run the below command to force sync.

Restart-Service -Name IntuneManagementExtension

For instance, below is the Intune app installation log. The log files can be found in the following location:

C:ProgramDataMicrosoftIntuneManagementExtensionLogsIntuneManagementExtension.log

# The log is truncated... [Win32App] EMS Agent initialization is done. [Win32App] Requesting required apps [Win32App] ProcessDetectionRules starts [Win32App] DetectionType 1 [Win32App] Checked ProductCode D6A094C3-CCA3-3A5F-A94A-992AD572559D, Cannot find, applicationDetected: False [Win32App] [DetectionActionHandler] Detection status: Success and detection state: NotDetected. [Win32App] Downloading app on session 1. App: ebeaf7bc-c3d2-4ee0-8e55-e7bfd27a6253 [EnvironmentHelper] osVersion with revision is 10.0.22631.3085 [Win32App] Get content info from Intune [StatusService] Downloading app (id = ebeaf7bc-c3d2-4ee0-8e55-e7bfd27a6253, name Google Chrome) [Win32App] Start unzipping. [Win32App] Downloaded file size 116,199,201.00 [Win32App] Prepare msi cmdline [Win32App] InstallBehavior RegularWin32App, UninstallCommandLine msiexec /x "D6A094C3-CCA3-3A5F-A94A-992AD572559D" /qn [Win32App] prepare msi cmdline for system context [Win32App] msiexec /i "GoogleChrome.msi" /qn ALLUSERS=1 REBOOT=ReallySuppress /norestart [Win32App] Launch Win32AppInstaller in machine session [Win32App] Create installer process successfully. [Win32App] Installation is done, collecting result [Win32App] lpExitCode 0 [Win32App] hResultFromWin32 0 [Win32App] Set EnforcementStateMessage.ErrorCode 0 [Win32App] lpExitCode is defined as Success [Win32App] DeviceRestartBehavior: 2 [Win32App] Close handle [Win32App] Results are successfully sent.

Tracking deployment in Intune

With Intune, you can also track the progress of any deployment. To do it, go to Microsoft Intune admin center > Apps > All apps and click the app from the list. The items from the left-hand menu allow you to access various deployment progress information:

Overview — here you can get general information on installation status for devices and users in the form of charts.
Device install status & User install status — allow you to view the install status lists showing specific devices and users.
Finally, by clicking Properties, you can edit your app deployment policy.