Google Chrome has carved a niche for itself as one of the world’s most popular web browsers, known for its speed, stability, and an extensive range of available extensions. As a result, numerous enterprises have adopted Chrome as their standard web browser. To manage Chrome across enterprise devices, Intune stands as a potent tool, enabling the deployment and management of policies. This blog post will delve into the specifics of managing Google Chrome using Intune.
With Intune’s growing popularity and its ability to supplant Group Policy with Device Configuration, managing certain areas, such as third-party applications that support the GPO model, requires a touch more effort. This can be achieved in Intune by importing ADMX from the vendor, which is the case for Google products, particularly Google Chrome.
We will illustrate how to manage Google Chrome by importing Google’s ADMX for a comparable approach as GPOs with on-prem Active Directory. Our focus will be on enabling Automatic Update of Google Chrome.
For Windows, two types of policy templates exist: an ADM and an ADMX template. These templates indicate which registry keys can be set to configure Chrome and what the valid values are. Chrome examines the values set in these registry keys to determine its behavior.
Ensure you select Google Update ADMX from the dropdown list. ADM will not work.
Access to Windows.admx and Windows.Adml from c:\Windows\PolicyDefinitions on a Windows 10/11 computer. Download the Google ADMX from here and unzip the file.
IMPORT GOOGLE CHROME ADMX IN INTUNE
ADMX must be imported sequentially as they have built-in prerequisites.
- The import order should be:
- Google Updater
- Google Chrome
Currently, importing Windows.ADMX into Intune is necessary. This file is located on any Windows 10/11 device under c:\Windows\PolicyDefinition. Microsoft has declared that this requirement will be phased out eventually, but no ETA has been provided. This requirement exists because the Google Update and Google Chrome ADMX have a strict dependence on this ADMX. Failure to follow this step will lead to an error in Intune when trying to import any of them.
For more information, refer to Microsoft docs
- Navigate to the Intune portal, Device/Configuration Profile, and select Import ADMX
- Click on Import ADMX
- Specify the Google.admx and Google.adml located in the EN-US sub-folder
- Repeat this procedure for Windows.admx, GoogleChrome.admx and GoogleUpdater.admx
- Once completed, the configuration should appear as shown
CREATE CONFIGURATION PROFILE FOR GOOGLE CHROME
The subsequent step in managing Google Chrome with Intune involves configuring Chrome policies. Chrome policies are rules dictating Chrome’s behavior on devices, and they can be employed to configure settings such as homepage, extensions, and password policies.
- Navigate to the Intune portal, Device/Configuration Profile, and select Create Profile
- Select Windows 10 and later and Template for the profile type.
- Under the template name list, select Imported Administrative Templates
- Provide a name for the profile
- Choose the settings to configure Google Chrome. In our case, we’re managing the Update policy override to ensure automatic update is activated.
- Upon selection, a detailed description will be provided, similar to GPO choices.
- To enable Google Chrome automatic update, we recommend the following 2 settings be set to Always Allow updates:
Google\Google Update\Applications\Update Policy Override Google\Google Update\Applications\Google Chrome\Update Policy Override For more details about Google Chrome update settings, refer to Google Documentation
For testing purposes, we disabled Google Chrome auto updates with the following registry key.
- This modification would be visible under Chrome/settings/About Chrome.
Once the Device configuration is assigned and devices have synced, the Google Chrome configuration for updates is now inaccessible.
- Registry keys have been updated with the values from the Device Configuration.
- Chrome/settings/about Chrome now shows that auto-update is activated.
For more on administering the Chrome browser with Microsoft’s Intune, see Google documentation