Google Chrome is one of the most widely used web browsers in the world. It is known for its speed, stability, and a wide variety of extensions that are available for it. As a result, many organizations have adopted Chrome as their default web browser. To manage Chrome on enterprise devices, Intune is a powerful tool that can be used to deploy and manage policies. In this blog post, we will discuss how to manage Google Chrome with Intune.

With the increasing popularity of Intune, and the ability to replace Group Policy with Device Configuration, one area needs a bit more work to be managed. Third-party applications that support the GPO model can be used with Intune by importing ADMX from the vendor. It is the case for Google products, especially Google Chrome.

We will demonstrate how to manage Google Chrome by importing Google’s admx for a similar approach as GPOs with on-prem Active Directory. We will focus on enabling Automatic Update of Google Chrome.

Prerequisites

For Windows, there are two types of policy templates: an ADM and an ADMX template. The templates show which registry keys you can set to configure Chrome, and what the acceptable values are. Chrome looks at the values set in these registry keys to determine how to act.

Make sure to select Google Update ADMX from the bottom drop list. ADM won’t work.

  • Access to Windows.admx and Windows.Adml from c:\Windows\PolicyDefinitions of a Windows 10/11 computer.
  • Download the Google ADMX from here and extract the zip file.

Import Google Chrome ADMX in Intune

ADMX must be imported in a specific order since they are prerequisites inside themself.

  • The order must be
    • Google
    • Windows.admx
      • see note below
    • Google Updater
    • Google Chrome
Windows.admx

As of today, there’s a requirement for Windows.ADMX is to be imported in Intune.

It can be found on any Windows 10/11 device under c:\Windows\PolicyDefinition

Microsoft states that this requirement will eventually go away without providing any ETA on the matter.

This is required because the Google Update and Google Chrome ADMX have a hard requirement for this ADMX.

Failure to do so will result in the following error in Intune after attempting to import any of them.

For more details, see Microsoft docs

  • Browse to Intune portal, Device/Configuration Profile, and select Import ADMX
intune google chrome
  • Click on Import ADMX
  • Specify the Google.admx and Google.adml that can be found under EN-US sub-folder
intune google chrome
  • Repeat the process for Windows.admx, GoogleChrome.admx and GoogleUpdater.admx
  • Once complete, it should look like this
intune google chrome

Create Configuration Profile for Google Chrome

The next step in managing Google Chrome with Intune is to configure Chrome policies. Chrome policies are rules that govern how Chrome behaves on devices. They can be used to configure settings like homepage, extensions, and password policies.

  • Browse to Intune portal, Device/Configuration Profile, and select Create Profile
intune google chrome
  • Select Windows 10 and later and Template for the profile type.
    • Under the template name list, select Imported Administrative Templates
  • Provide the name of the profile
intune google chrome
  • Select the settings to configure Google Chrome, in our case, managing the Update policy override to ensure the automatic update is turned on
  • When selected, details are presented with the choice to make, similar to GPO choices.

For Google Chrome automatic update, the following 2 settings are recommended to be set to Always Allow updates.

  • Google\Google Update\Applications\Update Policy Override
  • Google\Google Update\Applications\Google Chrome\Update Policy Override

For more details about Google Chrome update settings, see Google Documentation

Results

For testing purposes, we disabled Google Chrome auto updates with the following registry key.

  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update
intune google chrome
  • This change would reflect under Chrome/settings/About Chrome.

Once Device configuration is assigned and devices have synced, Google Chrome configuration for updates is now greyed out.

  • Registry keys have been updated with the values from the Device Configuration.
intune google chrome
  • Chrome/settings/about Chrome is now showing that auto-update is turned on.

For more about managing Chrome browser with Microsoft’s Intune, see Google documentation

Comments (1)

lai290498

01.05.2024 AT 02:02 AM
Wonderful Article! - tstoto