Intune Auto-Update Google Chrome

In this post, I’ll walk you through the process of setting up automatic updates for Google Chrome using Intune. As an Intune administrator, it’s crucial to ensure that all enrolled devices remain secure. Managing Chrome updates effectively is essential to maintain security, stability, and optimal performance.

This will be a series on enabling automatic updates for various web browsers.

Prerequisite:

• Windows ADMX template W10 22h2 - W11 22h2
• Google Chrome ADM-/ADMX-templates & Google Updater ADMX-template

Steps

We need to import both Google/Chrome and Windows ADMX files into Intune. That’s because Chrome still requires the Windows ADMX template.

Windows ADMX templates

1. Download the Windows ADMX template for the right operating system version
2. Run the .msi package to extract the templates
3. The packages will be extracted to: C:\Program Files (x86)\Microsoft Group Policy\

Google Chrome ADMX templates

1. Download both “Chrome ADM/ADMX templates” and “Google updater ADMX template update”
2. Extract both zip files to a easy findable place

Importing ADMX into intune

1. Go to the Intune dashboard
2. Go to “Devices”
3. Go to “Configuration”
4. On the “Configuration” page you will find “Import ADMX” at the top of the page, click on this button

5. Click on “Import”

   Info Notice: We first need to import the Windows ADMX before importing the Google.admx template.

Windows ADMX Import:

1. Click on “select an .admx file” and find the windows.admx inside the following folder: \PolicyDefinitions of the extracted .msi Windows admx template file

2. Click on “Select an .adml file” and select the language folder you want (In my case en-US) and find Windows.adml in this folder

   It should look like this:

Google ADMX Import:

1. Click on Import once again
2. Click on “select an .admx file” and find the google.admx inside the following folder: policy_templates\windows\admx of the extracted Google ADMX .zip file

3. Click on “Select an .adml file” and select the language folder you want (In my case en-US) and find google.adml in this folder

   It should look like this:

Chrome ADMX Import:

1. Click on Import once again
2. Click on “select an .admx file” and find the chrome.admx inside the following folder: policy_templates\windows\admx of the extracted Google ADMX .zip file

3. Click on “Select an .adml file” and select the language folder you want (In my case en-US) and find chrome.adml in this folder

   It should look like this:

Google Updater ADMX Import:

1. Click on Import once again
2. Click on “select an .admx file” and find the GoogleUpdate.admx inside the following folder: googleupdateadmx\GoogleUpdateAdmx of the extracted Google Updater ADMX .zip file

3. Click on “Select an .adml file” and select the language folder you want (In my case en-US) and find GoogleUpdate.adml in this folder

   It should look like this:

Device configuration:

1. Go to Configuration profiles and create a new policy
2. By platform choose “Windows 10 and later” and profile type “Templates” followed by template name: “Imported Administrative templates (Preview)”
3. Pick a name for the policy
4. on the Configuration Settings tab, search for:
   • “Auto-update check period override” and set this to enabled and 120 minutes
   • “Enable component updates in Google Chrome” and set this to enabled,
   • “Update policy override default” and set this to enabled and “Always allow updates (recommended)”
5. Choose a scope tag if you use them
6. Assign the policy to users and create the policy.

You have now set the policy inside Intune to auto update Chrome.

How do I know if the policy has hit the device?

You can type in chrome://policy in the URL bar inside Chrome to check whether the policy has hit the device.