Intune

MEM – Deploy Google Chrome

Hi everyone, this will be the first post in a series of posts on how to deploy and manage Google Chrome browser via Microsoft Endpoint Manager (Aka Intune), today’s post is a straight forward one on how to deploy Google Chrome via the Win32 application model.

Why use the Win32 engine and not LOB?

Many of you may be asking why not simply package up the Google Chrome application as a LOB (line of business application) via Endpoint Manager seeing as it’s a .msi file and it’s a little bit simpler to package up, there are a few reasons for why I package ALL of my applications via the Win32 app method:

  • If utilising Windows Autopilot then Microsoft’s recommendation is not to mix LOB and Win32 together as they may conflict during the Autopilot build process, given this advice, the logical choice is to use Win32 for all applications as these can be used to deploy .msi applications too.
  • Win32 deployment method is a lot more flexible than the LOB engine, for example, making use of dependencies, etc.
  • Win32 supports delivery optimisation, where LOB does not, delivery optimisation if configured via Endpoint Manager is simply a peer to peer caching of content, this can help organisations reduce internet bandwidth, I typically see about 40-50% bandwidth saving when implemented.

Prerequisites

The first step is to download the latest .msi version of Google Chrome MSI installer from the Google Chrome browser enterprise site. I will download the 64-bit version:

Next step is to download the Win32 App packaging tool, which essentially just converts the application installation files into an Intune friendly app format (.intunewin), this can be downloaded from GitHub:

Unzip the contents of the Win32 App packaging tool and create a file structure, adding Google Chrome .MSI file to the sources folder and creating a blank folder called ‘GoogleChrome’ in the Output folder like so:

Win32 Application Wrapping

Once the file structure is in place, for which it can be used for any future Win32 app packaging, navigate to the IntuneWinAppUtil.exe location and open PowerShell as administrator and run the .exe:

Now three options will appear, if you’ve used the same directory structure as above then add your source directory, setup file and output folder as follows:

  • Source folder: C:\IntunePackaging\Source\GoogleChrome
  • Setup file: googlechromestandaloneenterprise64.msi
  • Output folder: C:\IntunePackaging\Output\GoogleChrome

I will breakdown what each section refers to:

  • Please specify the source folder: This is where all of the setup files are located which are required for installation of the application in question
  • Please specify the setup file: The file that is executed to trigger the installation process, this could be an .exe, .msi, .bat, .cmd, .ps1 file as required.
  • Please specify the output folder: This is where the .intunewim will be located once the process has completed, this will be uploaded to the Endpoint Manager portal once ready.

Creating MEMAC Application

Once the .Intunewim file has been generated, I would recommend storing this file in a safe place as it may come useful for future clients or require repackaging for whatever reason, once ready, navigate to the Microsoft Endpoint Manager admin center portal, clients Apps on the left-hand side, then Windows and then finally select add:

Select Windows app (Win32):

Select the .intunewim file generated previously and then fill out the application details as per your requirements, I would recommend adding notes that detail what version of architecture the application is to aid administration going forward, also, adding a logo looks great in the Company Portal application, once the application information is setup how you wish then proceed to the next step, here’s mine:

Because we have used a .msi file with the Win32 application wrapping process, the install \ uninstall commands have been pre-populated for us (note: if using any other file types such as .exe, .bat, .ps1, etc. then the install \ uninstall commands wouldn’t be pre-populated), I will make a small change to ensure that the device does not reboot by adding ‘n’ on the command line parameters like so:

Add the requirements, as we have used the 64-bit of Google Chrome installer, then we need to ensure that 64-bit is selected only:

Detection methods, these are not to be overlooked, the process for a win32 deployment, is to look for the detection method to see if the application is installed, it will run before the install, see that it’s not present and then run the command line previously set and then run the detection method again to determine if the installation was successful (as long as the exit codes are correct too!), in this case, seeing as this is a .msi file then we can use the msi product code:

You can skip dependencies as there are none for Google Chrome and on assignments select a user group or device group for testing (note: you cannot set an available deployment for a device group), in my example, I will add my user test group as an available deployment to ensure all is well before deploying out to the rest of the organisation:

Review and ensure all is well, then click create, the intunewim file will now be uploaded to the service:

Verifying results

On a test device, monitor the company portal application for an available application, once set, trigger the installation:

Check all is well and installed correctly:

Toast notifications are present too:

About Google Chrome to confirm:

Back within the Microsoft Endpoint Manager portal, you can also view the installation status:

What’s next?

See Part 2, on how to manage Google Chrome policies via MEM, such as setting the startup and homepages, force extensions, etc. find it here.