Posted in: Intune, Microsoft 365, Powershell Automation

Chrome Extension via Win32App in Intune

If you use Azure AD as identity provider for your webbased third party applications, you might want to consider use the Google Chrome extension called “Windows 10 Accounts”. This extension provide the complete single sign on experience for applications that use Azure Activery Directory based identities.

I will provide an instruction on how to deploy this extension via Intune for Windows 10 devices.

For example, the Windows 10 accounts extension looks like this:

Prerequisites

  1. WinAppUtil, this application is needed to package applications in Microsoft Intune. You can download it here: Link
  2. Appropriate licenses to deploy a Windows 10 device via Intune.
  3. Windows 10 Intune enrolled device.
  4. Google Chrome installed

Preparation

Let’s start with the deployment. First of all start by creating a folder. For example: “C:\temp\ChromeAddOnWindows10Accounts”

Create 2 files in this directory:

The first file (ChromeAddOnWindows10Accounts.ps1) contains a powershell script, this powershell creates a registry key with forces Google Chrome to install the extension. Link to original creator of the script

#Set variables as input for the script
$KeyPath = "HKLM:\Software\Policies\Google\Chrome\ExtensionInstallForcelist"
$KeyName = "1"
$KeyType = "String"
$KeyValue = "ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx"

#Verify if the registry path already exists
if(!(Test-Path $KeyPath)) {
    try {
        #Create registry path
        New-Item -Path $KeyPath -ItemType RegistryKey -Force -ErrorAction Stop
    }
    catch {
        Write-Output "FAILED to create the registry path"
    }
}

#Verify if the registry key already exists
if(!((Get-ItemProperty $KeyPath).$KeyName)) {
    try {
        #Create registry key 
        New-ItemProperty -Path $KeyPath -Name $KeyName -PropertyType $KeyType -Value $KeyValue
    }
    catch {
        Write-Output "FAILED to create the registry key"
    }
}

You can use this script to implement every Chrome extension. Replace the $KeyValue with the value needed for your extension. and replace the $KeyName with a number other than 1. Otherwise you will overwrite this value.

The second file (install.cmd) calls the powershell script, you will use this in the Intune configuration. The file contains the following code:

Powershell.exe -Executionpolicy bypass -File ChromeAddOnWindows10Accounts.ps1

Packaging

Now it’s time to create the package. Start Powershell and run the WinAppUtil, for me the location is “C:\temp\Intune\IntuneWinAppUtil.exe”.

Use the paths in the screen below accordingly and hit enter:

A ChromeAddOnWindows10Accounts.intunewin is created in the folder “C:\temp\Output”. This file will used in the deployment via Intune.

Deployment

Log on to the Intune Portal at https://devicemanagement.microsoft.com/

Go to Apps:

After that go to Windows and add an App:

Add a Win32App:

Select app package file and browse to the ChromeAddOnWindows10Accounts.intunewin file.

Specify the package information:

Specify the installation instructions:

Install command: “Install.cmd”
Uninstall command: “reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist /v “1” /f “
Device restart behavior: “no specific action”

Specify the requirements:

I have created a custom detection script, these are the settings in Intune:

This is the code of the detection script:

#ChromeAddOnDetectionScript
$KeyPath = "HKLM:\Software\Policies\Google\Chrome\ExtensionInstallForcelist"
$KeyName = "1"
$KeyType = "String"
$KeyValue = "ppnbnpeolgkicgegkbkbjmhlideopiji;https://clients2.google.com/service/update2/crx"

(Get-ItemProperty -Path $KeyPath -Name $KeyName).1 -eq $KeyValue

No depencies and no scope tags are assigned.

Assign the groups that need the application:

The detection rules show installed:

And it’s a wrap! If you have any questions feel free to contact me.

Regards,

Niels

Niels

Comment (1) on "Chrome Extension via Win32App in Intune"

Leave a Reply