If you use Azure AD as identity provider for your webbased third party applications, you might want to consider use the Google Chrome extension called “Windows 10 Accounts”. This extension provide the complete single sign on experience for applications that use Azure Activery Directory based identities.

I will provide an instruction on how to deploy this extension via Intune for Windows 10 devices.

For example, the Windows 10 accounts extension looks like this:


  1. WinAppUtil, this application is needed to package applications in Microsoft Intune. You can download it here: Link
  2. Appropriate licenses to deploy a Windows 10 device via Intune.
  3. Windows 10 Intune enrolled device.
  4. Google Chrome installed


Let’s start with the deployment. First of all start by creating a folder. For example: “C:\temp\ChromeAddOnWindows10Accounts”

Create 2 files in this directory:

The first file (ChromeAddOnWindows10Accounts.ps1) contains a powershell script, this powershell creates a registry key with forces Google Chrome to install the extension. Link to original creator of the script

You can use this script to implement every Chrome extension. Replace the $KeyValue with the value needed for your extension. and replace the $KeyName with a number other than 1. Otherwise you will overwrite this value.

The second file (install.cmd) calls the powershell script, you will use this in the Intune configuration. The file contains the following code:


Now it’s time to create the package. Start Powershell and run the WinAppUtil, for me the location is “C:\temp\Intune\IntuneWinAppUtil.exe”.

Use the paths in the screen below accordingly and hit enter:

A ChromeAddOnWindows10Accounts.intunewin is created in the folder “C:\temp\Output”. This file will used in the deployment via Intune.


Log on to the Intune Portal at https://devicemanagement.microsoft.com/

Go to Apps:

After that go to Windows and add an App:

Add a Win32App:

Select app package file and browse to the ChromeAddOnWindows10Accounts.intunewin file.

Specify the package information:

Specify the installation instructions:

Install command: “Install.cmd”
Uninstall command: “reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist /v “1” /f “
Device restart behavior: “no specific action”

Specify the requirements:

I have created a custom detection script, these are the settings in Intune:

This is the code of the detection script:

No depencies and no scope tags are assigned.

Assign the groups that need the application:

The detection rules show installed:

And it’s a wrap! If you have any questions feel free to contact me.




Related Posts

5 thoughts on “Chrome Extension via Win32App in Intune

  1. Great piece.

    So I was playing around our environment using this technique. I’m having a difficulty figuring out how to uninstall the extension. Any Tips?

  2. I was wondering how to add multiple extensions. Also i cannot find urls to 2 or 3 of my extensions. Do i just leave them blank after entering the id or do i put in the link to the chrome store? any help will be appreciated. Thank you

    1. This is possible, you need to edit the script to have a foreach loop and create an array where the links to all your chrome extension reside.

Leave a Reply

Your email address will not be published. Required fields are marked *