In this guide, you’ll learn how to Enable Auto Updates for Google Chrome on Windows with Intune policy. The present discourse aims to elucidate the process of Enabling the installation of Google Chrome updates via the Intune Policy.
As an Intune administrator, we must ensure that all enrolled devices are secure and updated with the latest Windows and third-party updates. This entails a crucial responsibility of securing devices from potential threats and vulnerabilities.
Therefore, it is imperative that we all conduct thorough monitoring and patching operations to ensure that no device is left unguarded. By prioritizing this task, we can ensure that our system remains secure and impervious to any malicious attempts to breach it.
Intune Policies can be leveraged to manage various Google Chrome settings effectively, thereby enhancing the overall end-user experience. By utilizing the available settings, businesses can ensure that their employees benefit from optimal browsing features while maintaining compatibility with company policies. With the ability to customize settings such as bookmarks, extensions, and security features, organizations can streamline their IT management processes while providing a secure and efficient browsing experience.
- Configure Chrome Group Policy ADMX Templates | How to Download
- Configure Group Policy ADMX ADML WMI Filter for Windows 10 ConfigMgr SCCM
Why is it Critical to Allow Google Chrome to Auto-Apdate?
Google Chrome is a globally used web browser that caters to individual’s and organization’s diverse needs. It serves as a gateway to various online resources, including web-based applications, and plays a vital role in facilitating online activities. Given Chrome’s critical role, it is imperative to manage Chrome updates effectively to ensure that the browser remains secure, stable, and up-to-date.
Frequent updates are necessary to address security vulnerabilities and maintain optimal performance, so staying on top of the latest updates is essential. Failure to do so can result in a vulnerable and compromised browser, which can pose significant risks to the user and the organization. Therefore, it is vital to prioritize Chrome updates as part of a broader security strategy.
Note! Starting in Intune Service release 2203, Google Chrome settings are included in the Settings Catalog and Intune Administrative Templates (ADMX).
There are various ways to make sure that you have the latest patch installed for Google Chrome. If your organization’s policies do not allow automatic updates, you can manually patch Google Chrome using different methods, and the browser stays up-to-date.
- Import Custom ADMX Administrative Templates in Intune MEM Portal
- ADMX Group Policy Templates for Office 365 All Office Versions
Import Google Chrome ADMX Administrative Templates
I will show you how to manage Google Chrome by importing Google’s admx for a similar approach as GPOs with on-prem Active Directory. Our focus is enabling the Automatic Update of Chrome. The Google Chrome Administrative Templates files are divided into .admx files and language-specific .adml files.
Here are the steps to import Google Chrome’s ADMX and ADML templates into Intune:
- Sign in to the Microsoft Intune Admin portal.
- Select Devices > Windows > Configuration Profiles > Import ADMX
The windows.admx file must be uploaded before you upload the Google Chrome ADMX and ADML templates as a pre-requisite. Google Chrome requires this ADMX file, and it has a hard requirement for it. Please refer to the below articles to get more information about Windows.admx
- Download Windows 10 Administrative Templates for All Versions
- Download Windows 11 23H2 Administrative Templates
Certain ADMX files may necessitate Windows.ADMX as a pre-requisite. Microsoft has indicated that this requirement will eventually be phased out; however, no estimated time of arrival has been provided for the same.
You may receive an Intune Admx File Upload Error Referenced not found NamespaceMissing error if you failed to import the windows.admx
- Download the Google ADMX from here.
Note! Ensure to select Google Update ADMX from the bottom drop-down menu as ADM won’t work.
- Extract the zip file
- Browse to Device/Windows/Configuration Profile, and select Import ADMX option
- In the ADMX file upload, Upload your files.
Administrative Template settings | Description |
---|---|
ADMX file | Select the ADMX file you want to upload. |
ADML file for the default language | Select the ADML file you want to upload. You can add only one language file for each ADMX file you upload |
Specify the language of the ADML file | This shows the ADML language of the file you uploaded. |
To import the google.admx
and google.adml
files,
- Click on Import and browse the file
- In summary, Review the uploaded ADMX or ADML files and click on Create to import the files.
Repeat the process for the GoogleUpdate.admx
and GoogleUpdate.adml
files, and the chrome.admx
and chrome.adml
files. It may take a while to upload the files. You can track the details in the Status showing Upload in Progress. Once the file upload is completed, The status will change from Upload in Progress to Available.
Note! You should upload the google.admx and google.adml files first. You may receive an Intune Admx File Upload Error Referenced not found NamespaceMissing error if you failed upload it first.
Kindly take note that ADMX files are to be uploaded in a specific order as follows:
- The
google.admx
andgoogle.adml
files Windows.admx
file- The
GoogleUpdate.admx
andGoogleUpdate.adml
files - The
chrome.admx
andchrome.adml
files
After uploading all the necessary files, the newly added files will be listed on the Import ADMX page. Please refer to the below image.
- Download Microsoft Edge ADMX Group Policy Templates
- FIX Intune Admx File Upload Error Referenced not found NamespaceMissing
Create Configuration Profile using ADMX Templates with Intune
We have successfully imported all the necessary Google Chrome ADMX templates in Intune. In this example, Our focus is enabling the Automatic Update of Chrome. The imported Google Chrome ADMX templates can also be used to configure settings like extensions, homepage, and password policies. Let’s follow the below steps to create a Configuration Profile using the ADMX Administrative Templates
- Sign in to the Microsoft Intune Admin portal.
- Select Devices > Windows > Configuration Profiles > Create and New Policy
You will open a new window when you click New Policy. Select Windows 10 and later in Platform, Select Profile Type as Templates.
Platform | Profile Type |
---|---|
Windows 10 and later | Templates |
Choose Imported Administrative Templates (Preview) from the list. Click on the Create button.
- Provide Profile Name and Description
In Configuration settings, select All settings to see an alphabetical list of all the settings. Or configure settings that apply to devices (Computer configuration) and settings that apply to users.
In this example, search for Update policy override. Select Update policy override, located under \Google\Google Update\Applications\Google Chrome
to turn on the automatic update.
When you click Update policy override, a new window will open, like GPO. It specifies how Google Update handles available Google Chrome updates from Google.
For Google Chrome automatic update, the Update policy override setting is recommended to be set to Always Allow updates. I have enabled the Update policy override setting and selected Always Allow updates. Click OK and Next to continue.
Click Next to display the Scope tags page. Add the Scope tags if you wish and click Next to assign the policy to computers. I will deploy it to the HTMD – Test Computers Group.
On the Review + Create page, carefully review all the settings you’ve defined to Enable Auto Updates for Google Chrome on Windows. Once you’ve confirmed that everything is correct, select Create to implement the changes.
Monitor Enable Auto Updates for Google Chrome in Microsoft Intune
The configuration profile is deployed to Azure AD groups. Let’s see how we can monitor the deployment and status of installation from the Intune portal. To monitor the Intune policy assignment, follow these steps:
- Navigate to the list of Configuration Profiles and select the policy you targeted.
- Click on Overview to see the report
End-User Experience after Enabling Auto Updates
Based on the report, the policy has been successfully deployed to end-user devices. We need to verify if the policy is applied to these devices. There are multiple ways to check the deployment status on end-user devices.
- Open Google Chrome, and click on Help and About Google Chrome. The About Chrome is now showing that the auto-update is turned on.
- The following registry key also would tell you the Google Chrome auto-update status.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update
- If the registry key value is set to
1
, it means that the Google Chrome auto-update is turned on.
The Imported Google Chrome ADMX Administrative Templates are working fine on the end user device. Now, Google Chrome will automatically update with its latest patch. That’s it for this article, have a safe browsing..!
Thank you for your patience in reading this post. See you in the next post. Keep supporting the HTMD Community.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here – HTMD WhatsApp.
Author
About Author – Sujin Nelladath has over 10 years of experience in device management technologies and Automation solutions. He writes and shares his experiences related to Microsoft device management technologies, Azure, and PowerShell automation.
Hi,
Above policy deployment was success and can see the registry key, but I cannot see “Your browser is managed by your organization.” In Google Chrome tab.
That’s strange for me…! Can you verify the settings again
This didnt work for us. The device status is showing as pending
Hi Anoop,
I am not able to find GoogleUpdate.admx file. I downloaded the package from given website: https://chromeenterprise.google/intl/en_ca/browser/download/thank-you/?platform=ADM&channel=stable&usagestats=0, please guide.
Also, ADMX and ADML are mandatory files, what adml goes with windows.admx file?
I was able to download the GoogleUpdate.admx file from given link, Can you verify your download settings?
Apologies for the late response.
Still not auto updating.
gci -Path “HKLM:\SOFTWARE\Policies\Google”
Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
Name Property
—— ———
Update Update{8A69D345-D564-463C-AFF1-A69D9E530F96} : 1
Looks like something weird. Did you check the value from HKLM:\SOFTWARE\Policies\Google\update
Did you check the value HKLM:\SOFTWARE\Policies\Google\update?
But doesn’t Intune overwrites the new chrome version with the old one, which is set in Intune Apps?
Google Chrome updates to the latest version automatically if auto-update is not disabled.
Do you know a way to force the Re-launch of chrome to let the updates finish?
The only way I found is to deploy a PowerShell script that will do that and was thinking if there’s an easier way.
Thanks.
which windows.admx templates should i download ,i had windows 10 & 11 devices
If I’m looking at the traffic coming from my client system, should I see it attempting to reach our storage for the update, or “update.googleapis.com:443”