Let’s learn how to download and install Google Chrome using Intune Line of Business Application model. I have explained the steps in the above video (Google Chrome Deployment).
To add a custom or in-house app, upload the app’s installation file. Make sure the file extension matches the app’s intended platform. Intune supports the following line-of-business app platforms and extensions:
- Android (APK)
- iOS (IPA)
- macOS (.IntuneMac)
- Windows (.msi, .appx, .appxbundle, .msix, and .msixbundle)
In this post, we are looking into Windows LOB application deployment. Let’s see how to deploy the “Google Chrome” (Intune Google Chrome?) browser to Windows 10 or Windows 11 devices using Microsoft Intune. I have a post that explains, “Deploy Google Chrome Update with SCCM.”
NOTE! – There is a 0-Day bug with Chrome Browsers. Update the Google Chrome browsers immediately. More details – Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.
- Intune Management Extension Deep Dive – Win32 App Deployment Troubleshooting Help Guide
- Troubleshoot Intune Managed Application Deployments Errors
- Fiddler Silent Install using Intune MEM Installation Behavior User
- Intune Logs Event IDs IME Logs Details for Windows Client Side Troubleshooting
Download Chrome Enterprise Version MSI
You can download the enterprise version of the Google Chrome browser from the following Google Server.
I usually download the FULL version of the Google Chrome browser. But, you have an option to download Google Chrome update MSI as well.
Introduction Google Chrome Deployment
Recently Google published a post about the latest vulnerabilities of Google Chrome. And they highlighted this as Zero-day Patch. 0-day patches are highly critical, and you need to update the browsers as soon as possible.
Create Intune Chrome Browser Line of Business App
To create Intune line of business (LOB) application, you need to log into the device management portal. Once you log in to the device management portal you can go to the windows application and start creating Intune LOB application.
The creation of the application is straightforward as I have shown in the video (Google Chrome Deployment options). I don’t think you have to worry about the application version shown Intune console. I don’t know how it is getting that MSI version details when we select the Google Chrome MSI.
- Login to Intune Portal https://endpoint.microsoft.com/
- Select Apps > All apps > + Add.
- Select Windows 10 in the Office 365 Suite section of the Select app type pane.
- Click Select. The Add Office 365 Suite steps are displayed.
Thoughts – If you check the MSI version of the properties of that MSI file and compare that with the version which shows in Intune portal, you will get confused. So, don’t worry about that at the moment. There could be some bug in Intune.
Select Line-of-business app to create Google chrome browser application
Click on the App package file and select Application and Click on the FOLDER icon.
Browse using Windows Explorer and Select the MSI – the Google Chrome Browser MSI ( GoogleChromeStandaloneEnterprise64.msi). Click OK to continue
Name: Google Chrome
App version: 67.208.87
Size: 57.44 MiB
MAM Enabled: No
Execution Context: Per-Machine
- Click on App Information Configuration
- Fill the App Information (Mandatory information for Line of Business app)
- Name – Google Chrome
- Description – Google Chrome
- Publisher – Google
Select the Logo for the Google Chrome Browser application. Click on Browse (FOLDER ICON).
Copy and Save the Chrome ICON to your computer
Select the saved chrome icon. Intune will automatically upload and analyze the icon. Google Chrome Deployment using Intune Line of Business Application.
- Click OK
- Click OK
- Select the Scope (Tags)
- Click +Add
- Select Tags -> Test
- Click on Select
- Click OK
NOTE! – Intune scope tag guide – Intune Scope Tags Implementation Guide.
Upload Google Chrome Browser using Intune Line of Business Application
Once you save the Google Chrome application, Intune will start uploading the MSI 2 Microsoft cloud. This process it’s going to take the same depending on your Internet speed and the size of the MSI.
You can see the starters of the upload in intunes console itself. You can see the percentage of uploads do Intune in the device management portal itself as you can see in the video (Google Chrome Deployment scenarios).
Thoughts – This % of upload notification is very useful instead of some gas works which we used to do in previous versions of Intune.
- Chrome Browser application is now getting uploaded
- Uploading Google Chrome 64% completed
Let’s wait to complete the upload
Google Chrome Assignments to Device Groups
Deployment is called assignment in Intune. I have explained How to assign an application like Google Chrome to the 2 Azure Active Directory device groups. There are different types of assignment types in Intune.
Similar to SCCM, required and available are 2 prominent options. Apart from these 2, you will have another option which is called available for all enrolled devices. This option will make the application available for all MDM-enrolled devices.
Thoughts – If you select available for all enrolled devices, you are in turn removing the dependency of Azure AD assignments. I think this will help to improve the performance of Microsoft Intune in some way.
- Click on Assignments
- Click on Add Groups
This will also help to reduce the workload for Azure Active Directory to analyze different groups’ different logics for dynamic groups etc similar to dynamic collections in the SCCM world. I have used the required option in this Chrome application deployment or assignment.
- Add Groups – Select Assignment Type – Required
- Select the Azure AD Device Groups to include
- Search for Chrome AAD Device Groups
- Click on Select to confirm the AAD Group select
Click OK to complete the Google Chrome application assignment
Click OK (1 group selected – Included Group)
Click on Save
Success – Assignments saved Successfully