Manage Google Update settings with Microsoft Intune

Note; This post is already a couple of years old and in the mean-time a lot has changed in managing Google Chrome with Intune. A lot of settings are by default available in the Settings Catalog (SC) profile. And if a Chrome settings is not available in the SC, we have the option to import ADMX files to Intune like shown in this article.

This is a follow-up post on Managing Google Chrome settings with Microsoft Intune. In this post I will show how we can use Microsoft Endpoint Manager (Intune) to manage Google Update settings.

Like the Google Chrome settings, the Google Update settings can also be managed using a custom configuration profile for Windows 10. The policy consists of two parts. The first part is used to deploy the Google Update ADMX file to the Intune managed device. The second part of the policy is used to manage the settings of choice.

Note: most settings do only work on (Hybrid Azure) AD Joined devices.

Deploy the Google Update ADMX file

The Google Update ADMX file can be downloaded as part Chrome Enterprise bundle. After downloading the bundle, locate the ADMX file and open the file with a text editor.

Now open a browser to sign-in to the Microsoft Endpoint Manager portal.

• Sign-in to the Endpoint Manager admin center
• Browse to Devices – Windows
• On the Configurations profiles tab click + Create profile

• Choose Windows 10 and later as Platform
• Choose Custom as Profile type
• Click Create

• Give the configuration profile a Name
• Enter a Description (optional)
• Click Next

• Click Add

With this row we deploy the ADMX file to the Windows 10 device. As you can see the OMA-URI contains ADMXInstall.
More info on how the OMA-URI is build up and complementing information about ADMX-backed policies can be read in this article on Microsoft Docs.

Enter below information to the policy;
Name: Chrome ADMX Ingestion
OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/GoogleUpdate/Policy/GoogleUpdateAdmx
Data Type: String
Value: As value copy the entire content of the ADMX file in the value field

• Click Add
• Click Next

Assign the profile to a group.

The policy to deploy the ADMX file is ready. In the next steps we add the settings we manage with Intune to the same policy.

How to build up the OMA-URI

As with deploying the ADMX file, for the settings to manage we also need to know the OMA-URI which we need to use. But the OMA-URI for managing the settings consists of some information we need to collect ourselves from the Google Update ADMX file.

This is for example the OMA-URI to manage the Auto Update Check Period:
./Device/Vendor/MSFT/Policy/Config/GoogleUpdate~Policy~Cat_GoogleUpdate~Cat_Preferences/Pol_AutoUpdateCheckPeriod
Let`s split up the OMA-URI in seperate parts.
This is default for managing applications using an ADMX file:
./Device/Vendor/MSFT/Policy/Config/

The part that comes next is not always the same, we need to follow some rules:
GoogleUpdate~Policy~Cat_GoogleUpdate~Cat_Preferences/Pol_AutoUpdateCheckPeriod
It starts with GoogleUpdate (the ADMX file name), like in the ADMXInstall URI, followed by Policy. Between every part we have the ~ sign.
After Policy we see the name of two categories. These categories can be found in the Chrome ADMX file.
When we open the ADMX file in a text editor, we can see there are several categories. The first categorie we find in the ADMX file is the top category and as we can see that is Cat_GoogleUpdate. We put this in the OMA-URI after Policy.
Here we also see some sub categories, like Cat_Preferences and Cat_Applications.

If we search the ADMX file for the sub categorie Cat_Preferences, we find the actual policies we can manage. The policy name of such a setting is the last part of the OMA-URI, in this case Pol_AutoUpdateCheckPeriod.
Here we also find the Data ID of the setting, which we need later in the configuration.

Manage Google Update settings

As example I show two settings; Auto Update Check Period and Update Policy Google Chrome.

We have already seen how to build the OMA-URI for the policy Pol_AutoUpdateCheckPeriod, so let`s start with that one. The Data type for these settings is always String. Than we only need to know what our Value is.

The value starts with <enabled/> (or <disabled/> if you like to disable a setting).
If we have a setting which can only be set to enabled or disabled, than that`s the value.

But for Auto Update Check Period, we need to set a value which corresponds to minutes between update checks. In this case <enabled/> is followed by a data id. The data id is found again in the ADMX file, in below example the decimal id, Part_AutoUpdateCheckPeriod.
And as last we need to set a value, which is a number in this case.

Open the Endpoint Manager Portal.

• Open your existing custom policy or create a new policy
• Click Edit next to Configurations settings
• Click Add
• Give the Row a Name
• Fill in the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/GoogleUpdate~Policy~Cat_GoogleUpdate~Cat_Preferences/Pol_AutoUpdateCheckPeriod
• Data type: String
• Value:

<enabled/> <data id="Part_AutoUpdateCheckPeriod" value="120"/>

• Click Add
• Click Review + Save
• Click Save

That`s it, the first Google Update setting is ready for deployment.

The next example is found under the Google Chrome categorie: Update Policy override. Open the Chrome ADMX file and search for UpdatePolicyGoogleChrome. With the information found in the ADMX file we can create the OMA-URI.
Here we find the policy name and the sub categorie. Cat_GoogleChrome is a categorie not directly located under the top categorie Cat_GoogleUpdate, there is a categorie between those. If we search back in the ADMX file, we see that the categorie between these is Cat_Applications.
We also find the Data id in the ADMX file and the values we can set are here located. We have four options we can set, I prefer to set Automatic Updates Only, I use the corresponding value 3 in my policy.

Open the Endpoint Manager Portal to add an extra row.

• Click Add
• Give the Row a Name
• Fill in the OMA-URI: ./Device/Vendor/MSFT/Policy/Config/GoogleUpdate~Policy~Cat_GoogleUpdate~Cat_Applications~Cat_GoogleChrome/Pol_UpdatePolicyGoogleChrome
• Data type: String
• Value:

<enabled/> <data id="Part_UpdatePolicy" value="3"/>

• Click Add
• Click Review + Save
• Click Save

Another example under the category Applications is Pol_TargetVersionPrefixGoogleChrome. This setting specifies which version Google Chrome should be updated to.
The data id for this policy setting is Part_TargetVersionPrefix. And the value is the Chrome version to which the browser needs to be updated to.

The OMA-URI is: ./Device/Vendor/MSFT/Policy/Config/GoogleUpdate~Policy~Cat_GoogleUpdate~Cat_Applications~Cat_GoogleChrome/Pol_TargetVersionPrefixGoogleChrome

Value:

<enabled/> <data id="Part_TargetVersionPrefix" value="100."/>

Add all the required settings of your choice and switch over to the Windows device.

The end result

The end-result is pretty short.
If the deployed settings are successful applied you can find this under the Settings. Browse to Accounts, Access work or School. Click on your account and click Info.
Here we see the two settings we have deployed.

If we have a look at the registry, we find the same settings under HKLM\Software\Policies\Google\Update

And when we open Google Chrome and enter Chrome://policy in the address bar we find the configured settings.
In the top right corner we can search for settings.

Thank you for reading. I hope you find it informative and if you have any question, please leave a comment.