Have you noticed that even the latest Windows 11 images are still shipped with Microsoft Edge version 92? An Edge release from June 2021!? Ridiculous if you ask me the Windows team doesn’t regularly update the version that they ship with Windows.
As you can see below in the OOBE of a recent Windows 11 device, Edge version 92 is installed.
Fortunately there is a pretty simple PowerShell one-liner with which we can trigger Edge to update to the latest available stable version. But it’s not know to everybody as it is hidden in some of the deployments documents from Microsoft. Therefor I share it here in this short post in the hope that more people can find it when they want to update Edge, for example during Windows Autopilot deployments.
As you can see in the OOBE, with an internet connection of course 😉, we can run the command (1) and Edge is updated to the latest version (2).
This means we should also be able to update Microsoft Edge automatically during Windows Autopilot enrollment using a PowerShell script.
I created a very basic PowerShell script that does the job.
But already soon after publishing the post, Mathieu Ait Azzouze left some comments under this post to make the script more dynamic. His changes are added to the script and handled in the post. This makes the IT community so great 🙂 Thanks for that, Mathieu!
The script can be found on my Github repo.
The script
I added the PowerShell one-liner to a PowerShell script and wrapped that as WIN32 application. This way I can deploy it as application during Autopilot enrollment and if needed set it as dependency to another app. But you can also change the script to your own needs and deploy it as ‘normal’ script with Intune.
It’s not a very long script, but let’s divide it into a few parts and look at what it does for us.
As the Microsoft Intune Management Extension might start a 32-bit PowerShell instance, the script first restarts as 64-bit PS instance.
In the functions region, we define a CleanUpAndExit function, which is also used for Intune detection when wrapped as a win32 package.
In the variable section, we only have the variable for the Intune detection, that writes the result of the script to the registry. Change this to your own needs.
The different Edge Update channels are defined. If needed you can change the channel and architecture in the param section. But during Autopilot enrollment you would update the stable channel.
Next, we start the transcript, that writes some logging to the IntuneManagementExtension\Logs folder. By writing the logs to that folder, it is available when collecting Device diagnostics with Intune.
Next, the script queries the Edge update API with an Invoke-Webrequest for the latest available version. We later use this retrieved version to determine if the latest version is installed after we trigger the update.
Here we have the PowerShell one-liner that triggers Microsoft Edge to update to the latest version;
Start-Process -FilePath “C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe” -argumentlist “/silent /install appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=True”
Next,I added a Do-Until to the script to check if the Edge version installed after the update matches the latest available Edge version.
As last a clean up and exit action is added to write the results to the registry and it stops the transcript.
And that’s all. Nothing exiting, but it does the job.
Intune install and detection
In case you also want to deploy the script as WIN32 applications I’ll show the install command and detection for this script.
The install command is like this (depending on the PS1 file name):
PowerShell.exe -ExecutionPolicy Bypass -file .\EdgeUpdateAutopilot.ps1
And the detection rule that checks the registry:
HKEY_LOCAL_MACHINE\Software\InTheCloud247\EdgeUpdateAutopilot\v1.1
And that’s it for this short blog post.
Thanks for reading!
8 Comments
Great post! Thanks
I can’t believe MS doesn’t take time to update such a critical app within their new builds…
If I have time I’ll update it to check Edge version online instead of checking if version is greater than 120 by parsing the following JSON.
Invoke-WebRequest -uri ‘https://edgeupdates.microsoft.com/api/products?view=enterprise’
First draft:
$Product = ‘Stable’
$Platform = ‘Windows’
$architecture = ‘x64’
$EdgeInfo = (Invoke-WebRequest -uri ‘https://edgeupdates.microsoft.com/api/products?view=enterprise’)
$EdgeVersion = ((($EdgeInfo.content | Convertfrom-json) | ? {$_.product -eq $Product}).releases | ? {$_.Platform -eq $Platform -and $_.architecture -eq $architecture})[0].productversion
That’s a good one Mathieu!
Only thing that needs to be added is UseBasicParsing as parameter, otherwise it gives an error during AP enrollment;
The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer’s first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.
Good to know. We will try. Thanks.
I think we will try to do it in a remediation script to regularly check the version and update if needed. Obsolete versions send us a security alert.
We will search the same thing to update Chrome too.
Thanks for the script – not sure if it’s just me but although the version is 1.1, the $StoreResults variable is still creating the registry entry as “InTheCloud247\EdgeUpdateAutopilot\v1.0”, so the given detection rule for HKEY_LOCAL_MACHINE\Software\InTheCloud247\EdgeUpdateAutopilot\v1.1 is failing.
I fixed the typo in the script.
FYI I need to add (Get-AppxPackage -AllUsers -Name “Microsoft.MicrosoftEdge.$UpdateChannel”).Version | Sort-Object -Descending | Select-Object -First 1 to your script when you queey versions. This is due to picking up multiple versions.
I had the same issue as Habeeb. Get-AppxPackage was picking up multiple versions of Edge causing errors in the script, so I put the version results into an array and then picked the highest version from the array as my [System.Version]