This document will provide end-to-end instructions on how to deploy the Apty Widget Extension via Intune for Windows 10 devices (Google Chrome & MS Edge).
Install Apty Widget Google Chrome Extension via Win32App in Intune
TABLE OF CONTENTS
Prerequisites
1. You need to download and install WinAppUtil application to package applications in Microsoft Intune.
2. You should have appropriate licenses to deploy a Windows 10 device with Intune.
3. Your device has to be enrolled in Windows 10 Intune.
4. You should have Google Chrome installed on your device.
Preparation
Step 1: Go to C:\Windows\Temp\ in your system. Just press the Windows key + R key on your keyboard and enter temp. And click on OK. Once you're inside the temp folder, create a new folder named ChromeAddOnAptyExtension
Step 2: Inside this folder, we will create two files.
The first file (ChromeAddOnAptyExtension.ps1) contains a PowerShell script that creates a registry key that forces Google Chrome to install the extension.
The second file (Install.cmd) will be used in Intune configuration, which will basically call the PowerShell script from ChromeAddOnAptyExtension.ps1
Step 3: Add the following content inside the PowerShell file (ChromeAddOnAptyExtension.ps1).
#Set variables as input for the script
#Enter the Customer Application Key in place of the given KeyValue
$KeyPath = "HKLM:\Software\Policies\Google\Chrome\ExtensionInstallForcelist"
$KeyName = "11"
$KeyType = "String"
$KeyValue = "ApplicationKey;https://clients2.google.com/service/update2/crx"
#Verify if the registry path already exists
if(!(Test-Path $KeyPath)) {
try {
#Create registry path
New-Item -Path $KeyPath -ItemType RegistryKey -Force -ErrorAction Stop
}
catch {
Write-Output "FAILED to create the registry path"
}
}
#Verify if the registry key already exists
if(!((Get-ItemProperty $KeyPath).$KeyName)) {
try {
#Create registry key
New-ItemProperty -Path $KeyPath -Name $KeyName -PropertyType $KeyType -Value $KeyValue
}
catch {
Write-Output "FAILED to create the registry key"
}
}This script can be used to implement every Chrome extension. But make sure you replace the $KeyValue with the value needed for your extension. Also while reusing this script you must use a unique number for $KeyName (in this case, any number other than 11) to avoid overwriting.
Step 4: The file (Install.cmd) contains the following code.
Powershell.exe -Executionpolicy bypass -File ChromeAddOnAptyExtension.ps1Packaging
Now create the package by starting Powershell on your system and running the WinAppUtil application. Copy the path where the WinAppUtil application is saved. In this demo, the location is C:\Windows\temp\IntuneWinAppUtil.exe. So I will run the command as shown below.
Once the commands run successfully, you can go back to the folder C:\Windows\Temp\ChromeAddOnAptyExtension and you can see the .intunewin file there.
Deployment
Step 1: Go to the Intune Portal by clicking on the following link: https://devicemanagement.microsoft.com/
Step 2: Navigate to Apps from the left panel.
Step 3: Inside Apps click on Windows
Step 4: Click on the + Add button.
Step 5: Select the App type as Windows app (Win32)and click on Select
Step 6: Now we need to add App information. Click on Select app package file. Browse and open the .intunewin file i.e. in this demo, ChromeAptyExtension.intunewin (output from the packaging step?) by clicking on the file icon. Once done, Click on Ok.
Step 7: Add package information as shown below.
Add the Publisher as Apty. Then go to the next step.
Step 8:Add the Install command as: Install.cmd
and the Uninstall command as: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v “11” /f
Note that the KeyName should be added corrected, for this demo it is 11.
After that click Next.
Step 9: Now under Requirements, we are going to select both 32-bit and 64-bit options for the Operating system architecture requirement.
Also, select the first option (for our use case we will go with the oldest option available) as the Minimum operating system requirement.
Step 10: Further, the detection rule can be selected as a custom detection script as shown below.
Create a detection script (PowerShell) with the following content and save it under the same ChromeAddOnAptyExtension folder. This detection script will return true if the extension is installed successfully.
#ChromeAddOnDetectionScript
$KeyPath = "HKLM:\Software\Policies\Google\Chrome\ExtensionInstallForcelist"
$KeyName = "11"
$KeyType = "String"
$KeyValue = "ApplicationKey;https://clients2.google.com/service/update2/crx"
(Get-ItemProperty -Path $KeyPath -Name $KeyName).11 -eq $KeyValueMake sure you enter the right $KeyName and $KeyValue
Browse and select the detection script.
Step 11:We won't add Dependencies or Supercedence.
Step 12: After that, we have to assign groups. The extension will be installed for all users inside the assigned group.
You can add the group by clicking on the + Add group button.
After adding the group, the Group mode should appear as Included.
Now if you want to uninstall in bulk. Just add the group in the Uninstall section as shown below.
Note: Make sure the same group isn't added in the Required section as well as in the Uninstall section.
Once done, click Next.
Step 13: Review and click on create
Step 14: Now to verify if the installation is completed successfully, go to the following path. There you can find the status.
PATH: Home > Apps > Select the recently added app
As you can see, the Apty Chrome extension is successfully installed in all 3 systems in the assigned group.
Install Apty Widget Microsoft Edge Extension via Win32App in Intune
This document will provide end-to-end instructions on how to deploy the Apty Widget Microsoft Edge Extension via Intune for devices with Windows 10 (or above).
TABLE OF CONTENTS
Prerequisites
1. You need to download and install WinAppUtil application to package applications in Microsoft Intune.
2. You should have appropriate licenses to deploy a Windows 10 device with Intune.
3. You should have the Microsoft Edge browser installed on your device.
Preparation
Step 1: Go to C:\Windows\Temp\ in your system. Just press the Windows key + R key on your keyboard and enter temp. And click on OK. Once you're inside the temp folder, create a new folder named EdgeAddOnAptyExtension
Step 2: Inside this folder, create two files.
The first file (EdgeAddOnAptyExtension.ps1) contains a PowerShell script that creates a registry key that forces Microsoft Edge to install the extension.
The second file (Install.cmd) will be used in Intune configuration, which will basically call the PowerShell script from EdgeAddOnAptyExtension.ps1
Step 3: Add the following content inside the PowerShell file (EdgeAddOnAptyExtension.ps1).
#Set variables as input for the script
#Enter the Customer Application Key in place of the given KeyValue
$KeyPath = "HKLM:\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist"
$KeyName = "21"
$KeyType = "String"
$KeyValue = "ApplicationKey;https://clients2.google.com/service/update2/crx"
#Verify if the registry path already exists
if(!(Test-Path $KeyPath)) {
try {
#Create registry path
New-Item -Path $KeyPath -ItemType RegistryKey -Force -ErrorAction Stop
}
catch {
Write-Output "FAILED to create the registry path"
}
}
#Verify if the registry key already exists
if(!((Get-ItemProperty $KeyPath).$KeyName)) {
try {
#Create registry key
New-ItemProperty -Path $KeyPath -Name $KeyName -PropertyType $KeyType -Value $KeyValue
}
catch {
Write-Output "FAILED to create the registry key"
}
}Note: This script can be used to implement every Edge extension. But make sure you replace the $KeyValue with the value needed for your extension. Also while reusing this script, you must use a unique number for $KeyName (in this case, any number other than 21) to avoid overwriting.
Step 4: The file Install.cmd contains the following code.
Powershell.exe -Executionpolicy bypass -File EdgeAddOnAptyExtension.ps1Packaging
In order to create the package, start Powershell on your system and run the WinAppUtil application. Copy the path where the WinAppUtil application is saved. In this demo, the location is C:\Windows\temp\EdgeAddOnAptyExtension\IntuneWinAppUtil.exe
Then run the command as shown below.
Here,
Source folder path and output folder paths are defined as: C:\Windows\Temp\EdgeAddOnAptyExtension
Setup file: EdgeAddOnAptyExtension.ps1
Once the commands run successfully, you can go back to the folder C:\Windows\Temp\EdgeAddOnAptyExtension and you can see the .intunewin file there.
Deployment
Here you need to create a Configuration Profile within Intune, then configure settings to add the IDs to the allow the list, and then configure the silent installation settings.
Step 1: Go to the Microsoft Endpoint Manager Admin Center, navigate to Devices, Configuration Profiles and then Create Profile.
Step 2: Select Windows 10 and later and profile type as Settings Catalog, as shown below:
Step 3: Give the profile an appropriate Name and add a Description. Then click Next.
Step 4: Now on the Configuration Settings screen, click on Add settings, look under Microsoft Edge and then Extensions, select Allow specific extensions to be installed, and Control which extensions cannot be installed:
Step 5: Now configure for Silent Installation of Extensions. Within the same configuration profile created above, add an additional setting named, Control which extensions are installed silently from the same area as before, under Microsoft Edge and then Extensions:
Step 6: Then close the Settings Picker, set the Control which extensions are installed silently to Enabled, and add the Update URL.
Update URL: ApplicationKey:URL to fetch data
URL to fetch data:
- If we are fetching the data from S3 cloud, use: https://apty-assist-production-s3.s3.amazonaws.com/production/{tenantId}/update.xml
- If we are fetching the data from chrome, use: https://clients2.google.com/service/update2/crx“
Save the changes to complete the deployment process.
Best Practice
Assign this to a test group of users or devices before enabling in prod (as you should, for all new configurations within Intune) and check out the results.