feat: Add Intune detection and setup scripts for Windows deployment#144
Merged
bmsimp merged 9 commits intoCyberDrain:devfrom Apr 24, 2026
Merged
feat: Add Intune detection and setup scripts for Windows deployment#144bmsimp merged 9 commits intoCyberDrain:devfrom
bmsimp merged 9 commits intoCyberDrain:devfrom
Conversation
…nt of Check extension
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Windows Intune-focused tooling for deploying the Check browser extension by introducing a registry-based detection script, an interactive setup script that generates configured deploy/remove/detect scripts, and updating the Windows domain deployment documentation accordingly.
Changes:
- Added an Intune detection script that validates Chrome/Edge policy registry keys against expected configuration.
- Added an interactive setup script that downloads templates and generates configured Deploy/Remove/Detect scripts for upload to Intune.
- Updated Windows domain deployment docs with Win32 app + detection-script guidance for Intune.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
| enterprise/Setup-Windows-Chrome-and-Edge.ps1 | Interactive generator that downloads template scripts and applies config replacements. |
| enterprise/Detect-Windows-Chrome-and-Edge.ps1 | Intune detection script that checks registry policy keys/values for Chrome and Edge. |
| docs/deployment/chrome-edge-deployment-instructions/windows/domain-deployment.md | Updated documentation to describe Intune Win32 app packaging, detection rules, and troubleshooting. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…main-deployment.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
…une Step 2 - Setup script: mirror the Format-ArrayLiteral change for scalar replacements by adding Format-SingleQuoted and switching all string-valued scalar replacements to single-quoted output. Prevents \$ / backtick interpolation in user-provided URLs and branding fields when generated scripts run. - Docs: add the missing "Step 2: Create the Win32 App in Intune" between packaging and configuration, fixing the 1 -> 3 jump.
Deploy script previously only wrote the toolbar property when $forceToolbarPin = 1. Flipping the setting from 1 to 0 left a stale toolbar_pin=force_pinned / toolbar_state=force_shown on devices, which Detect couldn't reliably catch without causing an infinite redeploy loop. Deploy: always write the toolbar property -- pinned values when =1, default_unpinned / hidden when =0. Matches the CIPP Intune standard. Detect: add ToolbarPinnedValue / ToolbarUnpinnedValue to the $browsers array and always verify the toolbar property against the expected value based on $forceToolbarPin. Addresses Copilot review comment on toolbar pin drift.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Setup: Apply-Replacements now tracks which patterns were found and throws a detailed error listing any missing patterns. Previously a silent miss (e.g., upstream comment reworded) would produce an output script stuck on defaults. Callers now pass -TemplateName so the error identifies which template failed. Detect: convert all remaining bare Test-RegValue calls and bare exit 1 paths to use Test-RegValueWithDetails / Write-DetectionFailure so every failure mode emits a specific reason on stdout. Affects customBranding, genericWebhook, genericWebhook/events (incl. count mismatch and "unexpected events" branches), urlAllowlist (same), and ExtensionSettings. Admins running the script manually now see exactly which check failed. Addresses Copilot review comments on silent replacement failures and missing diagnostic output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Detect-Windows-Chrome-and-Edge.ps1-- an Intune detection script that verifies all registry keys written by the deploy script match expected configuration. Exits 0 (compliant) or 1 (drift detected), enabling Intune to automatically redeploy when settings change.Setup-Windows-Chrome-and-Edge.ps1-- an interactive configurator that downloads the latest Deploy, Remove, and Detect scripts from GitHub, walks the user through each setting with defaults and validation, and outputs ready-to-upload scripts for Intune.domain-deployment.mdwith Intune-specific deployment instructions.All config blocks mirror the existing
Deploy-Windows-Chrome-and-Edge.ps1variable names, grouping, and comment style for consistency across deployment methods.Details
Detection script features:
Test-RegValuehelper checks each registry property against expected valuesurlAllowlist,webhookEvents\events) verified bidirectionally -- checks count matches and no stale entries existSetup script features: