In order to install programs via Chocolatey in Intune, Chocolatey itself must be installed as a basis.
I have summarized how it works and what Chocolatey is here.

This post is the first part of a series on managing Chocolatey applications via Intune.
Here I show you how to do the basic installation of Chocolatey with Intune and a Win32 app.

Part 1: This post.
Part 2: chocolatey - Programm Installation - Intune | scloud
Part 3: chocolatey - Programme up to date halten - Intune | scloud

Table of Contents

What is chocolatey?

Chocolatey is a huge package repository with installation packages for Windows. The packages are community maintained, but always go through a strict review process before they are released.

More information: Chocolatey Software Docs | Moderation

How does chocolatey work?

Chocolatey can easily be installed via PowerShell. Once the base is present on a device, applications can be installed with the command "choco install application" installed, or with "choco upgrade application" to be updated.

Distribute Chocolatey as a win32 app

Chocolatey can be installed via PowerShell (Admin) with a one-liner:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString(''))Code language: PowerShell (powershell)

In order to improve the distribution via Endpoint Manager and to set some settings, I have expanded the line a little:

$PackageName = "chocolatey"
$Path_local = "$Env:Programfiles\_MEM"
Start-Transcript -Path "$Path_local\Log\$ProgramName-install.log" -Force

    if(!(test-path "C:\ProgramData\chocolatey\choco.exe")){
        Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString(''))
    C:\ProgramData\chocolatey\choco.exe list -lo
    choco feature enable -n=useRememberedArgumentsForUpgrades
    exit 0
}catch{exit 1618}

Stop-TranscriptCode language: PowerShell (powershell)

The whole package including the detection rule can be found here: scloud / chocolatey / chocolatey at main FlorianSLZ / scloud (

The following parameters are set for distribution:

Win32 Fileinstall.intunewin
Install command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Uninstall commandno uninstall
Requirements64 bit
Detection rulecustom script, check.ps1

If you want to change something in the installation routine, you can simply adapt the "install.ps1" file and generate a new intunewin.

Here are instructions for generating Win32 applications: Create Win32 App / .intunewin | scloud