The programs can be installed quickly and easily via Chocolatey. In the last two posts I wrote about how Chocolatey can be installed and how programs can be distributed as a Win32 app. The point here is to ensure that these Chocolatey applications are also updated via Intune.

This post is the second part of a series on managing Chocolatey applications via Intune.

Part 1: chocolatey - basic installation with Intune | scloud
Part 2: chocolatey - program installation - Intune | scloud
Part 3: This post.

A specific application can be updated with "choco upgraded application" and all applications installed via Chocolatey can be updated with "choco upgrade all". However, teaching this to an end user does not work in most cases and is not very effective. It often fails because of the permissions that the user does not have locally on the device.

For a long time, to keep the applications up to date, I have the package "choco-upgrade-all-at-startup" (Chocolatey Software | (unofficial) Choco Upgrade All at Startup (Task) 03.15.2021). Unfortunately, this pact has repeatedly led to problems in the past, which is why I built the functionality myself in a PowerShell script.

I solved this with a scheduled task, which has "at startup" and "weekly, on Wednesday at 4:00 p.m." as the trigger. This will check for updates every time the device is started and users who rarely if ever restart their device will be caught on Wednesday.

$PackageName = "choco-upgrade"

Start-Transcript -Path "$env:ProgramData\Microsoft\IntuneManagementExtension\Logs\$PackageName-install.log" -Force

# Check choco.exe 
$localprograms = C:\ProgramData\chocolatey\choco.exe list --localonly
if ($localprograms -like "*Chocolatey*"){
    Write-Host "Chocolatey installed"
    Write-Host "Chocolatey not Found!"

# Scheduled Task for "choco upgrade -y"
$schtaskName = $PackageName
$schtaskDescription = "Upgade der mit Chocolaty verwalteten Paketen. "
$trigger1 = New-ScheduledTaskTrigger -AtStartup
$trigger2 = New-ScheduledTaskTrigger -Weekly -WeeksInterval 1 -DaysOfWeek Wednesday -At 4pm
$principal= New-ScheduledTaskPrincipal -UserId 'SYSTEM'
$action = New-ScheduledTaskAction –Execute "C:\ProgramData\chocolatey\choco.exe" -Argument 'upgrade all -y'
$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries

Register-ScheduledTask -TaskName $schtaskName -Trigger $trigger1,$trigger2 -Action $action -Principal $principal -Settings $settings -Description $schtaskDescription -Force

Stop-TranscriptCode language: PowerShell (powershell)

The whole package to deploy on my GitHub: scloud / chocolatey / chocolatey-updater at main FlorianSLZ / scloud (

Win32 Settings

Win32 Fileinstall.intunewin
NameChocolatey Updater
editorMaintainer of the environment, eg scloud
logoChocolatey Updater.png
Not mandatory, but nice when the company portal is used.
Install command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Uninstall command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1
Requirements64 bit
Detection rulecustom script, check.ps1