adobe acrobat reader DC

Install Adobe Acrobat Reader DC with Intune and PowerShell

In this post I’ll walk you through my own experience and Install Adobe Acrobat Reader DC with Intune and PowerShell, on Azure AD joined and MDM enrolled Windows 10 devices. In a previous post I explained how to install Office 365 with Microsoft Intune using the MDM channel. When you look out there with your favorite search engine, you will find answers or at the very least directions to help you achieve this and there are various ways to your end goal. This is just one of them. Peter van der Woude has a great blog on “Combining the powers of the Intune Management Extension and Chocolatey” .

I realize the PowerShell script I provide is not finished and there is no errors handling, but that might be another topic. Feel free to leave a comment with your own solution. After all, it’s about helping each other

Intune Management Extension

With Intune Management extensions you can upload your own PowerShell scripts to Intune and target them to your users and their devices. When a PowerShell script is assigned to a user group, The Intune MDM channel will install the Intune Management Extension agent first. This agent will be responsible for deploying your PowerShell scripts. It will install the service “Microsoft Intune Management Extension” and it will setup a scheduled task “Intune Management Extension Health Evaluation” The agent will check for scripts every 60 minutes, and the health check will run once a day to see if the agent is functioning correctly. More on this later but for now I want to point to the blog of Oliver Kieselbach;

Oliver explain the workings in great detail and I strongly suggest you to read these post for a complete understanding.


  • Azure AD joined Windows 10 devices running version 1607 or later.
  • In order to distribute Adobe Acrobat Reader DC software you need to have a valid Adobe Acrobat Reader DC Distribution Agreement in place. Click here for details.

The PowerShell script

Save the script to your local system. I suppose you could change the script provided for any other software you cannot install using default app deployment.

# Silently install Adobe Reader DC with Microsoft Intune
# In order to distribute Adobe Acrobat Reader DC software you need to have 
# a valid Adobe Acrobat Reader DC Distribution Agreement in place.
# See for details.

# Check if Software is installed already in registry.
$CheckADCReg = Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | where {$_.DisplayName -like "Adobe Acrobat Reader DC*"}
# If Adobe Reader is not installed continue with script. If it's istalled already script will exit.
If ($CheckADCReg -eq $null) {

# Path for the temporary downloadfolder. Script will run as system so no issues here
$Installdir = "c:\temp\install_adobe"
New-Item -Path $Installdir  -ItemType directory

# Download the installer from the Adobe website. Always check for new versions!!
$source = ""
$destination = "$Installdir\AcroRdrDC1800920044_en_US.exe"
Invoke-WebRequest $source -OutFile $destination

# Start the installation when download is finished
Start-Process -FilePath "$Installdir\AcroRdrDC1800920044_en_US.exe" -ArgumentList "/sAll /rs /rps /msi /norestart /quiet EULA_ACCEPT=YES"

# Wait for the installation to finish. Test the installation and time it yourself. I've set it to 240 seconds.
Start-Sleep -s 240

# Finish by cleaning up the download. I choose to leave c:\temp\ for future installations.
rm -Force $Installdir\AcroRdrDC*

Installing Adobe Acrobat Reader DC with Intune and PowerShell

  • Navigate to >Azure Portal> Intune> Device Configuration> PowerShell scripts
  • Click on Add

Install Adobe Reader DC with Intune and PowerShell

  • Give your script a name and description
  • By default the script runs in system context
  • Since this script is not signed, leave the default settings as they are.
  • Browse to your script and select it

Install Adobe Reader DC with Intune and PowerShell - Configure script

  • Click OK
  • Click Create

Your script is created and you will need to assign it to a security group.


While testing I’ve found that the script will only deploy and work when assigned to a user group. The official Microsoft documentation also mentions to target a user group;

“Select one or more groups that contain the users whose devices will receive the script, and then click Select to assign the policy to the selected groups.”

If you read the comments, you will see that many users run into problems assigning the script. I’ve opened a support case with Microsoft and the engineer confirmed, and I quote;

“For the moment the Intune PowerShell scripts must be assigned to user groups. This is the way to follow in order to achieve positive results with the deployment of PowerShell scripts.”

Install Adobe Reader DC with Intune and PowerShell and assign to users

  • Click on Assignments
  • Click on Select groups
  • Search for your group with user accounts
  • Click on Select
  • Finally click on Save

Install Adobe Reader DC with Intune and PowerShell

Monitor run status for PowerShell scripts

The Intune Management Extension deployment depends on device synchronization to the Intune service, which typically occurs every six to eight hours. When the devices sync with Intune, the Microsoft Intune Management Extension agent will be installed on the device. You could try to force a sync from the devices blade if you want a little more control. It might take a few tries and/or reboots.

Back on the PowerShell blade you can now see the Intune Management Extension has been installed and in turn deployed the script. As you can see, there are 8 devices and six succeeded deployments.

Monitor run status for PowerShell scripts


To further analyze the deployment click on either Device status or User status. In this example I’ve clicked on User status. As you can see, a user can have more than one succeeded or failed deployment;

Monitor run status for PowerShell scripts

Let’s have a look at the user with 4 succeeded installations. Click on Device status to see all devices;

Monitor run status for PowerShell scripts

The information presented tells us that Bart has been working on 4 different devices, on the same day and Adobe Reader DC got installed successfully. Actually this screen only tells the script was received by the client. If you want to know if Adobe Reader DC really got installed, you will have to check the device itself. I’m really hoping Microsoft will further finetune this feature with error handling and more intelligence.


The Intune management extension is a great addition when managing Windows 10 devices via MDM. It’s not mature yet but new features are added monthly and I expect this will also be the case for the Intune management extension. When you need a little more control and finetuning when MDM and OMA-URI is not enough, This feature just might help you toward modern management on Windows 10 devices.



Q: Did the Intune Management Extension agent install?

  • Check the Device or User status as explained above
  • In Programs and Features you will see the Microsoft Intune Management Extensions installed.
  • Check if the folder C:\Program Files (x86)\Microsoft Intune Management Extension exists.
  • The agent will install a service “Microsoft Intune Management Extension”
  • The agent will setup a scheduled task “Intune Management Extension Health Evaluation”

Q: How can I quickly test a script and deployment?

  • Restart the service “Microsoft Intune Management Extension” to force a sync

Q: How do I know if my script did execute?

  • Check Event log> Application and Services Logs> Windows PowerShell
  • Look for Event ID’s 600
  • Within the details you should look for:

HostApplication=C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -executionPolicy bypass -file C:\Program Files (x86)\Microsoft Intune Management Extension\Policies\Scripts\[GUID].ps1

Check the eventlog

Q: How to further troubleshoot?

Additional Info

Manage PowerShell scripts in Intune for Windows 10 devices

Leave a Reply

2 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
2 Comment authors
Adobe Reader DC deployment with Microsoft Intune Part 2 - Aaron ParkerOktay Saritristan Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of

hey why would you install via powershell instead of doing it the way microsoft wants (?) adding the package to the apps section


[…] PowerShell can be used to deploy Adobe Reader to Windows 10 PCs via Intune; however, this does not allow for user self-service installs and will require building in logic to account for failures in network connectivity during the download or retrying the installation if it were to fail […]