Technical Guides By Product VMware Workspace ONE

[What’s New] Unified Endpoint Management for Chrome OS in VMware AirWatch 9.2

Have you heard the buzz about Chromebook unified endpoint management (UEM) with VMware AirWatch? If you haven’t heard it yet, here’s the scoop: AirWatch is the first UEM provider to manage Google Chromebooks.

This announcement builds on previous announcements regarding VMware Workspace ONE and VMware Horizon support for Chrome OS devices. Keep reading to learn about the latest features!

What Does Chromebook Unified Endpoint Management Mean?

Good question. In a nutshell, unified endpoint management refers to a single-platform solution for managing endpoint identity and security.

Unified describes the solution platform (the Workspace ONE platform). For now, the Workspace ONE platform consists of two administrative pieces: the Workspace ONE console and the AirWatch console.

  • Workspace ONE Console: Configure an identity-based app catalog to enable conditional access to enterprise applications.
  • AirWatch Console: Configure native endpoint management settings from a single console view. [box] New! Configure identity management settings from the AirWatch console in AirWatch 9.2 and above! Expand the “Application Management” drop-down menu in the Release Notes to get all the details.[/box]

[two_third]

Endpoint is a blanket term that refers to mobile devices, laptops, desktops and Internet of Things (IoT) devices. In the case of Chromebook unified endpoint management, the endpoints in question are Chrome OS devices.

Management refers to the settings and policies an IT administrator configures. Identity management policies control access to internal endpoints, and device management policies secure physical endpoints.

[/two_third][one_third_last][/one_third_last]

Chromebook Unified Endpoint Management Requirements

To get the unified endpoint management experience, you’ll need to meet some minimum requirements.

NEW! Chromebook Unified Endpoint Management Features

Now that we’ve covered the introductory stuff, here’s the meat and potatoes of the new features that you can leverage with VMware AirWatch Unified Endpoint Management for Google Chromebooks. For step by step configurations, check out the VMware AirWatch Chrome OS Platform Guide.

Horizon Integration

Get a Windows Desktop experience on a Chrome OS device by implementing Horizon virtual desktops through the:Chromebook Unified Endpoint Management

  • Browser
  • Native Chrome App
Application Management

Push Chrome extensions, Chrome apps, and Android apps through  the Application Control profile.

Use this profile to:

  • Force app installation
  • Configure apps to appear in dock
power-cord plug iconSpecify Power Management Settings

Configure a Power Management profile to maximize battery life. Once configured, end users can not edit these policies on their devices.
For an optimal user experience, create separate policies for devices running on AC power and for devices running on battery
Customize the Browser Experience for Users

Allow or deny URL access by configuring a URL Access Control profile.

  • Deny Access: Add specific URLs to the URL Blacklist. Blacklisted URLs are denied access.
  • Allow Access: Add a wildcard URL to the URL Blacklist to deny all URLs. Then specify URLs as Exceptions, creating a functional whitelist.
    URL Formatting Guidelines

    Provide a URL with a valid hostname, IP address, or an asterisk (*) in place of the host. [Optional] Include a URL prefix or valid port. URL Prefixes include:

    • http://
    • https://
    • ftp://

[three_fourth]

Configure a Security & Privacy profile to enable or disable the use of Incognito Mode.

Use the Content profile to create a list of Managed Bookmarks  that push to Chrome on all platforms. Create a hierarchical folder structure of bookmarks to group them into relevant folders.

[/three_fourth]

[one_fourth_last]Incognito Mode Icon[/one_fourth_last]
Device Access

The Sign-in Settings profile specifies who can access devices, and how they access those devices.

Configure Single Sign-On settings to determine how users gain access to devices. Enable or disable SAML-based single sign-on. If enabled, users redirect to a SAML SSO IDP for device login. Additionally, configure SAML SSO cookies to transfer to a user’s session.

 Configure Restriction settings to determine who can access Chrome OS devices. These policies compliment conditional access, which provides user based access to internal resources.

  • List the users who can access the device using wildcard characters
  • Enable/disable guest mode access/
  • Disable guest mode
  • Restrict sign-in to a specific domain
 Shared Devices

Use the Security & Privacy profile to protect privacy in shared device scenarios. Enable the setting to remove all user data from the device at log out.
Kiosk Mode

Turn any Chrome OS device into a single-app Kiosk for interactive kiosk or digital signage use cases.
Configure Updates Settings

The System Updates profile specifies how Chrome OS updates apply to devices.

Enable or disable Chromebook Auto-Update Policies.

  • Specify the target OS version.
  • Spread out bandwidth usage by scattering fleet updates over a 14 day window.
  • Configure if the device automatically reboots after an update.

Specify the maximum Chrome OS version with Chrome OS Policies. 

Ready to Be a Mobile Pioneer?

Together, VMware and Google enable enterprises with secure and user-friendly platforms to empower the next generation of mobile workers. If you’re intrigued, check out these additional posts to learn more:

Karim Chelouati

Karim Chelouati is a senior technical marketing manager on the Technical Marketing team at VMware End-User Computing.

Related Articles