Using Workspace ONE UEM to Deploy Chrome Browser Cloud Management Tokens to Windows 10 and macOS

May 14, 2020
John Richards

Author:

John Richards is a Senior Technical Product Manager for VMware End-User Computing (EUC), specializing in macOS device management.

Share This Post On

The Chrome Browser can be configured and managed in several ways. But most recently, there have been some significant advancements in the Google Admin console to centrally manage and quickly see the status of Chrome Browser across your business desktop endpoints.

With Chrome Browser Cloud Management, you can see reports on deployed versions, device information, apps and extensions installed, or management policies applied. From the Google Admin console, you can also take quick action on devices, such as blocking or force-installing a specific extension.

Users need not sign in to Google to enable Cloud Management. Instead, VMware Workspace ONE® administrators manage the devices with enrollment tokens that are Globally Unique Identifiers (GUID) randomly generated in the Google Admin console. One or more devices may use a token.

This blog provides a brief overview of how to use Workspace ONE UEM to deploy these tokens to Windows 10 and macOS devices.

Generate an Enrollment Token

Here is a workflow of the enrollment process from the Chrome Browser Cloud Management whitepaper:

Workspace ONE UEM can help you with Step 3 in this process—deploying the enrollment tokens to your Windows and macOS endpoints.

To get to Step 3 in the Token Enrollment Workflow, you need to generate an enrollment token:

  1. Sign in to your Google Admin console.
  2. From the Workspace ONE UEM Admin console Home page, go to Devices.
    If you don’t see Devices on the Home page, scroll to the bottom and click More controls.
  3. (Optional) To add browsers in the top-level organization in your domain, keep Include all organizational units selected. Alternatively, you can generate a token to enroll browsers directly to a specific organizational unit by selecting it in the left navigation before moving on to the next step. For more information, see Add an organizational unit.
  4. At the bottom, click Add to generate an enrollment token.
  5. In the box, click Copy to copy the enrollment token.

Deploy Browser Enrollment Token to Windows Devices with Workspace ONE UEM

Using the Custom Settings profile, you can deploy the required keys to configure Cloud Management enrollment to enrolled Windows 10 devices. Ensure Workspace ONE Intelligent Hub is installed for a successful configuration.

  1. Add a new Windows Desktop device profile.
  2. Add Custom Settings payload.
  3. Paste the following XML in the install settings.
  4. Assign the profile to devices.

Install Settings XML:

Note: CloudManagementEnrollmentMandatory prevents the browser from starting if enrollment fails. If you do not want to enable this enhanced security mode, set the value to 0 instead of 1.

Remove Settings XML:

Note: If you set CloudManagementEnrollmentMandatory to 0 in the previous step, make sure to also change it in this step.

Deploy Browser Enrollment Token to macOS Devices with Workspace ONE UEM

Using the Custom Settings profile, you can deploy the required keys to configure Cloud Management enrollment to macOS devices.

  1. Add a new macOS device profile.
  2. Add Custom Settings payload.
  3. Paste the following XML (we recommend altering the GUIDs in the PayloadIdentifier and PayloadUUID keys).
  4. Assign the profile to devices.

Note: If you set CloudManagementEnrollmentMandatory to 0 in the previous step, you must change it to false in this step.

For more information on managing Chrome for macOS, check out Google Chrome on Github.

Additional Reading

Contributors

  • Robert Terakedis, Senior Technical Marketing Manager, End-User Computing, VMware.
  • Mike Nelson, Senior Solutions Architect, VMware.
  • Vandana Soundera Raj, VMware Workspace ONE Product Manager, End-User Computing, VMware.