Applies to Windows and macOS users who use managed Chrome browser.
You can use VMware Workspace ONE to generate a Chrome Enterprise Core enrollment token and enroll your Chrome browsers. You can then use your Google Admin console to enforce policies for any users who open Chrome browser on enrolled Microsoft Windows 10 or Apple Mac devices.
Before you begin
- Make sure you have access to the VMware Workspace One console.
Enroll Windows browsers with the enrollment token
- Sign into the VMware Workspace One console.
- On the left, click DevicesProfiles and ResourcesProfiles.
- Click AddAdd Profile.
- Select WindowsWindows Desktop.
- Select Device Profile.
- Name your profile and configure any other assignment, smart groups and removal settings.
- On the left, click Custom SettingsConfigure.
- As the target, select Workspace One Intelligent Hub.
- Under Install Settings, paste the following XML:
<wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA5" name="customprofile">/
<characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">
<parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Replace">
<Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />
<Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD" />
</parm>
</characteristic>
</wap-provisioningdoc>
Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set the value to 0 instead of 1.
- Under Remove Settings, paste the following XML:
<wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA6" name="customprofile">/
<characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">
<parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Remove">
<Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />
<Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD"/>
</parm>
</characteristic>
</wap-provisioningdoc>
Note: If you set CloudManagementEnrollmentMandatory to 0 in the previous step, be sure to set it to 0 in this step too.
- Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
- Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX values in the Install Settings and Remove Settings xml with the token value that you want to deploy.
- Click Save and Publish to deploy the profile on your machines.
Enroll Mac browsers with the enrollment token
- Sign into the VMware Workspace One console.
- On the left, click DevicesProfiles and ResourcesProfiles.
- Click AddAdd Profile.
- On the Device Type Selection page, select Apple macOS.
- On the Context Type Selection page, select Device Profile.
- Name your profile and configure any other assignment, smart groups and removal settings.
- On the left, click Custom SettingsConfigure.
- Under Custom Settings, paste the following XML:
<dict>
<key>CloudManagementEnrollmentToken</key>
<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
<key>CloudManagementEnrollmentMandatory</key>
<true/>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Chrome Browser Settings</string>
<key>PayloadIdentifier</key>
<string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadUUID</key>
<string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
<key>PayloadType</key>
<string>com.google.Chrome</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set data value for line 5 to False instead of True.
- Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
- Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX value in the Custom Settings xml with the token value that you want to deploy.
- Click Save and Publish to deploy the profile on your machines.
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.