Notification

Planning your return to office strategy? See how ChromeOS can help.

Enroll browsers with Microsoft Intune (Windows)

Applies to Windows users who sign in to a managed account on Chrome browser.

As an administrator, you can use Microsoft Intune to apply a Chrome Browser Cloud Management enrollment token and enroll your Chrome browsers. You can then use your Google Admin console to enforce policies for any users who open Chrome browser on an enrolled Microsoft Windows device.

Before you begin

Option 1: Ingest Chrome ADMX via a Custom OMA-URI setting to deploy enrollment token

Step 1: Import Chrome ADMX policies into Intune

  1. Download the Chrome ADMX templates.
  2. Sign in to the Microsoft Endpoint Manager admin center.
  3. Go to Intune and then Devices  and then Configuration profiles.
  4. Next to Devices – Configuration profiles, click Create profile.
  5. From Platform, select Windows 10 or later.
  6. Next to Profile type as Templates – Custom, click Create.
  7. Enter the following text in these fields:
    • Name
      Windows 10 – Chrome configuration (or use any descriptive name)
    • Description
      Enter a description (optional)
  8. Click Next.
  9. Selecting Custom in the step above opens a new menu for OMA-URI settings. Click Add to add specific policies you can configure and enter the following text:
    • Name
      Chrome ADMX Ingestion
    • Description
      Enter a description (optional)
    • OMA-URI
      ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
    • Data type
      String (select from drop-down list)
  10. When you select String, a Value text field opens. On your computer, go to template\windows\admx\chrome.admx and copy the text from chrome.admx.
  11. In the Value field, paste the chrome.admx text.
  12. Click Save to save the Custom OMA-URI settings.
  13. Click Next.
  14. Add the groups, users or devices that you want to apply the policy to.

Step 2: Setup Custom OMA-URI settings for applying the enrollment token

  1. Sign in to the Microsoft Endpoint Manager admin center.
  2. Go to Intune and then Devices  and then Configuration profiles.
  3. Click the Windows 10 – Chrome configuration profile you created in step 1.
  4. Select Propertiesand thenConfiguration Settingsand thenEdit to open the Custom OMA-URI settings.
  5. Click Add to add a row.
  6. Enter text into the fields, following the examples below for the type of policy you’re implementing.
    Note: Listing a description is optional, but the other fields are required.
    • Name
      Chrome Browser Cloud Management Enrollment Token
    • Description (optional)
      Enroll Chrome Browsers in Chrome Browser Cloud Management
    • OMA-URI ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/CloudManagementEnrollmentToken
    • Data type
      String (select from drop-down list)
    • Value
       <enabled/> <data id="CloudManagementEnrollmentToken" value="insert enrollment GUID here"/>
  7. After you’ve set the policies you want to configure, click Save to save the Custom OMA-URI settings.
  8. Click Reviewand thenSave when you have added all of your configuration settings. 
  9. At the top, click Save to save the Windows 10 – Chrome configuration settings. You will see a Profile saved notification when successful.
Option 2: Deploy Powershell script to add a registry entry for the enrollment token
  1. Generate a token GUID from the Admin console for the organizational unit that you want your targeted devices to be enrolled in.
  2. Use the following command in powershell, replacing tokenvaluefromadminconsole in the example below with the GUID generated from the Admin console in step 1.
    Set-ItemProperty -Path HKLM:\SOFTWARE\Policies\Google\Chrome -Name "CloudManagementEnrollmentToken" -Value "tokenvaluefromadminconsole"
  3. Save the file as a PS1 and place it in a location where Intune can access.
  4. Sign in to the Microsoft Endpoint Manager admin center.
  5. Go to Intuneand thenDevicesand thenScripts and click Add and select Windows 10.
  6. Give the script a name like Chrome Browser Cloud Management Enrollment Script and optionally enter in a description and click Next.
  7. For the script location, browse to the script you created in step 3 above. Leave the defaults at No for the rest of the settings, unless you have additional requirements for running scripts within your environment.
  8. Click Next.
  9. Select the group or groups that you want to target the script to and click Next.
  10. Review the summary and click  Add . The policy is deployed to your selected groups.
  11. You can monitor the success rate of the deployment under Devicesand thenScripts and click on the script name that you created in the previous steps.

Note: Chrome needs to be restarted in order for the enrollment to take effect.

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
true
Search
Clear search
Close search
Main menu
11137747253935743029
true
Search Help Center
true
true
true
true
true
410864
false
false