Enroll browsers with VMware Workspace One (Windows and macOS)

Applies to Windows and macOS users who use managed Chrome Browser.

You can use VMware® Workspace ONE® to generate a Chrome Browser Cloud Management (CBCM) enrollment token and enroll your Chrome Browsers. You'll then be able to use your Google Admin console to enforce policies for any users who open Chrome Browser on enrolled Microsoft® Windows® 10 or Apple® Mac® devices.

Before you begin

Enroll Windows browsers with the enrollment token

  1. Sign into the VMware Workspace One console.
  2. On the left, click Devicesand thenProfiles and Resourcesand thenProfiles.
  3. Click Addand thenAdd Profile.
  4. Select Windowsand thenWindows Desktop.
  5. Select Device Profile.
  6. Name your profile and configure any other assignment, smart groups and removal settings.
  7. On the left, click Custom Settingsand thenConfigure.
  8. As the target, select Workspace One Intelligent Hub.
  9. Under Install Settings, paste the following XML:

    <wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA5" name="customprofile">/

    <characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">

      <parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Replace">

        <Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />

        <Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD" />

      </parm>

    </characteristic>

    </wap-provisioningdoc>

    Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set the value to 0 instead of 1.

  10. Under Remove Settings, paste the following XML:

    <wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA6" name="customprofile">/

    <characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">

      <parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Remove">

        <Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />

        <Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD"/>

      </parm>

    </characteristic>

    </wap-provisioningdoc>

    Note: If you set CloudManagementEnrollmentMandatory to 0 in the previous step, make sure to also change it in this step.

  11. Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
  12. Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX values in the Install Settings and Remove Settings xml with the token value that you want to deploy.
  13. Click Save and Publish to deploy the profile on your machines.

Enroll Mac browsers with the enrollment token

  1. Sign into the VMware Workspace One console.
  2. On the left, click Devicesand thenProfiles and Resourcesand thenProfiles.
  3. Click Addand thenAdd Profile.
  4. On the Device Type Selection page, select Apple macOS.
  5. On the Context Type Selection page, select Device Profile.
  6. Name your profile and configure any other assignment, smart groups and removal settings.
  7. On the left, click Custom Settingsand thenConfigure.
  8. Under Custom Settings, paste the following XML:

    <dict>

        <key>CloudManagementEnrollmentToken</key>

        <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>

        <key>CloudManagementEnrollmentMandatory</key>

        <true/>

        <key>PayloadEnabled</key>

        <true/>

        <key>PayloadDisplayName</key>

        <string>Chrome Browser Settings</string>

        <key>PayloadIdentifier</key>

        <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>

        <key>PayloadUUID</key>

        <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>

        <key>PayloadType</key>

        <string>com.google.Chrome</string>

        <key>PayloadVersion</key>

        <integer>1</integer>

    </dict>

    Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set data value for line 5 to False instead of True.

  9. Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
  10. Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX value in the Custom Settings xml with the token value that you want to deploy.
  11. Click Save and Publish to deploy the profile on your machines.
Was this helpful?
How can we improve it?