Notification

Planning your return to office strategy? See how ChromeOS can help.

Enroll browsers with VMware Workspace ONE (Windows and macOS)

Applies to Windows and macOS users who use managed Chrome browser.

You can use VMware Workspace ONE to generate a Chrome Browser Cloud Management enrollment token and enroll your Chrome browsers. You can then use your Google Admin console to enforce policies for any users who open Chrome browser on enrolled Microsoft Windows 10 or Apple Mac devices.

Before you begin

Enroll Windows browsers with the enrollment token

  1. Sign into the VMware Workspace One console.
  2. On the left, click Devicesand thenProfiles and Resourcesand thenProfiles.
  3. Click Addand thenAdd Profile.
  4. Select Windowsand thenWindows Desktop.
  5. Select Device Profile.
  6. Name your profile and configure any other assignment, smart groups and removal settings.
  7. On the left, click Custom Settingsand thenConfigure.
  8. As the target, select Workspace One Intelligent Hub.
  9. Under Install Settings, paste the following XML:

    <wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA5" name="customprofile">/

    <characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">

      <parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Replace">

        <Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />

        <Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD" />

      </parm>

    </characteristic>

    </wap-provisioningdoc>

    Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set the value to 0 instead of 1.

  10. Under Remove Settings, paste the following XML:

    <wap-provisioningdoc id="1164DF07-F217-449B-95F8-FB85A34D3CA6" name="customprofile">/

    <characteristic type="com.airwatch.winrt.registryoperation" uuid="4fa91319-eac0-4a16-9d10-093ba845b698">

      <parm RegistryPath="HKLM\SOFTWARE\Policies\Google\Chrome" Action="Remove">

        <Value Name="CloudManagementEnrollmentToken" Data="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" Type="String" />

        <Value Name="CloudManagementEnrollmentMandatory" Data="1" Type="DWORD"/>

      </parm>

    </characteristic>

    </wap-provisioningdoc>

    Note: If you set CloudManagementEnrollmentMandatory to 0 in the previous step, be sure to set it to 0 in this step too.

  11. Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
  12. Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX values in the Install Settings and Remove Settings xml with the token value that you want to deploy.
  13. Click Save and Publish to deploy the profile on your machines.

Enroll Mac browsers with the enrollment token

  1. Sign into the VMware Workspace One console.
  2. On the left, click Devicesand thenProfiles and Resourcesand thenProfiles.
  3. Click Addand thenAdd Profile.
  4. On the Device Type Selection page, select Apple macOS.
  5. On the Context Type Selection page, select Device Profile.
  6. Name your profile and configure any other assignment, smart groups and removal settings.
  7. On the left, click Custom Settingsand thenConfigure.
  8. Under Custom Settings, paste the following XML:

    <dict>

        <key>CloudManagementEnrollmentToken</key>

        <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>

        <key>CloudManagementEnrollmentMandatory</key>

        <true/>

        <key>PayloadEnabled</key>

        <true/>

        <key>PayloadDisplayName</key>

        <string>Chrome Browser Settings</string>

        <key>PayloadIdentifier</key>

        <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>

        <key>PayloadUUID</key>

        <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>

        <key>PayloadType</key>

        <string>com.google.Chrome</string>

        <key>PayloadVersion</key>

        <integer>1</integer>

    </dict>

    Note: CloudManagementEnrollmentMandatory prevents the browser from starting if an enrollment fails. If you do not want to enable this enhanced security mode, set data value for line 5 to False instead of True.

  9. Sign into your Admin console and generate an enrollment token. See Generate enrollment token.
  10. Replace the XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX value in the Custom Settings xml with the token value that you want to deploy.
  11. Click Save and Publish to deploy the profile on your machines.

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
true
Search
Clear search
Close search
Main menu
18109611069397048447
true
Search Help Center
true
true
true
true
true
410864
false
false