Intune – You can now onboard Chrome OS devices (preview)

After allowing you to onboard Linux devices (see https://t.co/J2nsZT6MPW), you can now also onboard Chrome OS devices in Intune.

I have announced last week this was coming (see https://t.co/J2nsZT6MPW) but there was not yet any official documentation.

In a nutshell, you have to:

Create a connection to your Chrome Enterprise workspace from the Tenant administration\Chrome Enterprise blade in Intune portal

Configure domain delegation settings in your Google Admin console under Security\Access and data control\API Controls

In the Google Admin console past these values for the following scopes and click Authorize

From the Intune portal, click on Launch Google to connect now to authenticate to your Google Enterprise organization

One your Chrome devices are enrolled in Intune (it may take some time), you will be able to:

Deprovision a device: remove Google Admin policies. After you deprovision a device, it remains in the Endpoint Manager admin center and the Google Admin console. Then on the admin center System info page, the device status changes to DEPROVISIONED. The device can’t be enrolled again until it’s restored to factory settings
Lost mode (in Chrome Enterprise disabling a device): prevent people from using a Chrome OS device that’s lost or stolen
Wipe a device: remove data from a device. You can either

Remove user profiles only: This option removes all user account data. Device and enrollment policies remain on the device
Factory reset (powerwash): This option fully restores a device to its factory state, removing all personal and work data. Before using this action, deprovision the device. Otherwise, once it connects to Wi-Fi, it will automatically enroll again

Restart (only for kiosk devices and managed guest session devices): restart a device

Related Posts