Intune – You can now onboard Chrome OS devices (preview)

After allowing you to onboard Linux devices (see https://t.co/J2nsZT6MPW), you can now also onboard Chrome OS devices in Intune.

I have announced last week this was coming (see https://t.co/J2nsZT6MPW) but there was not yet any official documentation.

This is now the case: https://learn.microsoft.com/en-us/mem/intune/enrollment/chrome-enterprise-connector-configure/

In a nutshell, you have to:

  • Create a connection to your Chrome Enterprise workspace from the Tenant administration\Chrome Enterprise blade in Intune portal

image

  • Configure domain delegation settings in your Google Admin console under Security\Access and data control\API Controls
    • Copy the Client ID and OAuth scope details from the Intune portal

image

    • In the Google Admin console past these values for the following scopes and click Authorize
      • https://www.googleapis.com/auth/admin.directory.device.chromeos
      • https://www.googleapis.com/auth/admin.directory.user.readonly
      • https://www.googleapis.com/auth/admin.directory.orgunit.readonly
    • From the Intune portal, click on Launch Google to connect now to authenticate to your Google Enterprise organization

One your Chrome devices are enrolled in Intune (it may take some time), you will be able to:

  • Deprovision a device: remove Google Admin policies. After you deprovision a device, it remains in the Endpoint Manager admin center and the Google Admin console. Then on the admin center System info page, the device status changes to DEPROVISIONED. The device can’t be enrolled again until it’s restored to factory settings
  • Lost mode (in Chrome Enterprise disabling a device): prevent people from using a Chrome OS device that’s lost or stolen
  • Wipe  a device: remove data from a device. You can either
    • Remove user profiles only: This option removes all user account data. Device and enrollment policies remain on the device
    • Factory reset (powerwash): This option fully restores a device to its factory state, removing all personal and work data. Before using this action, deprovision the device. Otherwise, once it connects to Wi-Fi, it will automatically enroll again
  • Restart (only for kiosk devices and managed guest session devices): restart a device

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.