It has been a while that I blogged on my blog, but finally found a subject that isn’t broadly already covered by other bloggers in our area.
Just after Ignite last month the Microsoft Intune team released support for Google ChromeOS in Microsoft Intune. Support for new platforms (like Linux earlier) is always great, also for me a reason to buy a new device to test the integration between Microsoft Intune and ChromeOS. 😉
Let’s first talk about what we need, of course you need a ChromeOS device to make sure you are able to enroll the device. I bought an HP ChromeBook X2 to at least make sure that it is all supported and not a lot of hacking needed to be done. I haven’t tried any virtual solutions, not sure if this works.
Next you need to have a license to make sure you can enroll a device in Googles management system Google Workspace. For the test I just got a Google Workspace Business Starter subscription for one user. This subscription allows you, amongst many other things, to (enterprise) enroll your device.
Setting up the Connection
First step after setting up and getting access to Google Workspace, we need to have a look at the Microsoft Intune admin center to see what information is needed to be able to configure the API Control prerequisites in the Google Workspace admin center. Browse to Devices > ChromeOS (preview) > Chrome Enterprise (preview) and click Connect.
Copy the Client ID and the OAuth Scopes to Notepad, since you need to use this by setting the permissions in the Google Workspace admin center.
Next, you need to open the Google Workspace Admin Console to prepare the connector. Browse to Security > Access and data control > API Controls to manage the Domain Wide Delegation. Click Manage Domain Wide Delegation and paste the Client ID and OAuth Scopes information in the provided dialog.
Click on Authorize.
Reviewing the new Intune API client can be done after the API client is added.
Next step is returning to the Microsoft Intune admin center and click Launch Google to connect now. You need to provide the credentials of your Google Workspace admin and the connector will be configured and initialized.
Enrolling a device
Enrollment of the device is of course done in. While starting the device in the Out Of the Box Experience you will have the option to Enterprise Enroll the device. By choosing this option you are able to enroll the device in Google Workspace.
The enrollement process is covered in the following photos of the ChromeOS device;
After the enrollment process is completed, the device will show up. Like said you need to have a valid and active license.
After a while the sync is active, will pick up the newly enrolled device and make it available and visible in Microsoft Intune.
The ChromeOS device will be listed in the special ChromeOS section of the admin center but also in the combine Devices section.
So, what can we do with a ChromeOS?
The current implementation of the ChromeOS support is to provide the system information of the device within the Microsoft Intune admin center.
Next to the general a very extensive list of System Information is available to help troubleshooting or to see what kind of devices that are used.
Next to this we can use Remote Controls like;
Restart; Reboot the device from the from the Microsoft Intune admin center
Deprovision: Remove the management from the ChromeOS device
Lost Mode: Enable or disable Lost mode, lost mode is enabled very quickly via the Microsoft Intune admin center
Wipe: wipe the device completely (powerwash) or remove the user profiles
My first impresion of the integration and support for ChromeOS devices in Microsoft Intune is very positive. I never touched a ChromeOS device before so I did not know what to expect of the device and the supportability but I think this first version of the integration and the support is good way to get the visibility of the devices within one signle pane of glass; the Microsoft Intune admin center.
Already looking forward to new investments!
Now need to make some time to update this website and write some more blogs… 😉