Managing Google Chrome extensions - Not working correctly

What does chrome policy say (chrome://policy). Is it seeing the configuration or is there an error?

when I see that in the one Im logged in it says this:
 

and the one that blocks I get this

Have you tested this with Chrome Enterprise Core instead of using a plist to manage it?  The free console from Google is actually much more stable than a config profile and will provide you more information from the machine and the browser (not to mention update policies, managed/unmanaged extensions, and more).


Just a thought.

Please find and use the JSON. I do this daily and the JSON works 99%. Whatever is not there you can easily edit the JSON, grab the one for Edge while you are there

Chrome

when I see that in the one Im logged in it says this:
 

 

On the upside, Chrome is seeing the policies and not throwing errors, which means your syntax is technically valid.

I’m wondering if you are hitting a Policy Precedence issue. Chrome typically prioritizes a Google Cloud Identity policy over a MDM Configuration Profile. If your users are logging into Chrome with managed identities, whatever policies are set in the Google Admin Console will take precedence and quash your Jamf configuration. Do you have any extension policies active in the Google Admin Console for these users?

Additionally, you should clean up your PLIST:

• Forcelist: Keep the ID and URL; the browser needs the path to fetch the file.

• Allowlist/Blocklist: Remove the URL strings and keep only the 32-character Extension IDs. Keep your allow list with just the 32-character Extension ID, and set the block list to a wildcard * to block everything not on the allow list. The browser only needs the ID to verify the "Allow" exception against your * wildcard block.

Or just use CEC to manage it...because it was meant to be that way anyways lol.

I spoke to my VP, and he is under the impressions is only for chromebooks and doesnt want to look into it. I did mentioned because I did see the chrome enrollment to the console int he JAMF 3rd party section. I’m going to try again to bring it up with more arguments. he did mentioned also he doesnt want to deal with more consoles.

Nope.  It was created specifically for Chrome Browser cloud management.  It was originally called CBCM (Chrome Browser Cloud Management) and it works beautifully.  Actually, we enrolled all of our 15k Windows devices and 3k macOS devices running Google Chrome into it and have a plane of management for parity.  It’s extremely convenient - not to mention being able to poll reports for infosec.

when I see that in the one Im logged in it says this:
 

 

 

 

On the upside, Chrome is seeing the policies and not throwing errors, which means your syntax is technically valid.

I’m wondering if you are hitting a Policy Precedence issue. Chrome typically prioritizes a Google Cloud Identity policy over a MDM Configuration Profile. If your users are logging into Chrome with managed identities, whatever policies are set in the Google Admin Console will take precedence and quash your Jamf configuration. Do you have any extension policies active in the Google Admin Console for these users?

Additionally, you should clean up your PLIST:

• Forcelist: Keep the ID and URL; the browser needs the path to fetch the file.

• Allowlist/Blocklist: Remove the URL strings and keep only the 32-character Extension IDs. Keep your allow list with just the 32-character Extension ID, and set the block list to a wildcard * to block everything not on the allow list. The browser only needs the ID to verify the "Allow" exception against your * wildcard block.

unfortunately we are not using the google admin console. 

It did cross my mind about other policy taking over what I was sending, but more in the JAMF side not in the Chrome side. and we are using it. that would make it easier on us.
I will use only the ID as advised thank you, I tought you need the URL as well.

Thank you Im going to try this out.

as Im trying this out, Im running a problem. we dont use a proxy and I cannot save it becase im getting red here:
 

and also here:
 

we dont use that. I think this is why I created my own. I guess I can take these sections out. or are there any default empty values that I can enter?