Updates to Google Chrome deployment for macOS

jamf_sam
Contributor

We are excited about recent updates that make Chrome on macOS easier to deploy and manage. Our work with the Google Chrome for Enterprise Team is ongoing, and this first release benefits not only Jamf Pro admins, but everyone who manages Mac at scale. Look for more information in the form of a blog, but here are the highlights:

Updates to the installer - Chrome is now available as a PKG in addition to the standard DMG. This is the preferred installer format for mass distribution, and is available from the Chrome Browser Enterprise Installers website.

Initial Support for Application & Custom Settings - Chrome Browser Cloud Management (CBCM) is a a single location to set Chrome policies on multiple platforms. Google simplified the process of deploying the enrollment token by leveraging Jamf's new Application & Custom Settings payload.

This work comes from user feedback and @alexbauer from the Chrome for Enterprise Team is joining this thread to hear your thoughts!

Chrome Enterprise Browser Support can be reached here.

Update 6/11/2020 - The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS)

59 REPLIES 59

cbrewer
Valued Contributor II

Thanks @jamf_sam but could you add some clarification around the preference domain?

https://support.google.com/chrome/a/answer/7591084?hl=en states to use com.google.Keystone

https://support.google.com/chrome/a/answer/9923111?hl=en states to use com.google.keystone

Which is it? Does the keystone process look for both?

bfrench
Contributor II

I tried setting this up on a Mojave machine but Chrome still starts with "Google Chrome may not be able to keep itself updated"

sdagley
Honored Contributor II

@bfrench Are you installing the "regular" Chrome or the Enterprise targeted .pkg installer that Google now makes available? The latter is available at https://chromeenterprise.google/browser/download/

Better yet, set up AutoPkg and AutoPkgr to automate downloading it.

bfrench
Contributor II

I am using a script to pull the current version for first install. But Chrome launches the first time without auto update flipped on. I did not realize that the script @jamf_sam posted was only for "managed Chrome" which we currently do not utilize.

bfrench
Contributor II

I found a script to pull the new pkg installer and that worked. Thanks

neilrooney
New Contributor II

@jamf_sam regarding Manage Chrome Browser updates with Jamf Pro (macOS), I have followed the instructions to the point but the policy does not show in chrome://policy whereas a separate config profile for Chrome Enterprise is working fine. Am I missing something?

hdsreid
Contributor III

if I have machines that have non-enterprise pkg, can I just deploy a newer enterprise pkg on top of it to convert and update?

alexbauer
New Contributor III

You should be able to do that, yes

alexbauer
New Contributor III

@neilrooney can you try this? https://support.google.com/chrome/a/answer/9923111?hl=en

neilrooney
New Contributor II

@alexbauer thanks Alex, I did. No dice. Auto updates are not enabled on the device. 😕

privo
New Contributor

Do the CBCM settings for 'Auto-update check period' (0) and 'Chrome browser updates' (Updates disabled) have an affect on Macs? Currently testing w/ the enterprise installation v86.0.4240.80 and it doesn't seem to honor those two settings.

B_Johnston
New Contributor II

@alexbauer How does this work for education customers who do not have a current GSuite license? I tried to sign up here and received a message that I was not able to signup.

https://devicemanagement.google.com/signup/form?product=Chrome-Management

darthmaverick
New Contributor III

Is there a different build of Chrome for the M1 chips and if so how would that effect the URL listed for the PKG?

spalmer
Contributor III

@alexbauer I would prefer to see a PKG for the universal binary version of Chrome, as I do not want to have to test, download and deploy two versions of every application we have to support for our organization, as native M1 Apple Silicon versions are released.

I understand that every organization will likely have different needs, so in that regard it would be best to make multiple enterprise PKGs available (Intel only, Apple Silicon only, Universal). Plus, since a universal version is available on your download page for consumers, a universal PKG version should be available to enterprise/education IT admins.

I would also like to point out that there was no discussion on pros and cons of a universal build with regards to enterprise/education IT admins at https://bugs.chromium.org/p/chromium/issues/detail?id=1142017.

vmalapati_mu
New Contributor III

Hey guys,
Is there a change in URL to download Chrome Enterprise using curl? Here is the old one that I have been using so far. url='https://dl.google.com/chrome/mac/stable/gcem/GoogleChrome.pkg'
/usr/bin/curl -s -o /tmp/${pkgfile} ${url}

Also is there a way to differciate Chrome Enterprise and legacy browser?

Thanks & Regards
VM

alexbauer
New Contributor III

@spalmer  we do offer a universal pkg for all platforms.

This script here allows you to get the latest universal package: https://support.google.com/chrome/a/answer/9915669?hl=en

Our download page now only offers a universal PKG: https://chromeenterprise.google/browser/download/#

 

tomt
Valued Contributor

@alexbauer Thanks for the link to the Universal package! The regular Chrome download site still has the choices. Now if you could just add the version number to the package file name it would be perfect.

 

Soo many "googlechrome.dmg" files laying around.  😉

alexbauer
New Contributor III

HAHA! I think this was done on purpose to allow automation etc. Our stance is that you should only have to do this once and then control updates and version via policy.

beareye321
New Contributor

Hello, I would like to create a Smart Group in Jamf to filter between machines having Chrome Enterprise and regular Chrome installed? Is there a way to distinguish between the 2?

thomH
New Contributor III

@beareye321You may be able to scope your Smart Group to the config profile that you use to enroll your Enterprise target machines with.