Yes I checked event viewer just now. What's odd is that there are many policies that are working perfectly, and the error in the event viewer is 454.

I collected the MDM diagnostics, I can see the correct policy and value in the list just fine.

Here is my base64 string:

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPERlZmF1bHRBc3NvY2lhdGlvbnM+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5odG0iIFByb2dJZD0iQ2hyb21lSHRtbCIgQXBwbGljYXRpb25OYW1lPSJHb29nbGUgQ2hyb21lIiAvPgogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJDaHJvbWVIdG1sIiBBcHBsaWNhdGlvbk5hbWU9Ikdvb2dsZSBDaHJvbWUiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQ2hyb21lSHRtbCIgQXBwbGljYXRpb25OYW1lPSJHb29nbGUgQ2hyb21lIiAvPgogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSJodHRwcyIgUHJvZ0lkPSJDaHJvbWVIdG1sIiBBcHBsaWNhdGlvbk5hbWU9Ikdvb2dsZSBDaHJvbWUiIC8+IAogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSJyZWFkIiBQcm9nSWQ9IkNocm9tZUh0bWwiIEFwcGxpY2F0aW9uTmFtZT0iR29vZ2xlIENocm9tZSIgLz4KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg==

And the XML:

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
<Association Identifier=".htm" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
<Association Identifier=".html" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
<Association Identifier="http" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
<Association Identifier="https" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
<Association Identifier="read" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
</DefaultAssociations>

Can you email me the export of the event log and the MDM diagnostic file? I am the engineering lead of the Windows MDM can see if I can figure out anything from logs. My email is <PII removed by staff>

Yes. Will send shortly, thank you for your help here.

Hi,

No they are not. However I don't believe that is accurate. Can you cite a source for this information? I have spoken to Microsoft and Google separately and I feel like that would have been one of the first qualifying questions. I do not have a GP server of any kind.

I'm doing this with configured OMA-URI policies pushed to GCPW managed computers. Many of the settings work beautifully, but not this one. The XML value for the associations is pushed as a base64 string to the computer. I have verified that it's getting there and that it's correct on the computer end, but the settings don't actually change. 

So again, please correct me if I am wrong. The MDM OMA-URI policies do not relate to GP in any way. This is essentially an alternative option. This is actually what Intune uses as well and hilariously they couldn't get it to work with Intune either. I also have a setting pushed that tells computers to ignore all GP settings in favor of deployed OMA-URI policies. So I don't think this is the issue.

They are the same thing with different implementation methods. Group Policy is usually controlled locally or through Active Directory while OMA-URI is called through MDM whether is be google or Intune or whatever else.

Below is a link, the top setting is the OMA-URI your looking for and the correlating group policy setting. The verbage "domain joined" is there as well. This is really a thing microsoft has made difficult on purpose. 

https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults

So I completely agree that this would be a thing that Microsoft would do on purpose just because that's their MO. I see in the CSP article where it says that, but because you can use Intune without joining to an AD server for management, I can't imagine that this specific policy requires that. The text of that CSP does make it sound that way though, the reason I hesitate is that Microsoft isn't well known for the clarity of their knowledgebase articles.

All that being said, it would explain everything if you were right. 

I would wager most people using Intune are likely using Azure Active Directory as their Idp and therefor wouldn't have this issue. I cannot verify that. I can add that this group policy does work on my non-GCPW machines which are old school Active Directory. 

This is a relevant diccussion. 
https://www.reddit.com/r/gsuite/comments/m81vhe/set_chrome_as_default_web_browser_using_gcpw/

Thanks for pointing out the AD requirement. I setup a new VM yesterday and tried this and it didn't work. It must be because of this requirement.

Because I don't have an AD environment where I can test this, would you be able to validate this as the solution? Also, can you test if this specific policy being "Not Configured" even if the computer is domain joined wil work? I would appreciate it. 

So here's what I don't get: If this is the case, you have to enter a filepath for the XML. Why does intune or Google Admin accept a base64 result to pass to the machine? What's the point of this? Is your understanding that if it's domain joined and this policy is not configured, it will accept the base64 result?

The file path exists because when the GPO was created by Microsoft it assumed you were in an active directory environment where you would use a local file share to reference. Base64 is just used here as a method to encode the XML data as a string for transfer. 

You can do a lot more than this using OMA-URI. Perhaps you want to set GPO policies for software not native to Windows such as Chrome. You can download and ingest the admx files for the third party GPOs pretty much the same way. I wouldnt do this with Chrome, using "Managed Chrome Browsers" Is what I prefer, but I am providing the example so that you can see any admx files can be ingested and any GPOS then set. 
https://support.google.com/chrome/a/answer/10407780?hl=en