I had only skimmed the announcement and noticed the words Google and Certificate Authority, thinking: Wow! When I enabled the service I noticed the certificates are "just" Let's Encrypt certificates, for which I have already rolled a semi-automated solution. With the slight difference that managed certificates don't support (or use) multiple SANs, so a separate certificate is provisioned for each sub-domain.
PS. It didn't work for me in Cloud Console, with the error: Failed to activate certificate. Worked fine through the Admin API.