Set up Chrome Enterprise Premium

Chrome Enterprise Premium provides advanced data protection, threat defense, and context-aware access controls directly within the browser. This guide outlines the steps to prepare your environment, configure settings, and activate your trial.

Initial Requirements

• Super Admin Access: Required within the Google Admin Console (admin.google.com) to enable subscriptions and create delegated roles.
• Google Cloud Console Access: Ensure your organization has an existing Google Cloud Organization created. Required for enabling the trial and advanced access control configurations.
• Foundational Subscriptions: Ensure you have enabled Chrome Enterprise Core and Cloud Identity Free (both available at no cost in Billing > Subscriptions).

Step 1: Set Up Admin Roles
 

To adhere to the principle of least privilege, create a custom role for the evaluation team.

1. Navigate to Account > Admin Roles
    

   

    
   and click Create new role.
    

   

   
    
2. Name it Chrome Enterprise Premium Admin.
    

   

   
    
3. Select the following privileges (Check both Admin console and Admin API sections):
   • Organizational Units: Read
   • Security Center: Activity Rules & Full Administrative Rights
   • Data Security: Rule Management & Access Level Management
   • Chrome Management: Settings
   • Chrome DLP: Manage application insights, OCR settings, and view settings
   • Chrome Enterprise Security Services: Settings
   • DLP: Manage and View rules
      
4. Assign the role to your selected administrators.

Step 2: Prepare Your Test Environment

Create a dedicated Organizational Unit (OU) structure to test policies safely without affecting production devices.

1. Navigate to Directory > Organizational units.
    

   

2. Create a parent OU named CEP Trial.
3. Create two child OUs under it:
   • CEP Trial - Managed Devices (For enrolled browsers/machines).
   • CEP Trial - Managed Users (For test user profiles).
      

Step 3: Enable Security Connectors & Reporting

For Premium features like DLP and Malware Scanning to function, you must enable the connectors on your CEP Trial OU.

1. Navigate to Devices > Chrome > Settings and select the CEP Trial OU.
    

   

2. Reporting: Enable Managed browser cloud reporting and Managed profile reporting.
3. Connectors: Search for "Connector" and set these to Chrome Enterprise Premium:
   • Upload, Download, Print, and Bulk text (Copy/Paste) content analysis.
   • Real-time URL check.
4. Safe Browsing: Set Safe Browsing protection level to Enhanced mode.
    

Step 4: Deploy Required Extensions

Force-install these extensions to gather device health signals and enforce context-aware policies.

Navigate to Apps & Extensions: ○ In the Admin console, go to Devices > Chrome > Apps & extensions > Users & browsers. ○ Ensure you have selected your parent test OU, CEP Trial, on the left. 2. Add Endpoint Verification Extension by ID:

• Endpoint Verification: callobklhcbilhphinckomhgkigmfocg (Set to Force install + pin).
• Secure Enterprise Browser: ekajlcmdfcigmdbphhifahdfjbkciflj (Set to Force install).
   

Step 5: Activate the Trial & Assign Licenses

Once configured, activate the trial to enforce protection policies.

1. Navigate to Chrome Browser > Reports > Security Insights.
    

   

2. Click Start your trial on the Chrome Enterprise Premium card*. 
3. Go to Billing > Subscriptions > Chrome Enterprise Premium.
    

   

4. Assign licenses to your test users or devices.

*If you don’t see that option please follow this guide.
 

Tip: Enable Automatic Licensing for your CEP Trial OU to ensure any new user or device added automatically receives a Premium license.

Related Resources

• Set up Chrome Enterprise Premium (Official Support)
• Chrome Enterprise Premium Use Cases