Product Updates

Posted: 7 April, 2026 Imagine your team collaborating on a digital prototype across continents, or a technician receiving real-time, heads-up guidance on the manufacturing floor - while their XR devices remain as secure and easy to manage as any other mobile device in your fleet.Last year, we shared the launch of the Samsung Galaxy XR, the first device built on the Android XR platform, which we developed in collaboration with Samsung and Qualcomm. We know many of you have been waiting for the “missing piece” to take these devices from cool prototypes to scalable business tools.Today, we’re excited to share that the wait is over: Android Enterprise management capabilities are officially available for Android XR. Moving XR into the workplaceAs many of you pointed out in our last thread - shout out to @Kris and @Michel for highlighting training and machine operation use cases - the hardware is only half the story. To move XR into the workplace, you need to be able to secure, deploy, and manage these headsets just like any other mobile device.By bringing the Android Enterprise framework to XR, we’re removing the management silo. IT teams can now manage these headsets using the same tools and infrastructure already used for their mobile fleet, maintaining control over device policies and security without adding any extra complexity to their endpoint management strategy (see launch partners below). What can you do today? The first wave of support is arriving via a software update to the Samsung Galaxy XR, introducing fully managed devices features. While this is just the beginning of the capabilities coming to the platform, here are some of the key functional updates:Android zero-touch enrollment: you can now automate the deployment process, allowing headsets to be pre-configured and shipped directly to end users for immediate use. Managed Google Play: This allows for centralised app distribution, letting you silently install and update the specific apps your team requires.This initial release focuses on corporate-owned, fully managed deployments. Subsequent updates will introduce additional flexibility, and we expect more hardware manufacturers to support Android Enterprise management in the future. EMMs Supporting Android XRTo make sure this works seamlessly with your existing workflows, we’ve collaborated with the EMM partners that many of you already rely on. If you’re working with any of the following partners, you can now manage your XR devices directly within your existing consoles: ArborXR ManageXR Microsoft Intune Omnissa Workspace ONE Samsung Knox Manage SOTIWe’ll also begin validating more partners specifically for Android XR in the coming months, to ensure a consistent experience as the ecosystem grows. Keep an eye on this post as we add more partners and do share below any particular partners you would like to see added to this list.Explore moreWe’ve updated our resources to help you get started and dive deeper into the features:Android Enterprise Help Center Android XR developer docs April 2026 Android XR Feature Drops Blog@Frebel, to your point on the previous post about the Solution Directory - stay tuned! We are actively working on how XR devices are represented there to help you pick the best hardware for your specific use cases.We hope you are as excited as us to have Android Enterprise management controls come to Android XR. Please share your thoughts below, and perhaps what you would like to try out first?Thanks,The Android Enterprise Team

 Starting September 8, 2026 (with the Chrome 153 release), Chrome is officially moving to a 2-week release cycle across all major platforms (Android, iOS, Linux, macOS, and Windows), shifting from the current four-week cadence.As the web platform is constantly advancing, we want to ensure that developers and users have immediate access to the latest capabilities, security fixes and performance improvements.We are taking this significant step to further increase Chrome's development velocity and, whilst releases will be more frequent, their smaller scope aims at minimizing disruption and simplifies post-release debugging. Thanks to recent process enhancements, this shift is designed to maintain Chrome's high standards for stability.Managing Your Environment: Stable vs. Extended StableWhile this increased velocity delivers features and fixes faster, we understand that a shorter release cycle may raise concerns regarding maintenance costs and update management for enterprise IT teams.To help mitigate maintenance overhead, the Extended Stable channel is available as a reliable alternative. Extended Stable will continue with its existing eight-week cycle. By switching specific organizational units (or your entire fleet) to Extended Stable, administrators can maintain a slower, more predictable update cadence without absorbing the 2-week overhead.It’s worth noting that the new 2-week Stable option remains the most secure choice. We highly recommend utilizing the standard 2-week Stable channel if immediate access to vulnerability patches is a larger priority for your organization than minimizing maintenance costs.  Impact on ChromeOS DevicesWe will continue to offer extended release options for Chromebook users. Because our priority is a seamless experience, the latest Chrome releases will roll out to ChromeOS only after dedicated platform testing. We are currently adapting these channels for the new 2-week browser cycle. We will share more specific details soon regarding milestone updates for managed ChromeOS devices.Next Steps & ResourcesWe recommend reviewing the differences between all Chrome browser release channels ahead of September. If you choose to adjust your fleet's cadence, utilize this Help Center article to learn how to manage updates and deploy the Extended Stable option.Additionally, because a Chrome Beta for each version will now ship three weeks before the stable release, we highly recommend administrators test with the Beta channel to keep up to date with any upcoming changes that might impact internal sites and applications. For a complete look at the new release schedule and technical details, please review the official announcement on the Chrome for Developers blog. 

 Rethink hardware obsolescence with our newest sustainability partnership.We're excited to announce a new collaboration in the fight against e-waste: Google and Back Market.Year after year, a considerable amount of tech devices are categorized as obsolete and sent to landfills solely because their legacy software can no longer remain up-to-date or secure. To help organizations rethink hardware obsolescence, the Google ChromeOS Flex USB Kit will soon be available on Back Market (March 30). We’ve shared on the community before about the benefits of ChromeOS Flex within your organisation, particularly when it comes to revitalizing an old fleet of devices. However, just to remind you, this simple but powerful tool allows IT teams to install a secure, cloud-first operating system on older Windows and Mac devices, effectively rescuing them from the IT graveyard and extending their useful life for years to come.As Back Market founder Thibaud Hug de Larauze stated about the collaboration:“When companies like Google collaborate on practical solutions, it reflects that innovation doesn’t have to mean constant replacement, it can also mean making what we already have work better and longer.”Whether you are looking to hit your organization's sustainability goals, reduce hardware procurement costs or simply modernize older endpoints, ChromeOS Flex provides a seamless, secure path forward.  Learn More Discover how ChromeOS Flex can help your organization reduce e-waste and securely extend the life of your existing hardware: Explore ChromeOS Flex. A useful list of compatible devices can be found here.  

 You can now explore Google's EUC strategy in detail in this podcast with the World of EUC team and Rob Beard, Senior Product Manager at Cameyo by Google.They discuss a plethora of themes revolving around Cameyo, such as:Google’s Platforms & Devices portfolio, featuring virtual app delivery via Cameyo by Google The advantages of ChromeOS and Chrome Enterprise Premium How our platforms are shaping the AI-powered future for enterpriseAnd much more! You can check the World of EUC’s “Frontline Chatter” podcast with Rob Beard here: By the way, it’s also available on Spotify and you can find an overview of it on the World of EUC blog post.Last but not least, we have an upcoming webinar on CEP and Cameyo integration, so if you want to learn more, feel free to register!

  From smarter side-panel assistance to autonomous "agentic" browsing.  We are thrilled to announce major updates coming to Chrome on MacOS, Windows, and Chromebook Plus. Built on Gemini 3, our most intelligent model yet, Chrome is transforming from a general-purpose tool into a trusted, proactive partner that helps you get things done faster.   What's New in Chrome?  Auto Browse (Preview for Pro/Ultra) Chrome is advancing beyond simple autofill to agentic action. Auto Browse can handle complex, multi-step chores on your behalf. Whether it's researching budget-friendly flights, filling out tedious online forms, or finding a specific item and adding it to your cart, Auto Browse does the heavy lifting.   Security First: Auto Browse is designed to pause and explicitly ask for your confirmation before taking sensitive actions like making a purchase. Personal Intelligence (Coming soon) Chrome will soon remember context from your past conversations to provide uniquely tailored, proactive assistance. You are always in control—you can opt in, choose which apps to connect, and disconnect them at any time. This transforms Chrome into a trusted partner that understands your specific needs. The Side Panel Gemini in Chrome now opens in a dedicated side panel, allowing you to multitask without losing your place. Compare options across too many tabs, summarize product reviews, or organize your calendar without ever leaving your primary workspace. Nano Banana Integration We are bringing the creative power of the Nano Banana model directly into Chrome. You can now transform images on the fly—right in the side panel—without needing to download, edit, and re-upload files. Connected Apps Gemini seamlessly connects with your favorite Google Apps (Gmail, Calendar, YouTube, Maps, Flights, and Shopping). Need to book a flight? Gemini can reference an old email for event dates, check Flights, and draft an email to your colleagues with your itinerary—all from the browser.   Availability Note: The new Gemini in Chrome is available on Windows, MacOS, and Chromebook Plus in the U.S. Auto browse is currently rolling out in preview for Google AI Pro and Google AI Ultra subscribers. Read the full announcement on The Keyword: The new era of browsing: Putting Gemini to work in Chrome 

Hello,   We are now soft-launching support for the Model Context Protocol (MCP) within the Android Management API (AMAPI). While this is a “behind-the-scenes” infrastructure update, it is the critical first step toward a new way of managing devices. By exposing AMAPI via MCP, we are providing the standardised building blocks that will allow EMM providers to eventually build high-quality, conversational AI assistants.The Engine Under the Hood: Why MCP MattersThink of MCP as a universal translator.. It allows AI agents (like the ones powering smart chatbots) to securely “read” and understand the technical data from your fleet - like device policies, battery stats, and security logs. By standardising how AI interacts with Android device data, we’re making it faster and easier for EMMs to evolve their dashboards, toward a conversational, intent-based model. The Shift: From “Point-and-Click” to “Just Ask”What does this look like in practice? Imagine it’s 4:55 PM on a Friday, you get an urgent request to identify how many devices in your fleet need a critical security update before the weekend.Traditionally, this means logging into your console, navigating sub-menus, filtering, exporting a CSV, and manually cross-referencing a report. It works, but it takes time you don’t have. With our new MCP-enabled infrastructure, you’ll be able to ask:"Show me all Zebra devices with a security patch older than 90 days."And just like that, the answer is there. No filters, no CSV exports(!) - just the insight you need, instantly.   Mock example of interaction: Proactive Management for Every AdminThis shift empowers admins of all skill levels to investigate issues faster and automate complex tasks without needing to be an expert in every corner of the EMM console. The goal is simple: move away from static dashboards and complex menus toward a conversational, intent-based model.Imagine having an intelligent assistant that understands your fleet data as well as you do. Instead of hunting for buttons, you can have a dialogue with your management console to: Diagnose issues instantly: "Why did the latest app installation fail on Mark’s tablet?" Proactively maintain hardware: "Find all devices with degrading battery health that need replacement next month." Spot security risks: "Show me devices that failed a strong integrity check in the last 24 hours."   What’s Next?We want to hear your thoughts as we see this shift. Are there any particular use cases you think you would like to use this for? What acronym do you think will stick for this next phase of device management?As we roll out these capabilities to our partners, you can expect to see your management tools becoming smarter, more conversational, and more proactive. Keep an eye on your EMM updates: Look for new "AI Assistant" or "Natural Language Search" features in your roadmap. Ask your vendor: If you want to manage your fleet by simply asking questions, tell your EMM provider you’re ready for AI-powered management supported by Android's MCP integration. The days of digging through dashboards are numbered. The conversation is just getting started!

Rich Communication Services (RCS) is a significant upgrade that benefits businesses with enhanced security through end-to-end encryption and boosted employee productivity with features like read receipts, typing indicators, high-resolution file sharing without size limits, and seamless group chat management.    However, RCS encryption can present a challenge for regulatory compliance. To ensure companies can fully utilise these security and productivity benefits of Google Messages while meeting crucial record-keeping requirements, we are rolling out Android RCS Archival.    Feature benefits   This new capability streamlines message auditing by integrating directly with Google Messages, enabling third-party archival apps to capture all communications so that auditing is:   Comprehensive: The archival app is notified on all message events, including when a message is sent, received, edited or deleted. This provides a complete audit trail that is also backward compatible with SMS and MMS. Reliable: Unlike previous methods, this is a built-in, Android-supported and maintained archival mechanism. Controlled: IT admins maintain full control over deployment and can easily enable or disable this feature, with employees receiving clear notification when archival is active.    Scope and implementation   Android RCS Archival is available on fully managed Android devices using Google Messages as the default messaging application.  For a full breakdown of the benefits of RCS archival, check out our keyword blog. For implementation details and configuring the policy, consult our Help Center article.

We're excited to see the ongoing evolution of your ChromeOS deployments. Our latest enterprise vision isn't just about faster devices or better software; it’s about delivering a truly unified and intelligent Google stack, fit for enterprise, that simplifies management and powers the modern workforce.   The key message is clear: Google AI is fundamentally changing the way work gets done, and we’re ensuring that transformation is secure and seamlessly available across every touchpoint.   A look at the unified platform   Our new vision ties together our core enterprise products to eliminate complexity and deliver unparalleled value:   The AI-powered workspace (ChromeOS, Chrome, & Gemini): Gemini is now embedded directly into the Chrome browser and operating system (especially on Chromebook Plus devices), offering employees intelligent assistance right where they work. Crucially, this is delivered and managed through your existing Google Workspace accounts, giving IT the necessary controls over how your data interacts with AI. The application bridge (Cameyo by Google): We understand that a unified OS requires total application compatibility. The general availability of Cameyo by Google closes the final gap. It allows you to deliver every application; legacy or modern, side-by-side, entirely within the Google ecosystem, eliminating the need for expensive, complex third-party VDI environments. The Security & Operations Hub (Chrome Enterprise Premium & SecOps): Comprehensive data protection is non-negotiable. That's why we've baked robust DLP directly into Chrome Enterprise Premium and provided a one-click integration with Google SecOps. This gives you unprecedented visibility and control over web activity and data movement across your entire fleet, including when employees leverage AI.   We're dedicated to helping you realize a simpler, more secure, and AI-powered enterprise. Share your strategies, thoughts and questions below!   For all the details on the new capabilities and our connected enterprise vision, please read the full announcement: Bringing connected and AI-powered work experiences across our platforms and devices

The future of end-user computing (EUC) is undeniably web-based. Yet, as IT leaders, we know the reality: roughly 50% of your business-critical applications remain legacy client-based apps. This gap between strategy and reality has long been the primary blocker for fully embracing the security and simplicity of a web-first OS like ChromeOS. We are thrilled to announce that Cameyo by Google is reaching General Availability on November 17th, bringing a best-in-class Virtual App Delivery (VAD) solution directly into the Google enterprise portfolio to finally bridge this gap. What is Cameyo by Google? Cameyo is a modern alternative to traditional Virtual Desktop Infrastructure (VDI). It is purposefully designed to solve the legacy app gap without the complexity and resource overhead of streaming an entire virtual desktop. Virtual App Delivery (VAD) vs. VDIInstead of streaming a full, resource-heavy operating system, Cameyo's Virtual App Delivery (VAD) technology delivers only the applications your users need, securely to any device. Seamless user experience: Legacy Windows or Linux apps can be streamed right in the browser or delivered as Progressive Web Apps (PWAs). This gives the user the feel of a native application in its own window, running side-by-side with modern web apps. The user gets a consistent experience without the context-switching of managing a separate virtual desktop. Simplified IT management: The complexity is eliminated. As Phil Paterson, Head of Cloud & Infrastructure at PTSG, noted, "The beauty of Cameyo is its simplicity. It lets users access applications on any device with security built in... no VPNs or firewall configurations needed."Issues solved in a corporate environmentFor IT Admins managing corporate environments, Cameyo by Google is a critical unlock mechanism that delivers significant benefits across security, complexity, and modernization. 1. Eliminating the ChromeOS "app gap"For years, the handful of remaining client-based applications (like specialized ERP clients, the desktop version of Excel with complex macros, or certain Windows-based design programs) has been the main obstacle to migrating to ChromeOS.  Full ChromeOS migration: Cameyo eliminates this blocker, enabling you to confidently migrate your entire fleet to ChromeOS including converting existing PCs using ChromeOS Flex while maintaining seamless access to all your Windows apps. Unmatched security: You can fully leverage ChromeOS, the only operating system with zero reported ransomware attacks, ever. 2. Unifying security with Chrome Enterprise PremiumLegacy client apps traditionally run outside the secure browser perimeter, creating a significant security blind spot. The combination of Cameyo and Chrome Enterprise Premium provides a unique, unified solution:  A single secure context: Cameyo publishes your legacy client apps directly within the managed Chrome Enterprise browser. Comprehensive DLP: This unifies the digital workspace, allowing Chrome Enterprise Premium's advanced security and granular Data Loss Prevention (DLP) controls like preventing copy/paste or printing to govern the data within those legacy applications, providing a comprehensive security posture across all your apps. 3. Bridging to AI-powered productivityIT leaders are prioritizing enabling end users to take advantage of AI. With this solution, your legacy apps get a modern boost:  AI in legacy apps: Thanks to Gemini in Chrome, the combination of Cameyo and Chrome Enterprise layers the power of AI on top of all your legacy applications, instantly modernizing workflows. 4. Simplicity and accelerated deploymentCompared to traditional virtualization technologies that can take months to deploy, Cameyo offers rapid time-to-value:  Fast Deployment: IT can publish their first apps to users within hours and be fully deployed in days. Embedded Zero Trust: The solution is built with a Zero Trust security model, providing ultra-secure app delivery with reduced complexity and overhead. Next steps: Explore your flexible path to modernizationThe age of tolerating complex, costly virtualization solutions is over. Cameyo by Google is built in the cloud to enable your web-based future of work at a pace that works for your business. Ready to see how Cameyo by Google can simplify your corporate EUC strategy? Sign up to our WebinarScheduled Wednesday 3rd DecemberCheck out the Google blog postVisit cameyo.google to dive deeper into the product details. 

We are excited to announce an opportunity to join a new Trusted Tester program for a feature coming to ChromeOS that will help administrators manage device licensing more effectively: Device Enrollment Limits. Further to our discussion post on this recently launched trusted tester, we also wanted to share some more information on this feature and how it works. What is the "Device Enrollment Limits" feature and what problem does it solve?It's a new functionality in the Google Admin Console that allows administrators to set specific enrollment limits for each Organizational Unit (OU). It's designed to give administrators greater control over ChromeOS license consumption across their organization, ensuring fair access, optimizing license allocation, and preventing overconsumption. Where can administrators find and manage the "Device Enrollment Limits" feature in the Google Admin Console?You'll find it by navigating to Devices > Chrome > Reports. The feature is nested under Device enrollment limits on that page. How do administrators set an enrollment limit for a specific Organizational Unit (OU)?The basic steps are: Navigate to Devices > Chrome > Reports > Device enrollment limits. Click the specific OU you want to configure. In the dialog, turn on the toggle for the desired license type (ChromeOS Enterprise/Education Upgrade or Kiosk & Signage Upgrade). Enter a numerical value for the available enrollment slots in the "Device enrollments remaining" field. Click "Save". (Setting the limit to 0 prevents that OU from enrolling devices.)   What types of licenses can be managed with this feature, and are there any exceptions?You can set limits for perpetual and annual ChromeOS Enterprise/Education Upgrade (CEU) and Kiosk & Signage Upgrade (KSU) licenses. Yes, bundled or packaged licenses cannot be adjusted using this feature. When an OU has both perpetual and termed licenses, perpetual licenses will be utilized first before tapping into termed ones. How can I quickly see which OUs have reached their limit? On the "Device enrollment limits" page, use the "Add a filter" button and select "Device enrollment limits reached". You can also choose filters to show only OUs with "0 remaining device enrollments for CEU" or "0 remaining device enrollments for KSU".  What happens when an OU reaches its set limit? New devices will be unable to enroll in that specific OU. The Admin Console will show "0" remaining slots, and users attempting enrollment on the Chromebook will encounter an error. This prevents overconsumption Will the "Device Enrollment Limits" be manageable through the Chrome Policy API?No, management and configuration of these limits will be exclusively through the Google Admin Console user interface. What are the minimum requirements to participate in this pre-General Availability (GA) pilot program? To be a trusted tester, your organization must: Have a managed domain Have devices and licenses that are managed by the Google Admin Console. Ideal candidates are those who are also expected to provide good and consistent feedback within a short timeframe. How to ApplyIf you are an administrator and would like to be included in this Trusted Tester program to try out Device Enrollment Limits and provide valuable feedback, please simply post a comment below to express your interest! We will reach out to you directly with the next steps. 

We’re excited to announce our newest Chrome Enterprise Recommended solution, PulseCX!   PulseCX works with leading Contact Center solutions to provide customer interaction analysis. Experience a clean, secure, and seamless solution on a ChromeOS device or Chrome browser, empowering your agents to work more efficiently.   Why this partnership is important for customers:    PulseCX works with Contact Center solutions to provide analysis on 100% of customer interactions across voice, chat, email and text. PulseCX offers dashboards reports for Admins in a secure environment and handling sensitive customer data, protecting them against malware or data leaks. Explore the new capabilities offered by this partnership!   Check them out on our CER directory Visit their website to learn more about their solution and our partnership!

To optimize IT operations and strengthen your digital defences, we are rolling out two powerful enhancements to the Android Management API (AMAPI). These features are designed to give IT admins scalable control, ensure consistency, and keep critical work apps running without interruption across your fleet.   Feature 1: Restrict default apps for consistency and policy enforcement   Addressing device consistency and reducing user risk, the new restrict default apps feature allows IT admins to set a specific, approved application for essential device functions and prevent users from making unauthorized changes.    Why is this useful?   By enforcing the use of approved applications, companies can ensure that common tasks such as browsing, calling, or messaging remain compliant and consistent across all enrolled devices. Once configured, this policy prevents users from changing default application settings, ensuring adherence to corporate policies across all managed devices.    How can it be applied?  This feature is broadly supported across Android Enterprise management modes:   Fully Managed Devices: Policies apply across the entire device. Company-Owned with Android Work Profile (COPE): Policies apply to the Work Profile and extend to the Personal Profile for certain pre-installed system apps. For COPE devices, setting defaults for dialer and SMS helps apply your security policy uniformly across both profiles, mitigating potential security exposures.  Personally-Owned with Android Work Profile (BYOD): Enforcement is strictly limited to the managed Work Profile. Defaults cannot be enforced on the Personal Profile.   Supported default app types   Depending on your management mode and Android version, you can now set and protect the default apps for the following core functions: Browser Dialler SMS Home launcher Assistant Call redirection Call screening Wallet Find the full compatibility matrix for supported default app types across Android versions and management modes here.    Feature 2: Role-based app privileges for critical app persistence   This high-priority feature tackles the core challenge of ensuring mission-critical applications remain operational. The role-based app privileges feature gives a special status to vital apps- such as Mobile Threat Defence (MTD) or system health tools - so they cannot be restricted by either the user or other defined behaviors such as the device’s battery management features.   Why is this useful?   By assigning a predefined role to an app, it is shielded from system limits or user interference. This ensures the app’s continuous operation, maintaining your security posture and ensuring data integrity.   Predefined roles and app protection   The following table shows the available roles and the protections: Predefined role Focus Key protection granted Mobile Threat Defense (MTD) & EDR Security and monitoring Protected from power-saving shutdowns. Users cannot stop or tamper with the app. System Health Monitoring Device performance and diagnostics Protected from power-saving shutdowns. Users cannot stop or tamper with the app. Kiosk Dedicated, single-purpose use Users cannot stop or tamper with the app. Companion App Continuous background operation Protected from power-saving shutdowns. Users cannot stop or tamper with the app.   Ready to learn more?   To find out exactly how to configure and deploy these new capabilities, including detailed platform-specific requirements and policy structures, please refer to the updated documentation in the Android Enterprise Help Centre.   View the Full Device Management and Work Profile Help Center articles for details on which default app types are supported in each mode ↗️ Visit our Help Center for more  details on the role-based app privileges feature ↗️   In the meantime, share your thoughts in the comments below. Do any of these new features solve existing pain points for your fleet management? 

Hello everyone, The wait is over - the first headset built on Android XR - the Samsung Galaxy XR - has launched. This is an exciting step forward for our ecosystem, further extending the familiar Android experience across a blend of physical and virtual worlds. As mentioned during the Samsung Galaxy XR launch event, Android Enterprise management features will be coming to Android XR and we are excited to support this new form factor.   We want to make you aware that at the time of initial release of Samsung Galaxy XR hardware (October 2025), Android Enterprise device management features will not be available, but will be activated through a software update at a later date. *As of 7th April, 2026 - Android Enterprise device management features are available - read more here.  We know many of you are keen to explore this area more and we are actively working to launch and support enterprise features. We will keep you updated here in the Customer Community when we have more information to share.  If you are interested in learning more about the Samsung Galaxy XR headset, you can find out more at Samsung.com.  For more information on the Android XR platform, resources can be found here.    Thanks, The Android Enterprise Team *Post updated - 7th April, 2026 - AE device management features are now available.

Hey friends,   We are pleased to announce the release of Google’s Security Technical Implementation Guide (STIG) for Android 16.Developed in partnership with the Defense Information Systems Agency (DISA), this guide provides a robust, expert-defined security baseline for organizations that require the highest level of security. It is an essential resource for government, defense, and security-conscious customers like FSI and Healthcare, who handle sensitive data and operate in compliance-driven environments.What is a STIG?A STIG is a detailed security checklist designed to “harden” an operating system.In short, it’s a technical manual that provides prescriptive, step-by-step guidance on how to adjust default settings, disable unnecessary functions, and configure a system to protect against  common vulnerabilities. By following a STIG, you proactively close the doors that cyber attackers often use to exploit systems.Who can benefit from the STIG?While STIG compliance is mandatory for DoD (Department of Defense) and federal agencies, its guidance represents the gold standard for security that any organisation can use to improve its security posture.Specifically, the Android 16 STIG provides official configurations for devices deployed in Corporate-owned, business-only (COBO), and Corporate-Owned, Personally-Enabled (COPE) management modes.The key value for your businessAdopting the Android 16 STIG goes beyond meeting a mandate, enabling several key business benefits. Achieve the highest security posture: The guide closes configuration weaknesses and minimizes your system’s attack surface, dramatically improving your defence against threats and enhancing system resilience. Ensure mandatory compliance: For federal and DoD-connected systems, STIG compliance is a non-negotiable step to meet the Risk Management Frameworks (RMF) and gain Authority to Operate (ATO). Unlock a standardized and efficient management framework: It provides a single, expert-defined security baseline across all your devices, which simplifies system auditing, prioritizes critical fixes (using the CAT I, II, III severity levels) and streamlines auditing and reporting. Ready to strengthen your security?Get everything your team needs to harden your Android devices, meet compliance mandates, and build a more resilient mobile fleet directly from the DISA repository.➡️ Download the Google Android 16 STIG hereFor those interested in federal device certification, our latest episode of The Secure Element delves into the approval process for Android devices in compliance-focused sectors.

The pace of innovation in Chrome Enterprise and ChromeOS continues to accelerate. Earlier this year, we launched a wave of powerful AI-driven features designed to fundamentally change how you manage your fleet and support your end-users. We’ve summarized the key developments below, focusing on the practical, day-to-day applications for your administrative work.  Part 1: Empowering IT: AI in the Admin Console Updates focus heavily on simplifying the most time-consuming aspects of device management using Google AI and Gemini. 1. Chrome Admin Assistance (Gemini Chatbot)Instant, conversational support and task execution. Instead of navigating complex menus, you can simply ask the chatbot in natural language to perform an action. For example, "What is the status of device serial number X?" or "Initiate a remote reboot for device Y." This significantly cuts down on routine, manual administrative tasks. SIgn up as a trusted tester to avail. 2. Natural Language Processing (NLP) SearchFind policies and devices instantly without precise keywords. No more guessing policy names or remembering exact search syntax. You can now use plain English for complex queries like: "Show me all devices enrolled last month" or "Find the policy for blocking USB storage." This makes fleet audits and configuration checks much faster. 3. Intelligent Recommendations (Related Settings)Ensure comprehensive and optimized configurations. When you’re viewing the details of one policy (e.g., microphone control settings), the Admin Console now surfaces other logically related policies (like audio output settings). This prevents overlooked settings and ensures a more complete and secure setup. Part 2: Powering end-users (and reducing your tickets) While your focus is on the fleet, these end-user-facing AI enhancements are vital because they impact user productivity and, ultimately, your support load.  Gemini integration in Google Workspace: If your organisation does have Workspace, users now have powerful AI assistants in Gmail (summarizing threads, composing faster), Docs, Sheets, and Slides. As an Admin, you can easily pin Gemini to the Chromebook shelf, ensuring simple, centralized access for all employees. AI built into ChromeOS: Users gain productivity tools that work across any application, not just Google's. Features like Help me read and Help me write assist with comprehension and content creation in third-party or web applications. Furthermore, AI-enhanced video call controls and Live Translate directly on the device improve meeting quality and cross-lingual collaboration, leading to less friction and fewer support requests for connectivity/tool issues.  Part 3: The Right Hardware To unlock these most advanced AI experiences, organizations should look to Chromebook Plus devices, which meet a higher standard for performance and memory. When planning your next refresh cycle, ensure the hardware can support the full stack of new AI capabilities to maximize user benefit. Ready for the Deep Dive? Be sure to read the full post: The IT Admin's Guide to Google AI.

We’re excited to announce our newest Chrome Enterprise Recommended solution, Cisco XDR!   Cisco XDR integration with ChromeOS streamlines threat detection and response on Chromebooks by unifying Cisco's advanced security capabilities within a seamless, cloud-native integration. The Google Chromebooks module allows Cisco XDR to automatically retrieve the details and properties of enrolled ChromeOS devices, providing important context about devices included in security detections. This lightweight solution empowers organizations with real-time visibility, automated response actions, and continuous protection across endpoints.    Why this partnership is important for customers:    Cisco XDR can automatically take action on a threat detected on a Chrome device, such as isolating the user or device, which dramatically reduces the time to respond to an incident and minimizes potential damage. The partnership simplifies the adoption of a Zero Trust security model by providing a validated way to secure users and devices from the browser. This allows customers to easily apply granular access controls, ensuring that only trusted users and healthy devices can access corporate resources. This also allows triage and response decisions to be made from a perspective that includes the nature, purpose, and use case of the affected device.   Explore the new capabilities offered by this partnership!   Check them out on our CER directory Visit their website to learn more about their solution and our partnership! Google Chromebooks for Google Chromebooks to learn more about this partnership

We are pleased to announce a significant update that expands support for various printer types through the introduction of Custom PPD Files in the Google Admin Console. This update provides IT Administrators with greater flexibility in managing their printer fleets on ChromeOS.   What's New?   IT Admins can now utilize a crucial third option when setting up printers: using a custom, remotely hosted PostScript Printer Description (PPD) file. Until now, you could only set up a printer using either driverless configuration or by specifying the manufacturer and model. This often created a gap for specialized or niche printers. With Custom PPD support, we’re bridging that gap by allowing you to upload a file that precisely describes the printer's capabilities.   What’s a PPD?   A PostScript Printer Description (PPD) file is a text file created by a printer manufacturer that contains all the essential information about a specific PostScript printer's capabilities and features. This includes crucial details like supported paper sizes, the number of paper trays, duplexing (two-sided printing), and other unique options.   Essentially, the PPD file acts as a driver for PostScript printers, allowing ChromeOS to understand how to communicate with the device and unlock its full range of functions.   Key Benefits for Your Fleet   Expanded Compatibility: Easily onboard specialized printers that were previously difficult or impossible to configure using the standard manufacturer/model options. Maximum Options: Ensure your printer fleet is set up with the widest possible range of options, as the PPD file enables all the printer's capabilities (e.g., specific trays, custom paper sizes, and advanced finishing options). Detailed guidance for IT administrators on how to implement and use Custom PPD files is available in the updated Help Center documentation: Add a printer - Chrome Enterprise and Education Help.

We’re excited to announce our newest Chrome Enterprise Recommended solution, FortiClient!   FortiClient is a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client. A Fabric Agent is a bit of endpoint software that runs on an endpoint, such as a laptop or mobile device and communicates with the Fortinet Security Fabric to provide information, visibility, and control to that device.   Why this partnership is important for customers:    FortiClient enables businesses to build a modern and scalable security architecture for their remote and hybrid workforce without sacrificing security or performance. IT administrators can streamline security management by leveraging the familiar Google Admin Console together with the tightly integrated FortiClient Endpoint Management Server (EMS) to quickly deploy, enforce consistent policies, and manage a unified set of advanced security controls.   Explore the new capabilities offered by this partnership!   Check them out on our CER directory Visit their website to learn more about their solution and our partnership!

We’re excited to announce our newest Chrome Enterprise Recommended solution, Ilex Access Management!   Ilex Access Management is a true authentication hub that relies on centralized administration, and offers a global approach to identity and access management and local support from renowned experts. The solution offers enhanced security, improved user experience and compliance.   Why this partnership is important for customers:    Ilex Access Management is optimized to work with the Chrome Device Trust Connector, which reduces complexity for managing access controls in a device fleet and streamlines IT workflows.  Deep integration with the ChromeOS ecosystem enables a frictionless user experience with features like fast user switching and passwordless authentication thanks to their badge authentication integration. This improves productivity and is beneficial for frontline workers who share devices.   Explore the new capabilities offered by this partnership!   Check them out on our CER directory Visit their website to learn more about their solution and our partnership Read this blog about their partnership with ChromeOS

Hello everyone,   To better protect your Google domain from unauthorized access, we will soon begin requiring 2-Step Verification (2SV) for administrative Managed Google Accounts.   Why the change? Your account's security is a top priority. 2-Step Verification provides a critical layer of defense against account hijacking by requiring a second step to verify your identity when you sign in. This makes it much more difficult for an unauthorized person to access your account, even if they have your password.   What you need to know This change will be rolling out in the near future. We encourage you to enable 2-Step Verification now to ensure your account is prepared.   For more information and step-by-step instructions, please see our help article.    Find out more about upgrading to a Managed Google Accounts in this community Feature Focus post.    Thank you for your partnership in keeping Android secure.    The Android Enterprise Team

We're excited to share the results of a new study on the economic impact of ChromeOS, which highlights the significant value it can bring to your organization. The Forrester Consulting study, commissioned by Google, provides a detailed look at the financial and operational benefits of adopting ChromeOS in a business environment. You can read the official blog post about the study here.   Why This Study Matters The study, based on in-depth interviews with four ChromeOS customers and five Google employees, offers a real-world look at how ChromeOS helps organizations cut costs and boost efficiency. For a composite organization of 10,000 employees using 3,000 Chromebooks, the findings were significant. The full report can be found here and is also available in French, German, and Japanese below.   Key Findings and Results The study found that the composite organization realized a $6.8 million in savings over a three-year period, resulting in a 208% return on investment (ROI). These impressive results were driven by significant benefits across four key areas:   Increased end-user productivity: Employees are more efficient with a fast, simple, and secure OS. Lowered device and licensing costs: ChromeOS devices and management are more cost-effective. Strengthened security posture: Built-in security features reduce the risk of cyber threats. Reduced IT support needs: The simple and manageable nature of ChromeOS minimizes the need for IT support. The report in other languages:   German Japanese French   Learn More: Webinar To dive deeper into these findings, we invite you to review an on demand webinar that took place on 18th September 2025. This session walks through the report’s findings, discusses the key benefits of ChromeOS, and explains how you can leverage the ChromeOS Readiness Assessment to identify users ready to transition. 

Hello everyone,To enhance security on Android devices, Google has announced that developers of Android applications, including those distributed outside of the Google Play Store, will be required to complete developer verification in order for their apps to be installed on Android devices. This new policy is designed to combat the spread of malware and financial fraud by increasing developer accountability. Rollout starts in September 2026 for Brazil, Indonesia, Singapore, and Thailand. This requirement will be expanded globally in 2027 and beyond.We understand that enterprise organizations often use off-Play methods of distribution methods for private applications. As such:   Applications installed on fully managed devices (DO) or within Work Profiles (BYOD and COPE) can continue to be installed, without developer verification, until September 2027. After this point, developer verification will be required for the app to be installed. Applications installed by EMM Device Policy Controllers (DPCs) will be exempt from requiring developer verification indefinitely.  (For example, apps installed via Workspace ONE Intelligent Hub, Intune Company Portal, SOTI MobiControl, etc.) Private applications installed with Managed Google Play will be exempt from developer verification indefinitely. We would welcome your feedback on other application distribution methods used by your company and how this recent announcement will impact you.   The Android Enterprise Team   *Article updated 4 Sept 2025, by CM - minor text removal for clarity

Hey everyone,We're pleased to announce a brand new initiative built exclusively for you, the members of the Android Enterprise Customer Community: Android Enterprise Insiders!What is the Android Enterprise Insiders Program?In short, it’s your opportunity to get hands on with Android Enterprise features before they are generally available or when they are hot off the press.As an Insider, you will: Get hands on with new functionality. Share your feedback to help us identify improvements to the feature or documentation. Collaborate with your peers, exploring the new features of Android device management.   Why Are We Launching This Program?You are the experts on the front lines, managing mobility for your organizations every single day. Your insights and real world experience are invaluable. We want to build a stronger partnership with you and create a direct channel for your feedback on specific features.The Android Enterprise Insiders program is our way of moving beyond traditional feedback collection. It’s a dedicated board within the Customer Community designed to give you early access to new features and a seat at the table as we refine them. Together, we can ensure that the future of Android Enterprise is powerful, practical, and perfectly suited to your needs.What Can You Expect?In early September we’ll be launching a dedicated space right here in the community for our Insiders. Here’s a high-level look at how it will work:Access to Insiders: Once you are an Insider you will have access to a dedicated Insiders discussion area, which will act as your home for the programme and you can meet other members there.Apply for Initiatives: When a new feature is ready for testing, we’ll post about the opportunity. You can then express interest to participate in that specific initiative.Get Hands On: Approved applicants will be granted access to a private project area. There, you'll find everything you need to get started, including onboarding guides and testing instructions. Please note: Depending on the feature, an NDA may be required.Share Your Voice: You can create posts to share feedback and report issues. We may also host office hours and other online sessions to discuss the features in more detail.Who Is This For?We're looking for any IT admin who manages an Android Enterprise deployment. While the overall program is open to everyone, specific testing opportunities may have certain requirements (e.g. using a particular EMM partner, a specific device type, or enrolment method).This is why keeping your community profile up-to-date is important! It will help us match you with the Insider opportunities that are most relevant to your deployment and interests.Ready to Become an Insider? Here’s how to get started Update your community profile! Critically, we need your Android Enterprise Org ID. This is the most important step to ensure we can invite you to relevant programs down the line. Like or comment on this post. This way we’ll know you're interested in participating. We hope this sounds like an exciting initiative and thank you for being a part of this community, we look forward to further collaborating with you! The Android Enterprise Team

In today's fast-paced digital landscape, making informed decisions about your IT infrastructure is crucial. One year since its original launch, we're excited to spotlight a powerful asset that is helping organizations around the globe: the ChromeOS Readiness Tool. This solution, developed by Codimite, is designed to give you the critical insights needed to streamline your transition to ChromeOS, optimize your fleet, and modernize your IT environment.   What is the ChromeOS Readiness Tool?   Initially conceived to identify ideal users for ChromeOS pilots, the tool has evolved into a comprehensive compatibility assessment platform. It goes beyond simple device readiness, providing a complete picture of your organization's IT landscape.   Key features and benefits for IT Admins include:   Detailed readiness reports: Get a comprehensive view of your device readiness, including system compatibility and detailed reports that highlight potential areas for action. Browser insights: Understand your organization's browser and extension usage to make data-driven decisions and identify opportunities for optimization. Strategic planning: The tool helps with application usage analysis and hardware inventory, assisting in cost optimization by pinpointing unused software and paving the way for a more efficient IT strategy. Secure and transparent: Data collection is fully controlled by the administrator, and all stored data is secured with strong encryption, ensuring your peace of mind. A Year of Unprecedented Growth   In just one year, the ChromeOS Readiness Tool has seen tremendous success, a testament to its value and effectiveness.  Over 71 unique organizations have deployed the ChromeOS Readiness Tool within their organization New features, such as a partner/pro dashboard notification system and peripheral device data reports, have been built to support customer-specific requests. What's Next?   The momentum is building, and the Codimite team is working on new features to deliver even more value: Japanese Language Support: To meet the growing interest in the JAPAC region. MacOS Support: Expanding compatibility to help customers with mixed Windows and Mac environments. Gemini Suggestions: Providing actionable next steps for "Attention Needed" applications. Resources to Get Started   Ready to see how the ChromeOS Readiness Tool can transform your IT operations? Schedule a Demo: Fill out this form from Codimite’s site. Learn More: Visit the Resource Center to browse their documentation and videos. We are excited to see how this tool will continue to evolve and empower IT professionals worldwide. Here’s to another year of growth and innovation!

  ChromeOS is rolling out a new feature called Desk Sync, designed to make device transitions seamless for users and streamline workflows for your organization. This is a shorter version of the full blog post, focusing on what you need to know.   What is ChromeOS Desk Sync?   Desk Sync is a new feature that automatically transfers a user's entire workspace - including open windows, tabs, and applications - to a new ChromeOS device. It also authenticates them into their web services, eliminating the need for a manual setup. The goal is to let employees pick up their work right where they left off, even when they switch devices.   What's the practical application for my organization?   This feature is particularly beneficial for frontline workers who frequently switch devices during their shifts. By removing the time and effort required to log in and set up a workspace, it improves operational efficiency and reduces downtime. For example, in a retail environment, it can enable a quick and smooth hand-off between employees at shift change. In healthcare, it allows professionals to move between locations without delay, maintaining a focus on patient care.   How is this different from existing features?   Unlike previous methods that might have required manual steps, Desk Sync is automated and comprehensive. It's designed to provide a truly seamless transition, ensuring the user's full workspace, including app states and web authentication, is maintained.   For more detailed information, including use cases in different industries, you can read the full blog post here.   And you can view our help center page to begin your configuration.   If you use this feature, let us know in the comments below or respond within the discussion board.