Essential settings and configurations in Chrome Enterprise Upgrade
Let's explore some important settings and configurations to help you manage your ChromeOS devices effectively with Chrome Enterprise Upgrade. Now that you've got the basics down, we'll dive into some key administrative tasks and policies to enhance your experience. If you haven’t yet, check out “Your first steps with Chrome Enterprise Upgrade” article before continuing reading. Setting Device and User/Browser Policies Policies are configured within the Admin Console. There are various device policies and user/browser policies that allow you to control and manage various aspects of your ChromeOS devices and user experiences. Consider applying the following popular, useful policies: Device Policies > Security : Password manager, Lid close action, Power management, Geolocation, and more. Device Policies > Sign-in Settings: Sign-in screen, Device wallpaper, Single sign-on, and more. User Policies > User Experience policies: Download location, Form auto-fill, Payment methods, and More. For more detailed explanations of the policies available, check out these extensive articles on device policies and user policies. Ensuring Devices Remain Managed: Forced Re-enrollment By default, wiped ChromeOS devices automatically re-enroll into the account without requiring user credentials. This feature, known as forced re-enrollment, ensures that devices remain managed and policies are consistently enforced. Guidance is available on how to turn forced re-enrollment on or off. More information on forced re-enrollment is available here. Controlling Device Access with Sign-in Restrictions Sign-in restrictions allow you to manage which users can sign in to your managed devices. The available options are: Restrict sign-in to a list Allow any user to sign in Do not allow any user to sign-in More information on configuring sign-in restrictions is available here. Blocking Websites You can prevent users from accessing specific URLs, domains, and IP addresses. This is done through website blocking configurations. More information and a step-by-step guide can be found here. Managing Device Updates Devices automatically check for and download updates when connected to Wi-Fi or Ethernet. Administrators can manage ChromeOS updates for the organization. Full OS updates are generally released roughly every 4 weeks. Minor updates, such as security fixes, are released every 2–3 weeks. Guidance on configuring and customizing update schedules is available here. Configuring Apps and Extensions Administrators can set policies for specific web apps, Chrome apps, or supported Android apps. For example, you can force-install an app and pin it to users' Chrome taskbar. More information, step-by-step instructions, and a video tutorial are available. By understanding and utilizing these essential settings and configurations, you can effectively manage your ChromeOS environment with Chrome Enterprise Upgrade.Optimizing your ChromeOS deployment
We're excited to share the "Getting Started with ChromeOS Deployment Guide." This comprehensive guide is an invaluable read for anyone looking to successfully deploy and manage ChromeOS within their organization. Whether you're just starting your ChromeOS journey or looking to refine your existing setup, this guide offers practical insights and best practices. It covers everything from initial deployment strategies, including project kick-off and infrastructure configuration, to defining policies and managing apps and extensions. You'll find detailed guidance on: Network and Wi-Fi Setup: Ensuring seamless connectivity for your devices. Device Enrollment: Understanding both manual and zero-touch enrollment methods. Policy Considerations: Key aspects to consider for effective management. App and Extension Management: Streamlining your software ecosystem. User Adoption and Change Management: Strategies to support your users through the transition, including governance, readiness, communications, and training. This guide is packed with detailed checklists and recommendations, providing a structured approach to your ChromeOS deployment. It also offers resources for ongoing support and troubleshooting, making it a go-to resource for a smooth and efficient transition to ChromeOS. Dive in and empower your enterprise with the full potential of ChromeOS! You can access the guide here: Getting Started with ChromeOS Deployment GuideYour first steps with Chrome Enterprise Upgrade
This article will walk you through the initial, straightforward steps of setting up and managing your ChromeOS devices with Chrome Enterprise Upgrade. We'll cover everything from getting started with the Admin console and enrolling your devices to finding helpful support resources and assisting your users with the transition to ChromeOS. Where to begin? Starting with Chrome Enterprise Upgrade is straightforward. Follow these simple steps: Signing up: Begin by signing up for a Trial for Chrome Enterprise Upgrade, either on our website, or directly from the Admin Console if you already have access. Accessing the admin console: The Admin console is your central hub for managing ChromeOS devices. Access it to get started. Using the setup guides: Inside the Admin console, you'll find interactive Setup guides. These guided tutorials will help you navigate the setup process. Locate them by navigating to "Devices > Chrome > Setup Guide" in the left-hand menu. How to start managing ChromeOS devices: Enrollment Enrollment is the key to managing your ChromeOS devices. Helping your users adopt ChromeOS If your users are new to ChromeOS and Chromebooks, here’s the Employee Adoption Kit that you can use to help your users learn more and answer their questions. Getting help and support Need help? But here’s how to find additional support: Contact support: Here’s a quick overview on how to get in touch with support if you’re experiencing any issues. Talk with an expert: If you’re still in the Trial phase and need more support evaluating the solution you can complete this form to Talk with an Expert for more personalized assistance and solution validation.Boost User Adoption: Building Trust in Your Mobility Deployment
Building trust with your users is critical to the success of any IT project We’ve all heard it: “IT can see what is happening on my device”, and this level of distrust from users occurs regardless of the platform being used. Finding that balance between user trust and securing your organisations data & assets is a tightrope that can have catastrophic consequences if the fine balance isn’t met. In most instances lack of end user trust is caused by not having visibility into what is happening, the “black box” of IT policy and processes is a real thing! With the ever increasing number of personal devices being used in the enterprise world, ensuring end users are aware and empowered to understand what is actually visible by their employer will help ease end users' concerns about adopting mobility management. Regardless of the enrolment method your organisation has adopted, Android Enterprise is built from the ground up with a focus on end user privacy and while aiming to ensure that IT admins have the right tools to manage their assets. Build trust through communication Being able to set policies within your organisation's EMM is a powerful responsibility. While simply ticking a box and applying the configuration can feel low impact, even small changes can have inconveniences for your users which may build up frustration and distrust over time. Start a dialog with your users I know, this is easy to say and much harder to execute. There’s a vast number of variables to consider when trying to recommend a best practice for successful dialog with your users. It’s important to consider technical ability, the size of your organisation and location distribution of staff, just to name a few. But the goal of any communication to your users should be to provide a clear understanding of what the change is, why the change is being implemented, and address potential FAQs. There are the obvious communication methods of email (don’t forget to use BCC ) or posting on an internal communication board, but these may be missed or ignored. Something I have seen becoming more common is internal calls where IT decision makers within an organisation talk about upcoming changes. Alongside visibility, this has the added benefit of allowing users to ask questions. Organisations that have committed to these sessions have found it much easier to get their end users to adopt new technologies. While we are focused on Android here, this approach can help with everything from a new device rollout to deploying video conferencing software. It can be pretty daunting to know where to start with a communication plan, so we have an employee adoption kit to help! When should you communicate a change to your users If you have a change coming that’ll have a visual or workflow impact on users, be proactive and let them know. While this can add additional workload, informing users can start a useful early dialog to understand questions that may come up. IT teams are stretched at the best of times, being able to reduce inbound support requests through pro-active communication is never a bad thing! If you're looking at making disruptive changes to a fully managed device deployment, such as completely changing the UI of a kiosk, I’ve found that end users are more receptive to this level of impact during a device refresh. Users in these scenarios see these devices as tools to do their job and form habits in their workday around how their device works. If overnight you change how their device works this is likely to disrupt those learned habits, and cause friction for your users. This often leads them to believe that the device doesn’t perform as well as it used to, even if functionally you’ve just shifted an icon around. So if you have the ability to delay that new rebrand or that push to move the app icons around until your next rollout, it certainly might be worth holding off! Don’t forget dialog is a two way street Create an easy route for users to ask questions. You could look at adapting existing IT support flows, create a dedicated form or even host a weekly office hours for users to get some 1:1 time with the team. This brings us neatly to... Best practices for policy decisions and changes You can have the best laid plans for your mobility deployment, but there is one variable you cannot account for, user innovation. As a policy setter, it’s unlikely that your testing will directly replicate your end user's day-to-day behaviour. Over time they will find their own route to achieve their goals. There’s a fun equivalent called “desire paths” where pedestrians will walk an unplanned route to get to their destination causing an environmental impact to the landscape. Don’t block them from the path, embrace it! User-centric approach to change management Whether you’ve implemented a BYOD program or provided hardware to your users, the mobility decisions you’ve made will have a material impact on the day to day lives of your users, it’s one of the many great things about working in this space. This puts even the most robust testing programs under a huge amount of pressure. It’s nearly impossible to test every possible tap or swipe that an end user could perform. Don’t fret, this can lead to some fantastic opportunities part way through the lifecycle of your devices . You should run some 1:1 sessions with your users and see how they are actually using the devices. This feedback can help you make informed decisions about your next deployment milestone or make iterative changes to improve the mobile experience for everybody. An example that has always stayed with me was from a logistics organisation with a large quantity of fully managed devices. One of their users made a simple request to adjust the app layout on their kiosk to better align with their workflow. That small adjustment had a 4% time save every time a user performed that task. That might sound negligible, but when you multiply that time saving over 10,000 users performing that same task 15 times a day these small changes make a massive difference. We don’t all work for Formula 1 teams, but incremental gains can still be a target for us all. Pushing applications is more intrusive than you may think Being able to push applications to your users is one of the many benefits of enrolling a device into Android Enterprise, but it is also one of the more user intrusive actions you can take on a device under management. My general recommendation for distributing applications is you should only force install applications you know will be critical for the user to perform their work. Users who are using a device that is owned by the organisation and enrolled as fully managed will often be more open to a dozen or more applications being automatically installed on their devices. But users who have Android Work Profile, whether corporately owned or BYOD, may find it more jarring. Limit the applications installed to the core apps required for their work such as email, calendar and a document viewer. The rest can be available for the user to download through the Play Store -empower your users! What we are doing as a platform At all stages of the device lifecycle we inform the user to help them understand what is happening on their device. Through clear dialog during provisioning, helpful prompts while the device is in use and the ability for users to see what policies are actually applied to their devices, we aim to empower users through transparency and information. Visibility into policy Regardless of enrollment type, end users can see what policies are applied to their devices and all the device level information that the EMM is able to see, all from within Settings! Users simply need to go to Settings > Security and privacy > Your work policy info. Under this section they’ll be able to see everything that you can see from within your EMM and what policies have been applied to the device. For the avoidance of doubt, content in the personal profile is not visible to the organisation! Automate work/life balance BYOD and COPE users will see Android Work Profile, providing a clear separation of personal and work applications. Keep your eyes peeled for future content discussing this in more detail. Users are probably already familiar with being able to pause the Work Profile through the launcher, but did you know that they can also automate this process through Digital Wellbeing? Simply go to Settings > Digital Wellbeing > Work Profile schedule and you can set a daily schedule for when work apps will automatically pause and unpause! Users who have their devices enrolled as fully managed can utilise Digital Wellbeing to set a Focus mode to create a similar process to scheduling work apps. Visualisation In Android 14 QPR2 we introduced greater controls for end users initiating a screen-sharing session. As a standalone feature this has been well received, and helps remove the risk of sharing something users may not wish to share while presenting from their device. But in addition to this feature, we also included a clearer UI showing that the device’s screen is being shared. While a small addition in itself, this is a great demonstration on how we prioritise helping users to understand what is happening on their device. How do you build trust with your users? Considering starting an internal session discussion with your users? Perhaps you could start by talking about the on device features we discussed! Let us know below![Community tips] What to consider when choosing an enterprise mobility management solution?
Hello everyone, I hope you are having a good week. A management solution helps you to set up, secure and manage your devices in your organisation. I see it like a comfy hub for you to ensure that your devices are working as you expect (whatever size your company is). So understandably, one of the biggest decisions when getting started with Android at work is choosing the right EMM (Enterprise Mobility Management) for your needs. There is a solution out there to meet almost every need and use case, and sometimes knowing where to start can be tricky. We are lucky here in the community, that many people have already been through this decision and there is a huge amount of experience. The Solutions Directory is a useful place to explore partners and solution options, but there are also many questions and things to consider beforehand, so this got me thinking it would be great to share community tips/advice around this. What tips would you recommend to someone considering and researching EMMs management solutions? Are there any tips you wish you knew at the beginning? Perhaps you have tips on how best to research the different options? If you are currently going through the process, please do comment too, it would be great to hear from you. Looking forward to hearing from you. Thanks so much, Lizzie
