Join the ChromeOS Device Enrollment Limits TT
We are excited to announce an opportunity to join a new Trusted Tester program for a feature coming to ChromeOS that will help administrators manage device licensing more effectively: Device Enrollment Limits. What is the Feature? Currently, there is no easy way to prevent one team or organizational unit (OU) from consuming too many device licenses, which can leave other parts of your organization short. The ChromeOS TT for Device Enrollment Limits is designed to give you, as an administrator, more control over license consumption within your OUs. This pre-General Availability (GA) pilot will allow you to: Set specific enrollment limits per OU. Ensure fair access to licenses across your organization. Optimize resource allocation and prevent overconsumption. Once you request to be part of the TT (more details below) and we set you up for it, you'll find and manage this feature in the Google Admin Console under Devices > Chrome > Reports. For more information, head on over to our Product Hub for a Q&A blog post on this Trusted Tester. How to Apply If you are an administrator and would like to be included in this Trusted Tester program to try out Device Enrollment Limits and provide valuable feedback, please simply post a comment below to express your interest! We will reach out to you directly with the next steps.
Enable ADB debugging is grayed out - This setting is managed by your administrator
This issue was documented in 2021 but with no solution. My Chromebook is managed by my company and I am the manager. But Google tries to find the managed option to unlock for this to work in the administration interface for more than 15 days without success. By the way there are thousands of options in the admin interface it could be a clever feature to number them. If you are in front of the same issue please add your comments to this post. I hope that Google support will succeed to solve the issue soon because I developed my first app for Android on my Chromebook with Android Studio and I was able to download it to my phone before these 15 days.Limitless Control: Join the ChromeOS Device Enrollment Limits TT
We are excited to announce an opportunity to join a new Trusted Tester program for a feature coming to ChromeOS that will help administrators manage device licensing more effectively: Device Enrollment Limits. Further to our discussion post on this recently launched trusted tester, we also wanted to share some more information on this feature and how it works. What is the "Device Enrollment Limits" feature and what problem does it solve? It's a new functionality in the Google Admin Console that allows administrators to set specific enrollment limits for each Organizational Unit (OU). It's designed to give administrators greater control over ChromeOS license consumption across their organization, ensuring fair access, optimizing license allocation, and preventing overconsumption. Where can administrators find and manage the "Device Enrollment Limits" feature in the Google Admin Console? You'll find it by navigating to Devices > Chrome > Reports. The feature is nested under Device enrollment limits on that page. How do administrators set an enrollment limit for a specific Organizational Unit (OU)? The basic steps are: Navigate to Devices > Chrome > Reports > Device enrollment limits. Click the specific OU you want to configure. In the dialog, turn on the toggle for the desired license type (Chrome Enterprise/Education Upgrade or Kiosk & Signage Upgrade). Enter a numerical value for the available enrollment slots in the "Device enrollments remaining" field. Click "Save". (Setting the limit to 0 prevents that OU from enrolling devices.) What types of licenses can be managed with this feature, and are there any exceptions? You can set limits for perpetual and annual Chrome Enterprise/Education Upgrade (CEU) and Kiosk & Signage Upgrade (KSU) licenses. Yes, bundled or packaged licenses cannot be adjusted using this feature. When an OU has both perpetual and termed licenses, perpetual licenses will be utilized first before tapping into termed ones. How can I quickly see which OUs have reached their limit? On the "Device enrollment limits" page, use the "Add a filter" button and select "Device enrollment limits reached". You can also choose filters to show only OUs with "0 remaining device enrollments for CEU" or "0 remaining device enrollments for KSU". What happens when an OU reaches its set limit? New devices will be unable to enroll in that specific OU. The Admin Console will show "0" remaining slots, and users attempting enrollment on the Chromebook will encounter an error. This prevents overconsumption Will the "Device Enrollment Limits" be manageable through the Chrome Policy API? No, management and configuration of these limits will be exclusively through the Google Admin Console user interface. What are the minimum requirements to participate in this pre-General Availability (GA) pilot program? To be a trusted tester, your organization must: Have a managed domain Have devices and licenses that are managed by the Google Admin Console. Ideal candidates are those who are also expected to provide good and consistent feedback within a short timeframe. How to Apply If you are an administrator and would like to be included in this Trusted Tester program to try out Device Enrollment Limits and provide valuable feedback, please simply post a comment below to express your interest! We will reach out to you directly with the next steps.ChromeOS Device Management: The Enterprise IT Fast Track
We know you're busy, so let's get straight to the point on managing your ChromeOS fleet in an enterprise environment via the Google Admin Console. The foundation: Licensing and fleet access Centralized management is unlocked by a license. The article clarifies your three primary license options for provisioning a ChromeOS fleet: Chrome Enterprise Upgrade (CEU): This is the standalone license (annual) you purchase separately for any standard ChromeOS device to bring it under enterprise control. Chromebook Enterprise (CBE): These devices come with the CEU license embedded for the life of the hardware. This offers a zero-touch, perpetual management solution right out of the box, streamlining large-scale deployment. Kiosk & Signage Upgrade: This is designed specifically for ChromeOS devices used as single-purpose kiosks (like self-service terminals) or digital signage displays. The licenses can either be purchased separately (annual) or bundled with the device (perpetual). Once the appropriate license is secured, enrollment links the physical device to your domain, granting you the full suite of policy controls. 2. Core control: Policies, security, and networking The power of the Admin Console is the ability to enforce settings based on who is signing in and which device they are using: Security & data protection: Enforce enterprise-grade policies like Forced Re-enrollment (preventing unmanaged use after a wipe), remote device disablement for lost assets, and strict sign-in restrictions (e.g., only allowing users from your corporate domain). Seamless network access: Remotely push necessary Wi-Fi profiles, proxy settings, and VPN certificates directly to devices. This ensures employees connect securely to internal resources immediately upon sign-in, regardless of location. Software distribution: Maintain a secure and standardized environment by force-installing, pinning, or blocking corporate web apps, PWAs, and extensions. 3. Example Enterprise Use Cases ChromeOS devices can excel in a range of environments where the device has a dedicated, shared, or public-facing role: Kiosk mode: Dedicate a Chromebase or Chromebox to run a single, purpose-built application, such as a retail Point-of-Sale (POS) terminal, a corporate visitor sign-in app, or a dedicated inventory scanner in a warehouse. Managed Guest sessions: Control shared-use devices in environments like office reception areas, business centers, or hot-desking stations. Sessions are non-account based, with all user data wiped upon logout, ensuring privacy and a fresh, secure device for the next user. Logged in user: Allow individual employees to sign in with their managed enterprise account (e.g., Google Workspace), providing a personalized, secure, and fully managed desktop experience. User data and settings are synced to the cloud, enabling quick, seamless migration to a replacement device and ensuring all corporate security policies and access controls are enforced. Real-World Application The power of ChromeOS management comes from applying these policies dynamically across your organization: Deployment example: Imagine provisioning new corporate laptops. You use the Admin Console to force-install the VPN extension and push the corporate Wi-Fi profile to the Corporate Devices Organizational Unit (OU). The employee receives the device, signs in, and everything is instantly configured. For more information check out the article in the Help Center: About ChromeOS Device Management And continue on through our Getting Started User Guides to the left.Your guide to smarter ChromeOS administration
The pace of innovation in Chrome Enterprise and ChromeOS continues to accelerate. Earlier this year, we launched a wave of powerful AI-driven features designed to fundamentally change how you manage your fleet and support your end-users. We’ve summarized the key developments below, focusing on the practical, day-to-day applications for your administrative work. Part 1: Empowering IT: AI in the Admin Console Updates focus heavily on simplifying the most time-consuming aspects of device management using Google AI and Gemini. New Feature Practical Day-to-Day Application 1. Chrome Admin Assistance (Gemini Chatbot) Instant, conversational support and task execution. Instead of navigating complex menus, you can simply ask the chatbot in natural language to perform an action. For example, "What is the status of device serial number X?" or "Initiate a remote reboot for device Y." This significantly cuts down on routine, manual administrative tasks. SIgn up as a trusted tester to avail. 2. Natural Language Processing (NLP) Search Find policies and devices instantly without precise keywords. No more guessing policy names or remembering exact search syntax. You can now use plain English for complex queries like: "Show me all devices enrolled last month" or "Find the policy for blocking USB storage." This makes fleet audits and configuration checks much faster. 3. Intelligent Recommendations (Related Settings) Ensure comprehensive and optimized configurations. When you’re viewing the details of one policy (e.g., microphone control settings), the Admin Console now surfaces other logically related policies (like audio output settings). This prevents overlooked settings and ensures a more complete and secure setup. Part 2: Powering end-users (and reducing your tickets) While your focus is on the fleet, these end-user-facing AI enhancements are vital because they impact user productivity and, ultimately, your support load. Gemini integration in Google Workspace: If your organisation does have Workspace, users now have powerful AI assistants in Gmail (summarizing threads, composing faster), Docs, Sheets, and Slides. As an Admin, you can easily pin Gemini to the Chromebook shelf, ensuring simple, centralized access for all employees. AI built into ChromeOS: Users gain productivity tools that work across any application, not just Google's. Features like Help me read and Help me write assist with comprehension and content creation in third-party or web applications. Furthermore, AI-enhanced video call controls and Live Translate directly on the device improve meeting quality and cross-lingual collaboration, leading to less friction and fewer support requests for connectivity/tool issues. Part 3: The Right Hardware To unlock these most advanced AI experiences, organizations should look to Chromebook Plus devices, which meet a higher standard for performance and memory. When planning your next refresh cycle, ensure the hardware can support the full stack of new AI capabilities to maximize user benefit. Ready for the Deep Dive? Be sure to read the full post: The IT Admin's Guide to Google AI.New user guides: ChromeOS policies
Hey everyone, Just wanted to let you know we've published two new articles in the User Guide section of the community, designed to help you master ChromeOS policies! These new guides dive deep into the specific steps for applying policies across your fleet: Setting ChromeOS device policies: Learn how to configure policies that apply to your managed ChromeOS devices, regardless of who is signed in. Setting ChromeOS user and browser policies: Get the details on configuring policies that apply to specific users when they sign in, as well as policies for the Chrome browser across different operating systems. All comments and feedback are welcome! Please let us know if these guides help streamline your policy setup. What other ChromeOS topics would you like to see covered in our next user guides?Chrome OS Flex AUE in Google Admin
Hey. The admin console has a fantastic feature where you can see the AUE of your devices pr year. It makes it easier to plan budget for replacing devices going out of support and planning execution. https://admin.google.com/ac/chrome/devices/?sf=2&so=2&tab=dashboard However - you can only see Chrome OS devices since the "Automatic updates until" field in Google Admin is not populated as in the example below. Obviously this information is available somewhere to be displayed, but it is currently not. I would really like to avoid exporting inventory to a spreadsheet, use the certified model list (https://support.google.com/chromeosflex/answer/11513094?hl=en) to populate the empty field in the spreadsheet and keep track of it there. How do others plan inventory replacements? Has anyone else tried to reach out to the Chrome OS team pointing out this flaw?New user guide: Organisational unit structure
Hey ChromeOS Customer Community, Hope you're all having a great week. Just a heads-up that a new article has been published in the User Guide section of the community! It's all about ChromeOS Organizational Unit Structures. The article provides a detailed guide on how to effectively use OUs to manage users and devices, covering key concepts like policy inheritance. It also offers best practices for creating a simple, logical OU structure, such as organizing by department or location. The guide even includes tips on when to separate user and device OUs and how to use Google Groups for more flexible policy application. You can check out the full article here: Organizational Unit Structures All comments and feedback are welcome. What other topics would you like to see covered?Setting ChromeOS user or browser policies
To manage your fleet of ChromeOS devices, you must be a Google administrator. You can set user policies to control the user experience when the user signs in with their managed Google account on any device. Step 1: Access the Google Admin Console Sign in to the Google Admin console with your administrator account. Step 2: Navigate to User Settings From the Admin console Home page, go to Menu > Devices > Chrome > Settings > User & browser settings Step 3: Select an Organizational Unit On the left, select the organizational unit you want to apply the settings to. If you want to apply the settings to all devices, select the top-level organizational unit. Step 4: Configure the Policy Scroll to the setting you want to configure. Click on it, make your desired changes, and then click Save. The policies will take effect the next time a user signs in with their managed account on a ChromeOS device. Top 10 practical user policies for enterprise While there isn't an official list of the "top 10 most used" user policies, the following 10 are highly valuable for enterprise customers to manage security, user experience, and device performance. Maximum user session length: This policy is critical for security. You can set an automatic sign-out time (e.g., 60 minutes) to ensure that unattended devices are not left signed in, reducing the risk of unauthorized access. Browser sign-in settings: To prevent data leaks and maintain control over user accounts, you can enforce that users can only sign in to Chrome browser with their managed work account. This prevents them from using personal accounts on company devices. High efficiency mode: This policy improves device performance by automatically discarding inactive background tabs after a few hours. For a large enterprise, this can significantly reduce the memory footprint and CPU usage across the fleet, leading to better device responsiveness. Exceptions to tab discarding: You can set a list of mission-critical web pages (e.g., a CRM dashboard or an internal ticketing system) that will never be automatically discarded. This ensures that essential applications remain active in the background. Wake locks: This policy gives you control over whether applications and websites can prevent a device from sleeping or the screen from turning off. This is particularly useful for devices used as kiosks or for digital signage, ensuring the content is always visible. Idle settings: This policy allows you to define what a device does when it's left idle or a user closes the lid. You can configure devices to automatically lock, sign out, or even shut down, which is essential for both power management and security. Spoken feedback (ChromeVox): Enabling this accessibility feature is crucial for creating an inclusive workplace. It provides spoken feedback for visually impaired users, allowing them to navigate the device and use applications effectively. High contrast: For users with low vision, this policy can be configured to change the font and background color scheme to make web pages easier to read. This is a practical and important accessibility feature for a diverse workforce. Custom wallpaper: This policy allows you to set a company-branded wallpaper on all managed devices. This is useful for building a consistent corporate identity and can be used to display important information like IT support contact details. Custom terms of service: Before a user can sign in for the first time, you can present them with a custom terms of service document. This is useful for ensuring all employees acknowledge and agree to company policies, such as an acceptable use policy. For more detailed explanations of the device policies available, check out this article in our help center: Set Chrome policies for users or browsers
