Best practices for deploying WireGuard VPN across managed ChromeOS devices (system-wide or via Admin Console)
Hello, We currently manage a growing fleet of ChromeOS devices (Chromebooks and Chromeboxes) through our Google Workspace domain. All devices are enrolled, updated to the latest ChromeOS version, and centrally configured via the Admin Console. Our VPN of choice is WireGuard, which ChromeOS now supports natively. We followed Google’s official documentation to configure WireGuard per user: Configure VPNs on ChromeOS (Google Support) The challenge we are running into is scalability: configuring WireGuard individually on a per-user basis is becoming increasingly tedious as our organization grows. Ideally, we would like to achieve one of the following: - System-wide tunnel setup - Assign a WireGuard key per device, rather than per user. This would allow the VPN configuration to apply regardless of who logs into the machine. - Admin Console integration - Ability to push or preconfigure WireGuard VPN settings (similar to how Wi-Fi networks or other VPN types can be managed centrally). From what I understand, the Admin Console allows pushing some network settings, but WireGuard does not currently appear as a supported option. We also explored the possibility of using an Android VPN app as a workaround. However, the Android subsystem seems to create its own isolated IP pool, which breaks certain use cases for us — e.g., we need internal VPN IP addresses for DNS resolution and internal resource access, which doesn’t work properly when tunneled through the Android environment. So my questions are: Is there currently any way to enforce or distribute WireGuard VPN configurations via the Admin Console? If not, is there a recommended workaround to achieve system-wide VPN coverage (device-level rather than user-level)? More generally, what is the best practice for deploying WireGuard in centrally-managed ChromeOS environments today? I realize WireGuard support on ChromeOS is still relatively new and limited to certain devices, but we’ve been using it successfully with most of our devices. We’re just looking for the most scalable and officially supported way to roll this out across our managed devices. Thanks in advance for any insights!New user guides: ChromeOS policies
Hey everyone, Just wanted to let you know we've published two new articles in the User Guide section of the community, designed to help you master ChromeOS policies! These new guides dive deep into the specific steps for applying policies across your fleet: Setting ChromeOS device policies: Learn how to configure policies that apply to your managed ChromeOS devices, regardless of who is signed in. Setting ChromeOS user and browser policies: Get the details on configuring policies that apply to specific users when they sign in, as well as policies for the Chrome browser across different operating systems. All comments and feedback are welcome! Please let us know if these guides help streamline your policy setup. What other ChromeOS topics would you like to see covered in our next user guides?Chrome OS Flex AUE in Google Admin
Hey. The admin console has a fantastic feature where you can see the AUE of your devices pr year. It makes it easier to plan budget for replacing devices going out of support and planning execution. https://admin.google.com/ac/chrome/devices/?sf=2&so=2&tab=dashboard However - you can only see Chrome OS devices since the "Automatic updates until" field in Google Admin is not populated as in the example below. Obviously this information is available somewhere to be displayed, but it is currently not. I would really like to avoid exporting inventory to a spreadsheet, use the certified model list (https://support.google.com/chromeosflex/answer/11513094?hl=en) to populate the empty field in the spreadsheet and keep track of it there. How do others plan inventory replacements? Has anyone else tried to reach out to the Chrome OS team pointing out this flaw?Getting started with Chrome Enterprise Upgrade webinar series
We're excited to announce a brand new webinar series designed specifically for our new customers and trialists: "Getting started with Chrome Enterprise Upgrade." This series aims to provide you with the essential knowledge and practical tips to seamlessly onboard and maximize the benefits of Chrome Enterprise Upgrade within your organization. Why you should join Joining this webinar series is your opportunity to gain a deeper understanding of Chrome Enterprise Upgrade, directly from our experts. You'll learn how to effectively deploy, manage, and secure your ChromeOS devices, empowering your team with a modern and efficient computing experience. This is a crucial step for anyone looking to streamline their IT operations, enhance security, and unlock the full potential of their ChromeOS investment. Whether you're just starting your trial or recently became a customer, these sessions will provide invaluable insights to help you get up and running quickly and confidently. What to expect We’ll cover key aspects of the platform, including initial setup, device management best practices, security features, and app deployment. We'll walk you through the easy steps for initial setup and configurations for your ChromeOS devices. You'll have the chance to ask questions and interact with our team, ensuring you leave the webinar with a clear understanding of how to leverage Chrome Enterprise Upgrade for your specific needs. Register today! Don't miss out on this opportunity to kickstart your journey with Chrome Enterprise Upgrade. Register today for the first session on September 25th at 3 PM GMT. Secure your spot by clicking on the registration link below. Register for the first session here
