Boost User Adoption: Building Trust in Your Mobility Deployment
Building trust with your users is critical to the success of any IT project We’ve all heard it: “IT can see what is happening on my device”, and this level of distrust from users occurs regardless of the platform being used. Finding that balance between user trust and securing your organisations data & assets is a tightrope that can have catastrophic consequences if the fine balance isn’t met. In most instances lack of end user trust is caused by not having visibility into what is happening, the “black box” of IT policy and processes is a real thing! With the ever increasing number of personal devices being used in the enterprise world, ensuring end users are aware and empowered to understand what is actually visible by their employer will help ease end users' concerns about adopting mobility management. Regardless of the enrolment method your organisation has adopted, Android Enterprise is built from the ground up with a focus on end user privacy and while aiming to ensure that IT admins have the right tools to manage their assets. Build trust through communication Being able to set policies within your organisation's EMM is a powerful responsibility. While simply ticking a box and applying the configuration can feel low impact, even small changes can have inconveniences for your users which may build up frustration and distrust over time. Start a dialog with your users I know, this is easy to say and much harder to execute. There’s a vast number of variables to consider when trying to recommend a best practice for successful dialog with your users. It’s important to consider technical ability, the size of your organisation and location distribution of staff, just to name a few. But the goal of any communication to your users should be to provide a clear understanding of what the change is, why the change is being implemented, and address potential FAQs. There are the obvious communication methods of email (don’t forget to use BCC ) or posting on an internal communication board, but these may be missed or ignored. Something I have seen becoming more common is internal calls where IT decision makers within an organisation talk about upcoming changes. Alongside visibility, this has the added benefit of allowing users to ask questions. Organisations that have committed to these sessions have found it much easier to get their end users to adopt new technologies. While we are focused on Android here, this approach can help with everything from a new device rollout to deploying video conferencing software. It can be pretty daunting to know where to start with a communication plan, so we have an employee adoption kit to help! When should you communicate a change to your users If you have a change coming that’ll have a visual or workflow impact on users, be proactive and let them know. While this can add additional workload, informing users can start a useful early dialog to understand questions that may come up. IT teams are stretched at the best of times, being able to reduce inbound support requests through pro-active communication is never a bad thing! If you're looking at making disruptive changes to a fully managed device deployment, such as completely changing the UI of a kiosk, I’ve found that end users are more receptive to this level of impact during a device refresh. Users in these scenarios see these devices as tools to do their job and form habits in their workday around how their device works. If overnight you change how their device works this is likely to disrupt those learned habits, and cause friction for your users. This often leads them to believe that the device doesn’t perform as well as it used to, even if functionally you’ve just shifted an icon around. So if you have the ability to delay that new rebrand or that push to move the app icons around until your next rollout, it certainly might be worth holding off! Don’t forget dialog is a two way street Create an easy route for users to ask questions. You could look at adapting existing IT support flows, create a dedicated form or even host a weekly office hours for users to get some 1:1 time with the team. This brings us neatly to... Best practices for policy decisions and changes You can have the best laid plans for your mobility deployment, but there is one variable you cannot account for, user innovation. As a policy setter, it’s unlikely that your testing will directly replicate your end user's day-to-day behaviour. Over time they will find their own route to achieve their goals. There’s a fun equivalent called “desire paths” where pedestrians will walk an unplanned route to get to their destination causing an environmental impact to the landscape. Don’t block them from the path, embrace it! User-centric approach to change management Whether you’ve implemented a BYOD program or provided hardware to your users, the mobility decisions you’ve made will have a material impact on the day to day lives of your users, it’s one of the many great things about working in this space. This puts even the most robust testing programs under a huge amount of pressure. It’s nearly impossible to test every possible tap or swipe that an end user could perform. Don’t fret, this can lead to some fantastic opportunities part way through the lifecycle of your devices . You should run some 1:1 sessions with your users and see how they are actually using the devices. This feedback can help you make informed decisions about your next deployment milestone or make iterative changes to improve the mobile experience for everybody. An example that has always stayed with me was from a logistics organisation with a large quantity of fully managed devices. One of their users made a simple request to adjust the app layout on their kiosk to better align with their workflow. That small adjustment had a 4% time save every time a user performed that task. That might sound negligible, but when you multiply that time saving over 10,000 users performing that same task 15 times a day these small changes make a massive difference. We don’t all work for Formula 1 teams, but incremental gains can still be a target for us all. Pushing applications is more intrusive than you may think Being able to push applications to your users is one of the many benefits of enrolling a device into Android Enterprise, but it is also one of the more user intrusive actions you can take on a device under management. My general recommendation for distributing applications is you should only force install applications you know will be critical for the user to perform their work. Users who are using a device that is owned by the organisation and enrolled as fully managed will often be more open to a dozen or more applications being automatically installed on their devices. But users who have Android Work Profile, whether corporately owned or BYOD, may find it more jarring. Limit the applications installed to the core apps required for their work such as email, calendar and a document viewer. The rest can be available for the user to download through the Play Store -empower your users! What we are doing as a platform At all stages of the device lifecycle we inform the user to help them understand what is happening on their device. Through clear dialog during provisioning, helpful prompts while the device is in use and the ability for users to see what policies are actually applied to their devices, we aim to empower users through transparency and information. Visibility into policy Regardless of enrollment type, end users can see what policies are applied to their devices and all the device level information that the EMM is able to see, all from within Settings! Users simply need to go to Settings > Security and privacy > Your work policy info. Under this section they’ll be able to see everything that you can see from within your EMM and what policies have been applied to the device. For the avoidance of doubt, content in the personal profile is not visible to the organisation! Automate work/life balance BYOD and COPE users will see Android Work Profile, providing a clear separation of personal and work applications. Keep your eyes peeled for future content discussing this in more detail. Users are probably already familiar with being able to pause the Work Profile through the launcher, but did you know that they can also automate this process through Digital Wellbeing? Simply go to Settings > Digital Wellbeing > Work Profile schedule and you can set a daily schedule for when work apps will automatically pause and unpause! Users who have their devices enrolled as fully managed can utilise Digital Wellbeing to set a Focus mode to create a similar process to scheduling work apps. Visualisation In Android 14 QPR2 we introduced greater controls for end users initiating a screen-sharing session. As a standalone feature this has been well received, and helps remove the risk of sharing something users may not wish to share while presenting from their device. But in addition to this feature, we also included a clearer UI showing that the device’s screen is being shared. While a small addition in itself, this is a great demonstration on how we prioritise helping users to understand what is happening on their device. How do you build trust with your users? Considering starting an internal session discussion with your users? Perhaps you could start by talking about the on device features we discussed! Let us know below!Setting ChromeOS user or browser policies
To manage your fleet of ChromeOS devices, you must be a Google administrator. You can set user policies to control the user experience when the user signs in with their managed Google account on any device. Step 1: Access the Google Admin Console Sign in to the Google Admin console with your administrator account. Step 2: Navigate to User Settings From the Admin console Home page, go to Menu > Devices > Chrome > Settings > User & browser settings Step 3: Select an Organizational Unit On the left, select the organizational unit you want to apply the settings to. If you want to apply the settings to all devices, select the top-level organizational unit. Step 4: Configure the Policy Scroll to the setting you want to configure. Click on it, make your desired changes, and then click Save. The policies will take effect the next time a user signs in with their managed account on a ChromeOS device. Top 10 practical user policies for enterprise While there isn't an official list of the "top 10 most used" user policies, the following 10 are highly valuable for enterprise customers to manage security, user experience, and device performance. Maximum user session length: This policy is critical for security. You can set an automatic sign-out time (e.g., 60 minutes) to ensure that unattended devices are not left signed in, reducing the risk of unauthorized access. Browser sign-in settings: To prevent data leaks and maintain control over user accounts, you can enforce that users can only sign in to Chrome browser with their managed work account. This prevents them from using personal accounts on company devices. High efficiency mode: This policy improves device performance by automatically discarding inactive background tabs after a few hours. For a large enterprise, this can significantly reduce the memory footprint and CPU usage across the fleet, leading to better device responsiveness. Exceptions to tab discarding: You can set a list of mission-critical web pages (e.g., a CRM dashboard or an internal ticketing system) that will never be automatically discarded. This ensures that essential applications remain active in the background. Wake locks: This policy gives you control over whether applications and websites can prevent a device from sleeping or the screen from turning off. This is particularly useful for devices used as kiosks or for digital signage, ensuring the content is always visible. Idle settings: This policy allows you to define what a device does when it's left idle or a user closes the lid. You can configure devices to automatically lock, sign out, or even shut down, which is essential for both power management and security. Spoken feedback (ChromeVox): Enabling this accessibility feature is crucial for creating an inclusive workplace. It provides spoken feedback for visually impaired users, allowing them to navigate the device and use applications effectively. High contrast: For users with low vision, this policy can be configured to change the font and background color scheme to make web pages easier to read. This is a practical and important accessibility feature for a diverse workforce. Custom wallpaper: This policy allows you to set a company-branded wallpaper on all managed devices. This is useful for building a consistent corporate identity and can be used to display important information like IT support contact details. Custom terms of service: Before a user can sign in for the first time, you can present them with a custom terms of service document. This is useful for ensuring all employees acknowledge and agree to company policies, such as an acceptable use policy. For more detailed explanations of the device policies available, check out this article in our help center: Set Chrome policies for users or browsersSetting ChromeOS device policies
To manage your fleet of ChromeOS devices, you must be a Google Admin Console administrator. You can set policies for all devices in your organization or apply them to specific groups of devices using organizational units. Step 1: Access the Google Admin Console Sign in to the Google Admin console with your administrator account. Step 2: Navigate to Device Settings From the Admin console Home page, go to Menu > Devices > Chrome > Settings > Device settings. Step 3: Select an Organizational Unit On the left, select the organizational unit you want to apply the settings to. If you want to apply the settings to all devices, select the top-level organizational unit. Step 4: Configure the Policy Scroll to the setting you want to configure. Click on it, make your desired changes, and then click Save. Changes typically take effect within a few minutes, but it can sometimes take up to 24 hours. Top 10 practical ChromeOS device policies for enterprise While there isn't an official list of the "top 10 most used" devices policies, here are ten highly recommended and commonly used policies for enterprises, with a focus on security, productivity, and management. Forced Re-enrollment: This policy ensures that if a device is wiped, it automatically re-enrolls in your organization's account without a user's manual input. This is critical for device security and inventory management. Allow Guest Mode: Disabling guest mode prevents users from browsing the web without signing in, which can help ensure all user activity is tied to a specific account and is auditable. Sign-In Restriction: This policy allows you to restrict device sign-ins to only users within your organization's domain. For example, by allowlisting *@yourcompany.com, you prevent non-employees from using company devices. Device State Reporting: Enabling this policy allows administrators to collect and monitor real-time data on devices, such as serial number, model, and last time synced. This is crucial for fleet management and troubleshooting. Disabled Device Return Instructions: For lost or stolen devices, you can set a custom message that appears on the disabled device's screen. This message can include contact information, increasing the chances of the device being returned. Screen Lock: Automatically locking the screen on idle after a short period ensures that unattended devices are not left vulnerable. Safe Browsing: Enforcing Safe Browsing helps protect users from malicious sites by displaying a warning before they can access a potentially dangerous URL. Disallow External Storage Devices: This policy can prevent the use of USB drives and other external storage, which helps mitigate the risk of data exfiltration or malware introduction. Application Allowlisting: By setting the "Allowed Apps and Extensions" policy to "Block all apps and extensions except the ones I allow," you can maintain a high level of security and control over what applications users can run. This is a common and effective security measure. Automatic Updates: This policy ensures that the device's operating system and browser automatically receive and apply security patches and feature updates, keeping the devices secure and up to date without manual intervention. For more detailed explanations of the device policies available, check out this article in our help center: Set ChromeOS device policies
