Manage Your Chromebooks with Chromebook Enterprise Enrollment
Chromebook Enterprise Enrollment is the process of enrolling your Chromebook as part of a particular organization. It benefits organizations by enabling administrators to manage Chrome device updates and policies, allow or deny website access, view and configure applications and extensions, and manage Chrome devices with Active Directory from a centralized location.
What Is Enterprise Enrollment?
Centralized management is a desirable feature for every administrator. Enterprise Enrollment on Chrome OS is one method for achieving centralization. Enterprise Enrollment marks devices and enrolls them as part of a particular organization, thus enabling better management.
Enrollment requirements
Requirements for enrolling a Chrome device are:
- Only devices without an owner can be enrolled.
- Only enterprise users can enroll the devices.
Enrollment Scenarios
There are four different types of enrollment scenarios. Choosing which one to use depends on what initiates the enrollment, if the user can avoid enrollment, and how authentication and authorization is to occur. The different types of enrollment scenarios are:
- Manual enrollment
As the name suggests, enrollment is done manually on the login screen via the Ctrl+Alt+E shortcut. Users must authenticate using a username and password or can cancel the enrollment attempt and return to the login screen.
- Re-enrollment
If a device is already enrolled, it needs to be enrolled again by navigating to Device Management > Chrome > Device Settings > Enrollment & Access from https://admin.google.com/. The authentication process is the same as in the manual enrollment case.
- OEM-triggered enrollment
OEM-triggered enrollment occurs based on the special OEM manifest that device manufacturers provide. It indicates if the device should be enrolled or if enrollment is forced. The authentication process is the same as in the manual enrollment case.
- Offline demo-mode enrollment
Intended for demo Chrome OS features, this enrollment does not require a network connection and enrolls devices to a fixed domain by using local resource policy. It is triggered during the initial setup using the Ctrl + Alt + D shortcut. This method does not require authentication.
How do you Enterprise Enroll Your Chromebook?
Enterprise Enrolling your Chromebook is a simple process. Chrome OS is a cloud-native operating system that simply requires an internet connection to an enterprise. To Enterprise Enroll it, follow these steps:
- Connect to an enterprise wireless network. Chrome OS checks and applies the latest security patches and operating system updates set by the enterprise administrator.
- Sign in to your Chromebook once the enterprise updates are completed.
- Navigate to the Enterprise Enrollment screen in one of the following ways:
- Click More options on the sign-in screen, and select Enterprise Enrollment.
or
- Press Ctrl+ E to open the Enterprise Enrollment screen.
- Log in with your administrator account or a user account that has enrollment permissions.
In a matter of seconds, your device is Enterprise Enrolled, unlocking Chrome enterprise policies and management capabilities. Now your Chromebook is a managed device, and the user is ready to sign in. To double-check if the Chrome device is Enterprise Enrolled, navigate to the Google Admin Console >> Devices >> Chrome devices tile and you should see your device count increase.
What Are the Benefits of Chromebook Enterprise Enrollment?
There are many benefits of Chromebook Enterprise Enrollment, but the ones that stand out are the ability to:
- Manage Chrome device policies with ease.
As a Chromebook Enterprise administrator, you can set device-level policies, user-level policies, and application and extension policies for Chromebooks and other devices that are enrolled in your organization.
- View and configure applications and extensions.
You can also view applications, add the desired applications, block applications and set policies for an application from the Google Admin console. Additionally, you can also install, block or set policies for extensions on enrolled devices with ease.
- Update Chrome devices more easily.
Once your enterprise enrolls your devices, you can update the operating system of the devices in your organization. Chrome releases full OS updates every 6 weeks, and minor updates occur every 2-3 weeks. You can automatically update all the enrolled devices with ease.
- Manage Chrome devices with Active Directory.
You can also integrate your enrolled Chromebooks with the Microsoft Active Directory server. You can use Windows Group Policy to manage integrated devices and push Active Directory policies to users and devices.
- Restrict, allow or deny access to websites.
With enterprise enrollment, you can also allow or deny access to websites with ease, thus restricting and allowing users’ internet access. This helps increase productivity and protects your organization from viruses and malicious content.
Learn more about the partnership between Parallels® and Chrome Enterprise!
References:
- Enterprise Enrollment on Chrome OS: https://chromium.googlesource.com/chromium/src.git/+/master/docs/enterprise/enrollment.md
- Manage Policies for Chrome Devices: https://support.google.com/chrome/a/topic/6274424?hl=en&ref_topic=4386913
- Enroll Chromebooks on Enterprise Domain: https://cbookreviewguide.com/chromebook-blog/enroll-chromebooks-on-enterprise-domain/
