The SureMDM console provides you with the ability to manage your fleet of Chromebooks and their installed Chrome OS apps. SureMDM offers features to apply policies such as User and Browser Policy, Device Policy, Apps and Extensions Policy, and Application Policy. It also remotely refreshes device data on Chromebooks and locks, unlocks, or wipes them when there are security threats.
Purpose
The purpose of this knowledge article is to provide a guide on how to configure the Device Policy profile for Chrome OS.
Prerequisites
NA
Steps
1. Log into the SureMDM web console and navigate to Profiles.
2. Select Chrome OS, click Add (+).
3. Select Device Policy and click on Configure.
4. Enter a Profile Name.
5. Select the desired Device Policy for Chrome OS Devices and click Save.
To know more about the Device Policy supported for Chrome OS Devices, Refer to the description given below:
| Device Policy | Descriptions |
| “Enrollment Access” | |
| Powerwash | Allows the device user to factory reset the Chromebook. |
| Verified Access | Enables a web service that requests proof that the Chromebook is unmodified and policy-compliant. |
| Verified mode | Controls whether Verified Access can attest the Chromebook if it boots into developer mode. |
| Integrated FIDO second factor | Allows 2-factor authentication (2FA) on devices with a Titan M security chip. |
| “ Sign-in settings” | |
| Guest mode | Allow the device user to publish private apps that are restricted to your domain on the public Chrome Web Store. |
| Sign-in restriction | Toggles the monitoring and reporting of Android app installations forced by policy.. |
| Autocomplete domain | Specifies a default account domain name to present to device users on the sign-in page. If this policy is enabled, users don’t need to enter the @domain.com part of their account name during sign-in. |
| Autocomplete domain prefix | Specifies the default account domain name to present to device users on the sign-in page. Only available if the Autocomplete domain policy is set to Use the domain name set the field below for autocomplete at sign-in. |
| Single sign-on cookie behavior | Allows single sign-on (SSO) user accounts to sign in to internal websites and cloud services from your enterprise’s identity provider on subsequent sign-ins. The Chromebook must have SAML SSO.SAML SSO cookies transfer the first time the user account signs in on the Chromebook. If this policy is enabled, the cookies also transfer during subsequent sign-ins.Cookies will not be transferred to Android apps on supported devices. |
| Sign-in language | Controls the language displayed on the sign-in screen. |
| Single sign-on verified access | Specifies an allowlist of URL patterns of websites and endpoints that can perform verified access checks during SAML authentication on the sign-in screen. If a website matches an allow listed pattern, it receives an HTTP header attesting to device identity and device state.If no URLs are added, no websites or endpoints can perform remote attestation on the sign-in screen. |
| System info on sign-in screen | Allows the device user to toggle device system information on the sign-in screen or display it by default. |
| Privacy screen on sign-in screen | Toggles the privacy screen on the sign-in screen. Only applicable to Chromebooks with an integrated hardware privacy screen. |
| Show numeric keyboard for password | Toggles the numeric keyboard for password input on Chromebooks with a touchscreen. |
| “Sign In Screen Accessibility” | |
| Spoken feedback | Toggles the screen reader, also known as ChromeVox. For more details about this feature, see Use the built-in screen reader and Use a Braille device with your Chromebook. |
Select to speak | Toggles selective screen reading, where only parts of the screen are read, such as text selections and certain sections. For more details about this feature, see Hear text read aloud. |
| Screen magnifier | Toggles the screen magnification feature. For more details about this feature, see Zoom in or magnify your Chromebook screen. |
| Sticky keys | Toggles inputting key combinations one keypress at a time, without holding any keys down. For more details about this feature, see Use keyboard shortcuts one key at a time. |
| On-screen keyboard | Toggles the on-screen keyboard. For more details about this feature, see Use the on-screen keyboard. |
| Dictation | Toggles speech-to-text input. For more details about this feature, see Type text with your voice. |
| Keyboard focus highlighting | Toggles enhanced object highlighting during keyboard navigation of the sign-in screen. |
| Caret highlight | Toggles a ring around the caret (keyboard cursor) during typing. |
| Auto-click enabled | Toggles mouse clicking when the cursor stops moving. For more details about this feature, see Automatically click objects on your Chromebook. |
| Large cursor | Toggles a bigger mouse cursor. |
| Cursor highlight | Toggles a ring around the mouse cursor during mouse movement. |
| Primary mouse button | Specifies which mouse button performs primary interactions. |
| Mono audio | Toggles single-channel audio. |
| Accessibility shortcuts | Toggle the built-in accessibility shortcuts. |
| “Device Update” | |
| Variations | Enable the Chrome variations framework. If this policy is enabled, Google can selectively deliver security fixes and experimental features to Chrome OS.CAUTION — Disabling variations significantly increases the risk of future security and compatibility issues and isn’t recommended. |
The newly created profile will be listed in the Profiles section.
6. Return to the Home tab and select the device(s) or group(s).
7. Click Apply to launch the Apply Job/Profile To Device prompt.
8. In the Apply Job/Profile To Device prompt, select the created profile, and click Apply.
Need more help? Here’s how to get help from our experts.