1. Home
  2. Knowledge Base
  3. SureMDM
  4. How to configure the Device Policy profile for Chrome OS

How to configure the Device Policy profile for Chrome OS

The SureMDM console provides you with the ability to manage your fleet of Chromebooks and their installed Chrome OS apps. SureMDM offers features to apply policies such as User and Browser Policy, Device Policy, Apps and Extensions Policy, and Application Policy. It also remotely refreshes device data on Chromebooks and locks, unlocks, or wipes them when there are security threats.

Purpose

The purpose of this knowledge article is to provide a guide on how to configure the Device Policy profile for Chrome OS.

Prerequisites

NA

Steps

1. Log into the SureMDM web console and navigate to Profiles.

2. Select Chrome OS, click Add (+).

3. Select Device Policy and click on Configure.

4. Enter a Profile Name

5. Select the desired Device Policy for Chrome OS Devices and click Save.

To know more about the Device Policy supported for Chrome OS Devices, Refer to the description given below:

Device PolicyDescriptions
“Enrollment Access”
PowerwashAllows the device user to factory reset the Chromebook.
Verified AccessEnables a web service that requests proof that the Chromebook is unmodified and policy-compliant. 
Verified modeControls whether Verified Access can attest the Chromebook if it boots into developer mode.
Integrated FIDO second factor
Allows 2-factor authentication (2FA) on devices with a Titan M security chip.
“ Sign-in settings”    
Guest modeAllow the device user to publish private apps that are restricted to your domain on the public Chrome Web Store. 
Sign-in restrictionToggles the monitoring and reporting of Android app installations forced by policy..
Autocomplete domainSpecifies a default account domain name to present to device users on the sign-in page. If this policy is enabled, users don’t need to enter the @domain.com part of their account name during sign-in.
Autocomplete domain prefixSpecifies the default account domain name to present to device users on the sign-in page. Only available if the Autocomplete domain policy is set to Use the domain name set the field below for autocomplete at sign-in.
Single sign-on cookie behaviorAllows single sign-on (SSO) user accounts to sign in to internal websites and cloud services from your enterprise’s identity provider on subsequent sign-ins. The Chromebook must have SAML SSO.SAML SSO cookies transfer the first time the user account signs in on the Chromebook. If this policy is enabled, the cookies also transfer during subsequent sign-ins.Cookies will not be transferred to Android apps on supported devices.
Sign-in languageControls the language displayed on the sign-in screen.
Single sign-on verified accessSpecifies an allowlist of URL patterns of websites and endpoints that can perform verified access checks during SAML authentication on the sign-in screen. If a website matches an allow listed pattern, it receives an HTTP header attesting to device identity and device state.If no URLs are added, no websites or endpoints can perform remote attestation on the sign-in screen.
System info on sign-in screenAllows the device user to toggle device system information on the sign-in screen or display it by default.
Privacy screen on sign-in screenToggles the privacy screen on the sign-in screen. Only applicable to Chromebooks with an integrated hardware privacy screen.
Show numeric keyboard for passwordToggles the numeric keyboard for password input on Chromebooks with a touchscreen.
“Sign In Screen Accessibility”
Spoken feedbackToggles the screen reader, also known as ChromeVox. For more details about this feature, see Use the built-in screen reader and Use a Braille device with your Chromebook.

Select to speak
Toggles selective screen reading, where only parts of the screen are read, such as text selections and certain sections. For more details about this feature, see Hear text read aloud.
Screen magnifierToggles the screen magnification feature. For more details about this feature, see Zoom in or magnify your Chromebook screen.
Sticky keysToggles inputting key combinations one keypress at a time, without holding any keys down. For more details about this feature, see Use keyboard shortcuts one key at a time.
On-screen keyboardToggles the on-screen keyboard. For more details about this feature, see Use the on-screen keyboard.
DictationToggles speech-to-text input. For more details about this feature, see Type text with your voice.
Keyboard focus highlightingToggles enhanced object highlighting during keyboard navigation of the sign-in screen.
Caret highlightToggles a ring around the caret (keyboard cursor) during typing.
Auto-click enabledToggles mouse clicking when the cursor stops moving. For more details about this feature, see Automatically click objects on your Chromebook.
Large cursorToggles a bigger mouse cursor.
Cursor highlightToggles a ring around the mouse cursor during mouse movement.
Primary mouse buttonSpecifies which mouse button performs primary interactions.
Mono audioToggles single-channel audio.
Accessibility shortcutsToggle the built-in accessibility shortcuts.
“Device Update”
VariationsEnable the Chrome variations framework. If this policy is enabled, Google can selectively deliver security fixes and experimental features to Chrome OS.CAUTION — Disabling variations significantly increases the risk of future security and compatibility issues and isn’t recommended.

The newly created profile will be listed in the Profiles section.

6. Return to the Home tab and select the device(s) or group(s).

7. Click Apply to launch the Apply Job/Profile To Device prompt.

8. In the Apply Job/Profile To Device prompt, select the created profile, and click Apply.

Need more help? Here’s how to get help from our experts. 

CONTACT US 

Was this helpful?
YesNo
Updated on March 2024