Chrome OS Device Management with MDM

Chrome OS device management is the process of on-boarding the Chrome OS devices used in organizations onto a mobile device management (MDM) solution, facilitating IT admins to manage these devices, their settings, and the data on them.

Manage the Chrome devices deployed in your organization with the best MDM solution in its class - Mobile Device Manager Plus. With this robust Chrome OS MDM tool, Chromebook device management is simple and easy to understand. Moreover, when you use Mobile Device Manager Plus as your Chromebook device management software, you can also manage the Apple, Android, and Windows devices in your organization from the same console.

Here's a walkthrough of the supported features and steps involved in Chrome OS management with MDM.

Onboarding Chrome devices

The first step in bringing your organization's Chrome OS devices or Chromebooks under management is by onboarding them with Mobile Device Manager Plus. Onboarding devices with Chrome OS MDM essentially means device enrollment followed by user assignment. However, before enrolling Chromebooks with MDM, the following are the onboarding prerequisites you need to conform to.

Right after enrolling Chrome devices, user assignment must be done in order to complete the on-boarding process and facilitate Chrome device management. For the complete procedure to enroll Chrome devices, click here.

Remotely deploying enterprise policies

Mobile device management tools use profiles as a mode to apply configurations to managed devices; configure from an extensive set of policies and restrictions which are currently supported. With Chromebook device management software (or Chromebook MDM), you can choose to create Chromebook profiles for the user or the device. As the name suggests, a user profile ensures that the configured policies and restrictions are applied to the user, irrespective of the device utilized by the user; whereas, a device profile ensures that the configured policies and restrictions are applied to the entire device, i.e, to all the users utilizing the device.

For Chrome devices deployed in businesses or schools where multi-user login is predominant, MDM supports ephemeral mode ensuring local user information and associated settings are erased every time a user signs out. Forcing ephemeral mode reduces the chances of any personal information being left behind on the device. MDM also lets you allow or restrict Forced Re-enrollment, wherein users cannot revoke management despite resetting the device. 

MDM for Chromebooks lets you provision Chrome devices in Kiosk mode, which locks down the device with a single app or a set of preselected apps. In addition to that, you can configure policies such as Wi-Fi, Ethernet, VPN, and push certificates for users as well as the devices. For the extensive list and information about profiles supported when you use Mobile Device Manager Plus as your Chrome device manager, click here.

Managing applications

MDM lets you add applications to the App Repository which can subsequently be distributed to the managed devices. In Chrome device management, MDM supports Web Store apps as well as tailored custom apps. Web Store apps are those which are available for public download on the Chrome Web Store, which can be downloaded on Chrome devices or Chrome browsers. For distribution and installation of Web Store apps using MDM, click here. In certain circumstances, you might require customized apps which might not be available on the Chrome Web Store; custom/enterprise apps are usually created by third-party developers and available for use only on a request basis. However, you can create custom Chrome apps and subsequently distribute them to your managed Chrome devices, as explained here and update custom Chrome apps remotely when using MDM for Chrome device management. Additionally, you can silently install Android apps on your managed Chrome devices as well.

Secure Chromebook device management

You can leverage Mobile Device Manager Plus' security commands to scan managed devices remotely. With Remote Scan, you can fetch the granular details from the device such as installed apps, distributed profiles, OS information, etc., and view them right on the MDM console. For a successful device scan, ensure the managed Chrome devices can access the internet. You can also schedule device scans on Chrome devices, at any frequency of your choice; be it daily, weekly or monthly. Lost Mode is a reactive security feature supported by MDM; you can deliberately mark Chrome devices as lost thereby preventing unauthorized access in case of any mishap. This aids in recovering misplaced or stolen Chrome devices.

Schedule and automate OS updates

OS updates is quite a challenging task in every organization, depending on the number of deployments. With regards to Chrome devices, MDM provides extensive support for OS updates. You can select from four release channels; Developer Channel, Beta Channel, Stable channel, Delegated Channel or leave it unspecified. Thereby, you can allow users to test the latest Chrome OS features by switching between highly stable channels and experimental channels. Moreover, you can opt for immediate OS updates or leave it to the user's choice.

Bandwidth choking is another concern with OS updates. Updating all your deployments simultaneously results in bandwidth choking, disrupting other tasks and operations. MDM for Chromebooks lets you specify a scatter duration (upto 90 days), which ensures all your Chrome devices get updated in a random order, within the specified time-span. Additionally, you can restrict OS updates beyond a specific version, if required. Thereby, managed Chrome devices will not be updated beyond the mentioned OS version.