[What G Suite administrators need to know when updating ChromeOS version 78]

Below is an official announcement from the Google ChromeOS team.  And Here is what G Suite Administrator should know when updating ChromeOS ver 78.

----------------------------------------

Update your Chrome OS settings by October 29, 2019 to maintain current user access restrictions.

Dear Administrator,

On October 29, 2019, we will release a new Chrome operating system (OS) version, M-78. This release includes changes to where some settings are managed, allowing for a separation of OS and browser settings and facilitating faster page loading.

What do I need to know?

In the new OS, we’ve taken the single page of settings, which included both Chrome OS and browser settings, and separated them into individual pages. Now you can manage your OS settings in its own window.

You will find all of the same settings you use now in the following locations:

• Chrome OS settings: Open the Settings app. You can also access these settings by opening a browser, and in the address field, type the following URL: chrome://os-settings
• Chrome browser settings: Open the browser, click the three-dot menu, and select Settings. You can also access these settings by opening a browser, and in the address field, type the following URL: chrome://settings

Only OS-relevant pages (chrome://settings/display) have moved to the new URL structure (chrome://os-settings/display). All other standard Chrome browser pages will remain in place. For example, you will still find your passwords at the same URL: chrome://settings/passwords.

What do I need to do?

If you’ve restricted access to chrome://settings and its subpages, update your policies to continue to block access to the new chrome://os-settings URL before October 29, 2019.

1. Open the Admin console.
2. Go to Device management > Chrome > User & browser settings.
3. Select the organizational unit that you want to change the URL blocking setting on.
4. Scroll down URL Blocking under Content section. Update the URL blacklist text field to include:
   1. Browser-related setting pages. Example: chrome://settings/passwords
   2. (New) OS-related setting pages. Example: chrome://os-settings/display
5. Note: If you are using your own platform to push GPO policies, you will have to configure URLBlacklist to include the new OS settings page.

If you don't update your settings, pages you wanted to prevent access to may become available for user control.

How can I get help?

If you have additional questions or need assistance, please contact G Suite support. When you call or submit your support case, reference issue number 143349563.

Thanks for choosing Chrome OS.

—The Google Chrome OS Enterprise Team

[Chromebook Grab and Go service with Chrome Enterprise (Chrome Device Managment)]

These days, sharing service seems to be the trend. Things and devices that are worth sharing, such as homes, cars, electric scooters, bikes, etc., are already becoming a shared business model in the market and are also expanding.

In fact, even though IT devices such as computers, laptops, and tablets can be shared, I am simply wondering that it is not offering such sharing services.

Google is launching a new program called 'Grab and Go (Chromebook + Chrome Enterprise based self-rental program). In fact, it's an unfamiliar service to us, but it's already used in some large manufacturing companies (Veolia-Chromebook use cases), hospitals, call centers, Waymos (autonomous vehicles), and so on.

'Grap and Go' is a self-rental service. Chromebooks when needed by front-line workers working in companies or institutions, or front-line employees (producers, temporary workers, store employees, A/S workers, hospitals, etc.) who do not receive one-on-one computer benefits for all employees due to budget problems It is a service that allows you to lend, use and return. This service is not a public shared service, but is intended for front-line employees or students in a business, institution, or school.

This service combines Chrome Enterprise (Chrome Device Management) + Chromebook. The use of Chromebooks is becoming more and more versatile not only in schools, but also in businesses. Google invests heavily in Chromebook services for the enterprise market under the name of Chrome Enterprise.

[Test for Chromebook Auto Update Expiration (AUE) if it is working or not]

I have read an article saying that a Chromebook may have an auto-update validity period, and I ran the following tests to verify it:

The official Google Help Center mentions that automatic update expiration dates are set for Chromebooks (ChromeOS devices).

In fact, I tested with a Chromebook that expired the auto-update  (Acer Chromebook 11 C720P, a device whose auto-update expired in June 2019).

The expiration date for automatic updates for each device on your Chromebook is mentioned in the Google Official Help Center below. I tried to update today the Acer Chromebook 11 C720P model, which appears to have expired in June 2019. We have confirmed that today's date is updated to the most recent version. Just like the attached capture image

"This is the last automatic software and security update for this Chromebook.To get future update, upgrade to a newer model '

In fact, the Chromebook device-specific auto-update expiration mentioned in the Google Help Center seems to be working.

Please note the bellowing:


---------------------
https://support.google.com/chrome/a/answer/6220366?hl=en

Auto Update policy

Overview

Chrome devices receive automatic updates regularly that enhance both the device itself and the software on the device. Chrome device updates are designed to be simple for the user and, therefore, include updates to the device, Chrome operating system, browser and firmware. However, end-to-end updates for all our devices to ensure the highest levels of security requires dependencies on many third-party hardware and software providers so we cannot indefinitely ensure that older Chrome devices will receive updates to enable new OS and browser features.

General policy

• Each device has an Auto Update Expiration (AUE) date listed; this means that before this date, devices will receive new software updates from Google.
• Google provides each new hardware platform with 6.5 years of Auto Update support. Multiple devices can share the same hardware platform. The 6.5 years starts when the first device on the platform is released(1). Manufacturers are advised to choose the newest platforms to ensure that they produce devices that have the longest Auto Update support available.
• Google will provide advanced notice of a model’s AUE date on this page, giving buyers time to make purchase decisions. Devices that are due to have an AUE date within 90 days will be highlighted in bold. Please check the Auto Update Expiration date when making a purchasing decision.
• Chrome device models that have not reached their AUE date will continue to receive OS updates and function with the business and education management service.
• When a device reaches AUE, it means that automatic software updates from Google will no longer be provided.
• Enrolled Chrome devices that have reached their AUE date will no longer receive technical support from Google.
• Business and education customers using devices that have passed their AUE date should not expect that they can manage their devices as expected using the Google Admin console or leverage new management features released.
• The End of Sale date is controlled by the manufacturer of the device model and has no relation to model’s AUE date.
• 
  

[Chrome Device Deployment Guide]

The Chrome Device Deployment Guide, which accompanies the Chrome Device Quick Start Guide, is a detailed guide for IT administrators who want to deploy Chrome devices in a large school or business.

This guide explains key configuration settings for cloud-based policies and Chrome Apps, and how to deploy Chrome devices for specific uses. You'll also learn how to set up and deploy device and user policies across your organization, as well as remotely manage Chrome devices using the Admin console.

In fact, if your school or business adopts and deploys Chromebooks, the settings for managing devices can be more complex than you might think.

By default, there are the recommended settings that should be set when deploying Chromebooks to students or business users. Please note. See the white paper in this guide for details.

Recommended settings

In the Admin console under Device management > Chrome management, you can access many settings under User settings and Device settings. Although most organizations go with the defaults, below are popular settings some organizations customize.

Allow users that are signed-in to the device to change accounts in their browser window	You can decide to allow or block, users from signing in or out of Google Accounts within the browser. Or, you can allow users to sign in only to specific G Suite domains.  Learn more about Sign-in Within the Browser.
Forced re-enrollment	Google recommends that you don’t turn this setting off. This setting forces a wiped device to re-enroll into your domain. If you don't want a Chrome device to re-enroll in your domain, you should deprovision the device. Learn more about forced re-enrollment.
Screen Lock	Select Always automatically lock screen on idle to increase security and reduce likelihood of someone using your users’ computers while they’re away.
Pre-installed Apps and Extensions	Choose the web apps that pertain to your users, such as Gmail Offline or Google Drive. You can also blacklist and whitelist apps if you need more control over which apps can be installed by users from the Chrome Web Store.
Pinned Apps	Select which apps to hide or show on the system taskbar. Note: This setting only allows administrator-specified apps, and users will no longer have their own custom set of apps visible on the system taskbar.
Pages to Load on Startup	This is commonly set to an intranet portal or homepage. The downside is that once set, Chrome devices no longer restore the tabs from the most recent browsing session upon restart.
Restrict sign-in to list of users	Restricting sign-ins to *@yourdomain.com prevents users from signing in with a consumer Gmail account or another non-domain account. You can control who is allowed to sign in to a managed (enrolled) Chrome device.
Erase all local user info, settings, and state after each sign-out	Don’t enable this; it causes users’ policies to re-download upon each sign-in session, unless you need to have the Chrome device wiped of all user states in between user sessions.
Auto-update settings	Leave the auto-update settings to their defaults. Chrome devices self-update every 6 to 8 weeks, bringing new features, bug fixes, and security vulnerability patches. We also recommend you keep 5% of your organization on the Beta or Dev channels to test how future Chrome OS releases work in your organization. See a full list of recommendations in Deploy auto-updates for Chrome devices. Note: To stop background downloading of updates before the device is enrolled and rebooted, press Ctrl+alt+E on the End User License Agreement screen. Otherwise, downloaded updates that should have been blocked by policy might be applied when the user reboots the device.
Single Sign-On	For organizations using Single Sign-On (SSO), test to make sure a small number of your users can sign in to their Chrome devices before rolling this out to your whole organization. If you use SSO for G Suite sign in on your existing devices, you can consider using G Suite Password Sync.

Readiness checklist for deployment

▢	Network infrastructure	Do you have the Wi-Fi infrastructure in place and bandwidth for all of your devices to connect to the Internet at the same time? What is your current bandwidth utilization today, before adding Chrome devices? Will your bandwidth meet your estimated demand? Are there areas of your building without Wi-Fi coverage?
▢	Legacy vs. web application inventory	How many of your users require legacy apps vs. web apps? Are you looking to move toward a wider adoption of web apps and online resources for your users? If so, what’s your timeline?
▢	Plug-in usage	Do you know what plugins are required to access the sites your users need to use? Do you need to set up a remoting solution to do this? Learn more
▢	Printers	Have you configured your printers for for native printing (CUPS)? Will you allow all or some of your users to print?
▢	Peripherals	Have you verified that peripherals your users need work with your Chrome devices? For example, test your headsets, barcode scanners, and the other peripherals you need to deploy before rolling them out to these users.
▢	Authentication scheme	How will users sign in to their computers? How will you manage Wi-Fi passwords and access to your Wi-Fi network? Are you relying on SSO for Chrome device authentication? Are you also using G Suite Password Sync (GSPS)? Are you using Cloud Identity?
▢	Project milestone dates	Do you have a timeline for your roll-out? Do you have a way for users to give feedback on their experience with Chrome devices? How long will your evaluation period be, what types of surveys will you give users, and how often will you gather usage data and user feedback?
▢	User training	If you’re moving from another platform to Chromebooks, are you conducting user training? If you have a training department, you can create the training in-house. If you don’t, some Google Cloud Premier Partners offer Chromebook training.
▢	Help desk readiness	Is your help desk familiar with the Chrome Enterprise Help Center? Reading the resources listed on the following page and attending trainings can help your help desk and IT staff get up to speed speed with Chromebook-related questions.