Admin Essentials: Configuring Chrome Browser in your VDI environment

As a Chrome Enterprise Customer Engineer, I often get asked by administrators of virtual desktop infrastructure (VDI) environments what our best practices are for backing up user profiles. For example, many ask us how to minimize backup size to speed up user log-in and log-off into the Windows environment and reduce impact on the overall user experience.

Like any browser, Chrome has cache directories. This is where data is temporarily stored for faster future site loading, cookies are saved in order to provide seamless authentication on websites, extensions cache various resources, and more. Chrome stores all of its caches in folders in the user profile directory. 

VDI administrators may prefer to back up the entire Chrome user profile directory, but the more sites a user accesses, the more the size of the cache folder increases, and the number of small files in those folders can become quite large. This can result in an increased user profile folder backup time. For users, this can lead to slower startup time for Chrome. 

Although we’ll cover different scenarios today, Google Sync is still our recommended method for syncing browser profile data between machines. It provides the best experience for both the user and the administrator as users only need to sign in. However, there are some environments where this option isn’t suitable for technical or policy reasons. If you can’t use Google Sync, there are a few approaches that can be used to minimize the backup size.

Moving the cache folders

One option is for administrators to move the cache folders outside of Chrome’s user profile folder. The VDI administrator will need to identify a folder outside of the Chrome user profile directory where the caches will be stored. Caches should still be in the Windows user’s directory, and keeping them in hidden directories can also reduce the risk of the cache being accidentally deleted. 

Examples of such folder shortcuts would be:

  • ${local_app_data}/Chrome Cache

  • ${profile}/Chrome Cache

The user data directory variables can help you specify the best directory for your caches.

Once the folder location has been decided, administrators need to configure the DiskCacheDir policy that relocates the cache folders. This policy can be configured either via Group Policy or registry. Once the policy configuration has been applied onto the machines, Chrome will start storing the cache directories into the newly defined cache folder location. The administrator might have to do a cleanup of older caches from the user profile folder the first time after enabling this policy as the policy does not remove the old caches.

Then, continue using the standard Chrome user profile directory. This should result in faster startup times for Chrome, as less data will be copied when a user signs-on or signs-off. It’s important to note that this approach will not allow simultaneous sessions from different machines, but it will preserve session data.

Enabling Roaming Profile Support

A second option is to enable the Chrome Roaming Profile Support feature. This will also not allow simultaneous sessions from different machines, and it won’t save a user’s concurrent session data. However, it will enable you to move the Chrome profile into network storage and load it from there. In this scenario, network performance could impact Chrome’s startup time.

To enable Chrome Roaming Profile Support: 

  • Switch on the ​Roaming​Profile​Support​Enabled policy.

  • Optional: Use the RoamingProfileLocation policy to specify the location of the roaming profile data, if this is how you’ve configured your environment. The default is ${roaming_app_data}GoogleChromeUser Data.

  • If you have been using the UserDataDir policy to relocate the regular Chrome profile to a roaming location, make sure to revert this change.

Advanced controls

While the solutions above will work for most enterprises, there are organizations that want more granular control of the files that are backed up. The approach below allows for more control, but comes at a higher risk, as file names or locations can change at any moment with a Chrome version release. A granular file backup could introduce data corruption, but unlike the other options, it will preserve session data. Here is how to set it up: 

  • Set disk cache to ${local_app_data}GoogleChromeUser Data with the DiskCacheDir flag.

  • Set user profile to ${roaming_app_data}GoogleChromeUser Data with the UserDataDir flag.

  • Back up the following files in your VDI configuration:

    • Folder location: AppDataRoamingGoogleChromeUser Data.

    • Files: First Run, Last Version, Local State, Safe Browsing Cookies, Safe Browsing Cookies-journal, Bookmarks, Cookies, Current Session, Current Tabs, Extension Cookies, Favicons, History, Last Session, Last Tabs, Login Data, Login Data-journal, Origin Bound Certs, Preferences, Shortcuts, Top Sites, Web Data, Web Data-journal.

Even though this approach preserves session data, it will not enable simultaneous sessions from different machines. 

There you have it—three different approaches IT teams can take to store Chrome caches in VDI environments. Keep in mind that there are a few ways an administrator can push policies onto a machine. For all desktop platforms, Google offers the Chrome Browser Cloud Management (CBCM) console as a one-stop shop for all policy deployments and it allows the admin to set one policy that can be deployed on any desktop OS and Chrome OS. For Windows, the admin can also use GPO or registry settings. For Mac, they can use managed preferences. These templates and more info can be found at chrome.com/enterprise.

If you’d like to learn more about the management options that we make available to IT teams, please visit our Chrome Enterprise web site.

Admin Essentials: Improving Chrome Browser extension management through permissions

IT teams often look for best practices on managing extensions to avoid exposing company IP, leaving open security holes and compromising the productivity of end users. Fortunately, there are several options available to admins for extension management in Chrome. I’m going to cover one of them in more detail in this Admin Essentials post. 

Several  configuration options are available to enterprises wanting to manage extensions. Many enterprises are familiar with the more traditional route of blacklisting and whitelisting. But a second approach offers enterprises more granular controls. Instead of managing the extensions themselves, you can block or allow them by their behavior or permissions.

What are extension permissions? 

Permissions are the rights that are needed on a machine or website in order for the extension to function as intended. There are device permissions that need access to devices and site permissions that need access to sites. Some extensions require both.

extension permissions.png

Permissions are declared by the extension developer in the manifest file. Here is an example:

manifest file.png

Take a look at this list of the various permissionsto help you determine what is or isn’t acceptable to be run on your organization’s devices. As a first step towards discovering which extensions are live in your environment, consider Chrome Browser Cloud Management. It has the ability to pull what extensions are present on your enrolled machines as well as what permissions they are using. Here is an example of that view in Chrome Browser Cloud Management:

Chrome Browser Cloud Management.gif

If you’re a G Suite customer, you already have this functionality in the Device Management section of the Admin console.  

Once you’ve done a discovery exercise to learn which extensions are installed on your end users’ machines, and created a baseline of what permissions you will (or won’t) allow in your environment, you can centrally allow or block extensions by those permissions. With this approach, you don’t have to maintain super long whitelists or blacklists. If you couple this with allowing/blocking site permissions, which allows you to designate specific sites where extensions can or cannot run, you add another layer of protection. This approach of blocking runtime hosts makes it so you can block extensions from running on your most sensitive sites while allowing them to run on any other site. 

For a more in depth look at managing extensions, check out this guide (authored by yours truly) that covers all of the different ways of managing extensions. Or watch this video of me and my Google Security colleague, Nick Peterson, at Next 2019 presenting how to get this done. Enjoy, and happy browsing!

Admin Essentials: know your options for Modern Enterprise Browser Management

As more applications move to the cloud, without question, the browser is becoming more important. As an IT admin, you have to manage and ensure working in the cloud is seamless for your users. 

Here at Google, the Chrome Browser enterprise team has been working hard to open up new and easier management options to help you do just that. For example, we’re expanding existing Group Policy templates within Active Directory, enabling support for applying policies to Mac, and even providing a central console to help you  manage Chrome Browser from the cloud. 

When it comes to management, it’s important to take a close look at options to see what works best for you, your team and your endpoints. In this post, we’ll take a look at some of the many management options available in Chrome Browser today.  

1. Chrome Browser Cloud Management
Earlier this year, we announced the availability of Chrome Browser Cloud Management, which makes it possible to centrally enroll and manage browsers, as well as gain visibility into your browser deployments, right from within the Google Admin console. You can unify the management of Chrome Browser across Windows, Mac and Linux environments, and get a single view into extension, policies, versions and more. Check out our website to learn how to get started or watch this demo video:

See how Chrome Browser Cloud Management helps make managing and securing browsers fast and easy in your enterprise. Learn more, and get started at g.co/chromecloudmanagement.

2. Microsoft Endpoint Manager
Another option to consider is to manage Chrome Browser through Microsoft Intune (now part of Microsoft Endpoint Manager) on your Windows 10 devices, where you can use the same useful Chrome Browser ADMX templates. You can define and apply rules for hundreds of policies right from within the Microsoft management console. One benefit to this option is that if you are using Microsoft System Center Configuration Manager to manage Chrome’s installation and/or updates, it can be easier to handle from the same view. This is especially helpful if you are starting to use Microsoft Intune to manage your mobile devices and mobile apps.

You can also manage the popular Legacy Browser Supportcapability right from the Intune console, pre-defining sites to open in alternate browser outside of Chrome. This capability is used to help seamlessly redirect your users to legacy browsers when older web apps are unable to run in a modern browser. 

3. VMware Workspace ONE Unified Endpoint Management
If your organization uses Workspace ONE as a primary management tool, you can also manage your Chrome Browser instances within the Unified Endpoint Management console for both desktop and Androiddevices. Just apply Chrome’s ADMX templates and push policies out to your Windows machines. Since Chrome Browser is optimized for virtual environments, you can determine and apply settings across your physical and virtual desktops using Chrome’s policy templates.  

With Workspace ONE, you can use a single tool to manage Chrome Browser in your Windows environments, as well as provide basic management on your users mobile devices, without impacting a user’s personal Chrome app installation, if they have one. And for Workspace ONE customers with Chrome OS in their environments, they can also centrally manage their Chrome devices from one panel.

Manage Chrome your Way
Chrome continues to invest in making it possible for you and your team to use existing technology to manage browsers. In the near future, we plan to expand the capabilities available in Chrome Browser Cloud Management and to provide even more options. 

If your enterprise is exploring different management options for endpoints, consider the browser as part of that conversation. With so many options available, managing your user’s Chrome Browser has never been so flexible. Learn more on our website.

Admin Insider: What’s new in Chrome Enterprise, Release 79

Chrome 79—the latest release—includes more security and performance enhancements for Chrome Browser in your organization. Here’s what to expect (and as always, check the release notes for a full list of features).

Adopting modern security protocols

When it comes to Chrome Browser, security is one of the most important considerations. We continue to educate users on how to adopt modern protocols which are critical to enhancing security on our platform. Here are some upcoming changes to expect:

  • Highlighting legacy TLS 1.0 and 1.1 versions more prominently: We’ve been talking about our plans to only support TLS versions 1.2 and higher, and to retire legacy TLS versions (TLS 1.0 and 1.1), for awhile. More recently we announced that starting in January 2020, we will mark sites that do not support recent TLS versions as “Not Secure” and no longer show the lock icon for them. To make that even more clear to users, in Chrome 81, we’ll start showing a full-page interstitial warning telling people that the connection is not fully secure. If you think your company’s websites might be affected by this, read more in this blog post to learn how to prepare.

  • Securing subresources on HTTPS pages: We are also introducing changes in Chrome 79, 80 and 81 to ensure that HTTPS pages will only be able to load secure subresources. First, in Chrome 79, there will be a new setting to unblock mixed scripts content that Chrome currently blocks by default. Users can switch this setting by clicking the lock icon on any https:// page and selecting “Site Settings.” Second, in Chrome 80, mixed audio and video content will be auto-upgraded to https://, and Chrome will block them by default if they fail to load over https://.  It will also start showing a “Not Secure” warning on the URL bar for sites containing mixed content images (users can unblock affected audio and video resources in settings, too). Lastly, in Chrome 81, mixed images will also be auto-upgraded to https://. It’s a good idea to start ensuring that resources in pages under your control are fetched over HTTPS. For more information, read our Chromium blog or the Release Notes.

Enhancements to help users keep data secure 

We are focused on protecting users, all while respecting and maintaining their privacy. As a part of this, we already protect more than 4 billion users from sharing their information with insecure websites by checking the pages they’ve recently visited against the list of known insecure websites—a list that’s updated about every 30 minutes on your machine. Even though this does a great job of preventing personal information from being shared, there’s still more to be done as attackers become more and more sophisticated. We announced recent updates, including:

First, we are now offering enhanced protection against quick-changing, phishing sites that may slip through the window refresh each month. We do this by inspecting page URLs with Safe Browsing’s servers in real-time, and our analysis shows that this results in a 30% increase in protections. To start, we will roll out this protection for users who have opted into the “Make searches and browsing better” option. IT admins will be able to enable or disable this feature using policy

Next, we are also enabling a feature to notify users if their credentials are part of a known data breach. Our system will detect this without sending unencrypted passwords to Google. Similarly, admins will be able to enable or disable this feature using policy

More details about these and additional security enhancements in M79 can be found on the Chrome Security blog

Performance improvements 

We’re giving admins more control over Chrome’s memory usage with a new policy that is particularly beneficial for shared and virtual sessions. The TotalMemoryLimitMb policy configures the maximum amount of memory that a single Chrome instance can use before starting to discard background tabs. When a tab is discarded, its memory is freed, and if the user switches back to that tab, the content will reload. Note: if this policy is not set, the browser will only attempt to save memory after it has detected that the amount of physical memory on its machine is low (available on Windows and Mac).

To stay in the know, bookmark this Help Center page that details new releases, or sign up to receive new release details as they become available.

Admin Essentials: A primer on enterprise private browsing modes

Growing security and regulatory requirements may lead to enterprises looking more closely at privacy. Chrome Browser offers a variety of privacy configurations for users, but enterprise admins can also apply central controls that focus on protecting end user data. In this post, we will detail ways you can centrally manage privacy modes and highlight the differences between Guest, Ephemeral and Incognito modes. 

First, Guest mode.
“Guest mode” provides a blank profile for someone who’s temporarily using Chrome. You cannot see or change any other Chrome profile information from Guest mode, and a user’s browsing activity is not written on disk—it’s only kept in memory. This means that when someone exits Guest mode, nothing stays behind (even if the user turns off the computer instead of closing the browser).

chrome guest browsing.png

It’s ideal to use Guest mode in scenarios when users let others borrow a device or when using a public device because users won’t see or change settings of any other Chrome profile. It’s also worth noting that browsing activity is not saved, but still may be visible to visited websites, employers or schools, or your internet service provider (ISP). This is a good option for enterprises with shared devices or public machines. 

Second, Ephemeral mode.
In Ephemeral mode, you can enable your users to have access to their personalized resources on their personal laptop or a shared device that they trust,  but no data is left behind. Forcing Ephemeral mode can reduce the chance of any browsing information being left behind on a device.

chrome web browsing.png

During the ephemeral session, the user has access to the full extent of a browser session including: signing in for Chrome sync, cloud policies, password storage, bookmarks, autofill and other data normally present in the user profile. This includes any corporate assets that are enabled in Ephemeral mode, which may include corporate webmail, documents, and intranet pages. 

Incognito mode
In Incognito mode, Chrome won’t save a user’s browsing history, cookies and site data, or information entered in forms. That said, files that users download, and bookmarks that they create, may be retained. Also, a user’s activity isn’t hidden from websites they visit, their employer or school, or their internet service provider. If you don’t want Chrome to remember a user’s activity, consider enabling Incognito mode to allow private web browsing on their own device. They’ll see their information and settings without saving any browsing history.  In Incognito mode, the user can’t sign in and get the benefits of Chrome sync, such as corporate bookmarks.

chrome incognito.png

Here’s a good way to explain this to users: private browsing works by keeping things private at a device level. So browsing history, cookies and site data are not saved on the device; network traffic data is not private. Since it only prevents activity from being logged on the device—not the network—logging on the network side (communication to the server of the website) can still be monitored and logged by an employer, school or ISP. 

When you use Incognito mode or Guest mode, you can limit the information Chrome stores on your system. For example, Chrome won’t store certain information, such as basic browsing history information like URLs, cached page text, or IP addresses of pages linked from the websites you visit, snapshots of pages that you visit, or records of your downloads. Although, the files you download will still be locally stored elsewhere on your computer or device.

Choosing the right mode for your users
To wrap everything up, below is a handy dandy matrix with all of the comparisons. For a more in depth look at understanding the privacy mode options for your organization please read Chrome Browser privacy guide for enterprises: Understanding your privacy mode options.

Admin Insider: What’s new in Chrome Enterprise, Release 78

In our latest release, Chrome 78 brings features to help increase user productivity, and improve policy management for Admins. Here’s what to expect (and as always, for the full list of new features, be sure to read the release notes).  

Using Virtual Desks to increase productivity and reduce clutter
Starting in Chrome 78, users will be able to create up to four separate work spaces using Virtual Desks. Think of Virtual Desks as separate workspaces within your Chromebook. Use this feature to create helpful boundaries between projects or activities.  This makes it easier to multitask and stay organized.

To enable Virtual Desks, people can tap the overview key on the top of the keyboard or swipe down on the keypad using three fingers; “+ New desk” will appear in the top right hand corner. Read more about Virtual Desks and other updates.

Linux Beta experience enhancements  
With Chromebooks, you can install your favorite developer tools and build great applications. In Chrome 73, we made Linux containers available so that developers can access their favorite 

Integrated Development Environments (IDE) and other tools they know and love. In this latest version, we’re introducing two additional features to make this experience even better:

  • Backup and restore. In the case that a developer would want to restore their Linux environment to a previous version, users can now backup their files and applications to a restorable image, which can be used on that machine or a different Chromebook. The image can be backed up to your Chromebook’s local storage, an external drive, or Google Drive. 

  • GPU support on-by-default. Linux apps will now be able to use the Chromebooks’ Graphics Processing Unit (GPU) to provide a snappier, lower-latency experience for development applications.

Improving policy management with Atomic policy groups 
With so many options for policy management, administrators are looking for ways to reduce potential policy conflicts, especially if admins of the same fleet are using multiple tools to manage that fleet, like group policy and the Google Admin console. To ensure predictable behavior from policies that are tightly related, some policies have been regrouped as “atomic policy groups” for Chrome Browser and Chrome OS. This means that if you choose to enable “atomic policy groups,” policies in a single group will all be forced to set their behavior based on the highest priority source. You can enable atomic policy groups using PolicyAtomicGroupsEnabled

You can see if there are any conflicting policies from different sources at chrome://policy. Note: If you have multiple policies in the same policy group from different sources, they will be affected by this feature. Read about Atomic Policy Groups or check out this article on Chrome policy management to learn more. 

Chrome OS and Chrome Browser settings split
Chrome has historically shared a single settings surface for both OS and browser configuration for users. However, from Chrome 78 on, we will be splitting Chrome OS and browser configurations into two. This allows the OS settings to be developed independently, while still providing the consistent, customizability Chrome Browser users have grown to expect.

Settings on Chrome OS will now have native OS settings housed in the “Settings” app (available via Launcher or when you click the settings icon in the Quick Settings menu).  Chrome Browser settings will not change and can still be accessed in the familiar three-dot menu in the top right corner of the browser app. 

Tip: Enterprise Admins that block Chrome Browser settings by URL (chrome://settings) might also want to block the new URL for Chrome OS settings (chrome://os-settings).

To stay in the know, bookmark this Help Center page that details new releases, or sign up to receive new release details as they become available.

Admin Insider: What’s new in Chrome Enterprise, Release 77

These updates in Chrome 77 will make managing and securing Chrome Browser, or a fleet of Chrome devices, even easier. For the full list of additions and more detailed descriptions, be sure to read the release notes. Okay, now on to what’s new. 

A new Admin console experience for Chrome Enterprise

The Google Admin console got a major redesign recently, with changes that will help Chrome Enterprise admins perform device actions faster, search and find information quickly, and manage apps, extensions and native (CUPS) printers from one place. We’ve also introduced new policies. See changes for yourself directly within the Google Admin console, or subscribe to Release Notes for future updates.

new Admin console.gif

Preventing password reuse with Password Alert Policy 

Your organization’s data is at risk when your employees reuse their corporate password to external websites. Password Alert Policy helps admins prevent users from using their corporate password on websites that aren’t whitelisted by your organization, helping to eliminate the chance of their account being compromised either from password misuse or phishing attacks.  

Previously, Password Alert was available only via Group Policy Objects (GPO), however starting in Chrome version 77, you can enable Password Alert Policy in Chrome Browser Cloud Management across all operating systems. You can also enable Password Alert via GPO in Microsoft environments. Read this whitepaper to learn how you can mitigate data incidents and enterprise identity theft or check out this video:

Password Alert Policy

Increasing support for third-party print solutions

We’re continuing to improve support for advanced printer functionality, because we understand that many enterprises want to take advantage of third-party printing features like tracking print jobs, setting quotas, secure printing (e.g. via badge) and auditing.  

Starting with Chrome version 77,  admins can enable a new policy called Native Print Job Information to enable third-party printing features (support varies by solution). This is part of a range of native print policies we’ve introduced in the new Admin console to help admins manage users’ printing options more closely. Other policies will enable features including setting defaults and restrictions on duplex, color and double-sided printing. 

Playing HDCP 1.4 from Android apps

Many popular movies, TV shows, and other high-value content use HDCP—or High-bandwidth Digital Content Protection—to protect their content when displaying to external monitors. Previously, Android apps that used HDCP would appear blacked out on these monitors.

Starting with Chrome OS 77, businesses that rely on Android apps that use HDCP 1.4 content can now display that content on external monitors, such as high-definition television. 

Improving accessibility with automatic clicks and scrolling capabilities

Automatic Clicksis an accessibility feature that can be helpful for people with motor and dexterity impairments. This feature removes the need to physically click a touchpad or mouse—instead, people can simply hover their cursor over a given item and Chrome OS will “click” for them (after a user-specified amount of time).

While this feature has been part of Chrome OS for some time, we’ve greatly enhanced its functionality by adding left, right and double-click, scrolling capabilities, and more via hovering. The feature can be turned on via Accessibility in the Advanced Settings menu.

automatic clicks and scrolling capabilities.png

To stay in the know, bookmark our Help Center, or sign up to receive new release details as they become available.

Admin Insider: What’s new in Chrome Enterprise, Release 76

Updates in Chrome 76 are focussed on increasing security for Chrome Browser and Chrome devices in your organization. For the full list of what’s new, and more detailed descriptions, be sure to read the release notes.

Flash is now blocked by default
Last year, Adobe announced it will stop updating and distributing the Flash Player at the end of 2020. As part of our commitment to security, and our transition plan, from Chrome 76,  Adobe Flash will be blocked by default.  Administrators can manually switch back to ASK (“Dialog to Ask first before running Flash”) before running Flash. This change won’t impact existing policy settings for Flash. You can still control Flash behavior using DefaultPluginsSetting, PluginsAllowedForUrls, and PluginsBlockedForUrls.   

For more information on the Flash transition plan, see the Flash Roadmap. Enterprises using Flash applications today should be looking for alternatives to those applications, as Flash will be removed from Chrome in late 2020. 

Privately-hosted extensions should now be packaged with CRX3 for added security
We know that some enterprises prefer to privately-host (self-host) internally developed extensions, or third-party extensions outside of the Chrome Web Store for many business reasons—the most common is compliance. 

If your self-hosted extensions are still packaged in the CRX2 format, these extensions will stop updating in Chrome 76 and new installations of the extension will fail. Privately hosted extensions that were packaged using a custom script or a version of Chrome prior to Chrome 64 must berepackaged to CRX3. 

As we’ve been discussing since Chrome 68, we are moving from CRX2 to CRX3. CRX2 uses SHA1 to secure updates to the extension or app and, because breaking SHA1 is technically possible, this allows attackers to intercept an extension update and inject arbitrary code into it.  CRX3 uses a stronger algorithm, avoiding these risks, helping to protect against attacks. 

It’s now even easier to discover Chrome Enterprise policies
As part of our ongoing efforts to make discovering and setting Chrome Enterprise policies even easier, we have created a new site which details our Chrome Enterprise policies. The new site allows you to filter by platform and Chrome version to make it faster and easier to see which policies are available for your fleet.

chrome enterprise.png

Built-in FIDO security key is now supported
Starting with version 76, all latest-generation Chromebooks (produced from 2018) will gain support for built-in FIDO security keys backed by the Titan M chip. For supported services, end users can now use the power button on these devices for second factor authentication. This feature is disabled by default, however administrators can enable this by changing DeviceSecondFactorAuthentication in the Admin console.

To stay in the know, bookmark and visit our Help Center, or sign up to receive new release details as they become available.

Admin Insider: What’s new in Chrome Enterprise, Release 74

Updates in Chrome 74 offer a number of features that make managing Chrome Browser or a fleet of Chrome devices even easier.

For the full list of what’s new, and more detailed descriptions, be sure to read the release notes.  

Unifying Chrome Browser management in the cloud

We are excited that Chrome Browser Cloud Management is now generally available for enterprise customers. Chrome Browser Cloud Management provides administrators a simple way to centrally secure and manage Chrome to provide  an optimized browser experience for their end users.

Chrome Browser Cloud Management lives within the Google Admin console, and allows you to manage browsers across all operating systems from a single location. You can see your enrolled browsers, and set and apply policies across them from the same place. It also offers a full organizational view of extension usage, giving instant access to extension details, making it easy for administrators to decide which extensions to block or allow in their organization.

Full details on set up can be found on the Help Center.

Making Legacy Browser Support even easier

The already widely used Legacy Browser Support allows IT Admins to use policies to specify which URLs open in an alternative browser, specifically useful for enterprises that are still in the process of modernizing some critical legacy apps. For example, you might ensure that visits to the internet use Chrome Browser, but visits to your organization’s intranet use Internet Explorer.

We’ve made managing more than one browser in your enterprise even easier. Starting in Chrome 74 you can automatically deploy Legacy Browser Support, without the need to download an extension or set policies in the Chrome Group Policy Template.

Expanding access and simplifying Active Directory Integration

With the release of Chrome 74, we have expanded access to native Microsoft Active Directory integration by making it available to existing Chrome customers and making it easy to switch management modes based on what is most appropriate for your organization at any given time. Administrators can now configure whether or not their Chrome devices are managed by Active Directory or cloud management, without the need to setup a separate domain or worry about which type of Chrome Enterprise license was purchased. For more visit our full blog post.

To stay in the know, bookmark and visit our Help Center, or sign up to receive new release details as they become available.