How Bailey Nelson keeps customers in sharp focus with Chrome Enterprise

Editor’s note: Bailey Nelson is a global eyewear brand based in Sydney, Australia, with retail stores in Australia, the United Kingdom, Canada, and New Zealand. The company uses Chrome Enterprise, G Suite, and Chrome Browser to simplify and personalize the process of eyewear shopping.

If you wear glasses or contact lenses, you know that buying eyewear is challenging. Prescription glasses and contacts can be expensive, and you have to sort through a ton of optometry jargon. Bailey Nelson started in Australia’s iconic Bondi Beach to take down those barriers with service that’s down to earth, friendly, and affordable. Our service gets a big boost from Chrome Enterprise, Chrome Browser, and G Suite. Here’s how my IT team and I work behind the scenes to create a stylish tech experience.

Simplified IT management makes opening new stores a breeze

Our bid to make glasses-buying enjoyable has helped our business grow quickly—from one store to 70 during the past six years. But we have to match our rapid growth with consistently great service. 

I’ve got 11 people on my head-office IT team. That might sound like a lot, but in a company rolling out new locations on an almost monthly basis like we are, I might worry that IT couldn’t keep up. But any potential concerns disappear once I log into Google Admin console for Chrome Enterprise to centrally manage our 300 Chromeboxes. 

We have the process of opening stores and onboarding employees down pat. My IT team created a checklist of everything that needs to be done to get a store ready for customers: networking, HP Chromeboxes, policies—you name it. Chrome Enterprise and Chrome OS makes this “get new stores ready” process fast and relatively stress-free.) .

Like many IT leaders, I’m concerned about staying in control. I want employees to have freedom to deliver excellent customer service, but I also don’t want them to install software or go places online that might bring malware into our networks, or result in a bunch of trouble tickets. Since I can set policies in Chrome Enterprise, I decide who can use which apps and how they can use them. Store associates can’t break things, and I can control what I need to control, which keeps us all working safely.

Chrome Enterprise is fantastic because we can manage everything from the web. Since we can be decentralized, it doesn’t matter if you have two computers or 2,000. It’s easy at a large scale to group devices, and assign different policies. It’s very logical and intuitive. Carles Vallecillo
IT Manager, Bailey Nelson
chrome ent x bailey nelson 2.jpg

Delivering a great in-store experience with easy-to-use devices

We’re an innovative retail business, and one that’s more complicated because we’re selling a clinical device. That’s why we want employees to have technology that’s as simple to use as possible, so they can deliver a great retail experience at the same time they write up orders for prescription glasses. 

The process starts when I create a profile for an employee in G Suite. I assign a Google account to that profile, and in about 15 minutes, a new sales associate can start working on any Chromebox that I’ve shipped to Bailey Nelson stores. That short timeframe for account setup is a massive advantage for me and my IT colleagues, and for the business as well. 

While we work our magic in the background with Chrome Enterprise, store associates on the front lines of customer service log in and get started with work in less than a minute. As Ollie, one of our assistant managers, explains, he can start a document on a laptop in Google Docs, switch over to the same document on a desktop computer, and finish it and share it with coworkers from his phone—without a hitch. Every application store employees need—from our optical practice software, and Gmail, Drive, and Sheets—is accessed through Chrome Browser.

chrome ent x bailey nelson 3.jpg

Real-time employee collaboration on design docs

Google Drive isn’t only useful for backing up data—although knowing we can’t lose important company information is a relief. Now that we’re in four countries, we use Drive to share new store marketing campaign materials and updated branding guidelines. It’s incredibly easy to file everything away and share it globally.

In addition to Drive, we share and store important communications for staff in our intranet. Using Chrome Browser and Chromeboxes, store employees access information about the products that will be landing that week, receive direction on how to visually merchandise products in windows and on shelving, and even get training modules focused on the customer experience or policy changes.

chrome ent x bailey nelson 4.jpg

A fast and personalized experience in every store 

As Bailey Nelson grows, we’re very aware that fast and easily managed devices and operating systems are just as important to customer service as friendly, knowledgeable store associates. Chromeboxes and Chrome OS minimize the time that store employees spend on computers, which gives them more time to advise customers on their eyewear purchases. The technology isn’t just something that makes the IT team happy: It’s critical to helping us maintain that hyper-personal touch Bailey Nelson is known for.

10 ways Chrome Enterprise helps protect employees and businesses

Editor’s note:Security is top of mind for many businesses as they shift to increasingly digital workplaces. In honor of Safer Internet Day, we thought we’d do a quick overview of the security capabilities available in Chrome Enterprise that can help businesses better protect their end users.

As organizations increase their productivity through the use of cloud and SaaS apps, managing business risk makes IT security even more imperative. They have to guard the organization against external attacks and internal vulnerabilities, while keeping the business moving. According to PurpleSec’s Cyber Security Statistics for 2019, malware and web-based attacks are the two most costly attack types—and companies spend an average of $2.4 million to ward off these threats. Ransomware attacks are expected to cost an estimated $6 trillion annually by 2021.

Each year, we introduce new security features to ensure that organizations and their employees have the resources to be more safe and secure online. Chromebooks help IT administrators protect employees from harmful attacks. 

Here’s a brief look at how Chrome Enterprise keeps your employees and business better protected.

Phishing prevention .gif

Phishing prevention 

Safe Browsing 
Unidentified dangerous sites can harm devices or cause problems when your employees are browsing online. With Google Chrome Safe Browsing, your employees are warned about malicious sites before they navigate to them, helping to deter negligent behavior. 

Password protection
Help keep your organization’s data safe by mitigating phishing attacks caused by password thefts. Password Alert Policy requires employees to reset their password when used with an unauthorized site, thus reducing the risk of a potential security breach.

Security keys
Google’s Titan Security Key helps to prevent hackers from logging into accounts when login details and passwords are compromised. By providing a second step of authentication after your password, security keys help prevent phishing and keep out attackers that could steal restricted information.

Protection from ransomware.gif

Protection from ransomware and other malicious software

Background auto-updates 
Seamless background auto-updates address vulnerabilities before they affect employees and your business—without interrupting workflows.

Low on-device data footprint
Chromebooks are cloud-native by design. Unlike traditional laptops, your files and customizations are primarily stored safely in the cloud, protected from bad actors by Google’s infrastructure.

Chrome OS uses ClusterFuzz to help rapidly find potential security vulnerabilities before they affect users. Employees can focus on what matters most without worrying about breaches and external attacks.

Prevent OS tampering
All Chromebooks use verified boot to confirm the operating system is an authentic, safe, Google-distributed build. With two versions of Chrome OS on every device, Chromebooks can proceed with boot-up even if one OS has been tampered with.

Google Security Modules
Chrome devices ensure stored user data encrypted, by default—no configuration required—with keys stored on tamper-resistant hardware called the Google Security Module (learn more in our ebook, “Cloud-Native Security for Endpoints”). 

Ephemeral mode
With Chrome Enterprise, Chromebooks can be set up to wipe all data from the device at the end of your session. Enabling ephemeral modereduces the chances of any browsing information being left behind on a user’s device.

Block malicious apps.gif

Block malicious apps & URLs

Blacklisting URLs 
By blacklisting specific URLs or sets of websites through the Google Admin console, you can restrict employee access to malicious sites. 

Google Play Protect
Google Play Protect helps detect potentially harmful applications in a variety of ways (including static analysis, dynamic analysis, and machine learning) and prevents your employees from downloading them.

Our vision with Chrome Enterprise is to secure cloud entry so that every enterprise can work smarter and stay safe—and make work easier and more meaningful for everyone. Learn more about Chrome Enterprise security at

How Sunrun sheds light on efficiency and growth with Chrome Enterprise

Editor’s note: Today’s post is by Joe Romeo, Lead Systems Administrator at Sunrun, the leading home solar, battery storage, and energy services company. Sunrun uses Chrome Enterprise to grow the business and help employees work efficiently.

The solar market is very competitive. Solar providers need to devote an enormous amount of technology and resources toward winning sales and getting ahead, and as the market leader for residential solar, Sunrun needs to continuously iterate, improve, and focus on efficiency in order to grow our business. Chrome Enterprise and Dell Chromebooks have become our go-to solutions for doing what we do better than anyone else.

How can we solve day-to-day business problems?  

We’ve standardized on Chrome Browser, and all of our employees use G Suite. That way, we can be device-agnostic, which works well in a business where people use all types of technology, including Android devices, iPhones, and every kind of computer. Ideally, we’d like everyone to use Dell Chromebooks moving forward, but first we wanted to understand who needs them and why.

We reached out to team leads in every business unit and asked what tools they used to get work done. We got some surprising feedback. For instance, our project coordinators’ workflow consisted of taking pictures of customers’ roofs before and after solar panel installations, then shrinking every picture down to thumbnail size on their Windows laptops before uploading them to Salesforce—a process that took a lot of time. 

We figured out a better way. We gave the project coordinators Chromebooks, which greatly simplified the process. We set up shared drives in Google Drive, with folders linking directly to Salesforce, eliminating several steps. It was a good example of how we can speed up work processes using better tools and communication between teams and our information technology department.

Chrome Browser also inspires us to get creative with homemade extensions. Our Salesforce team built an extension that lets people submit a trouble ticket with just one click, including adding a screenshot of the Salesforce webpage issue. The extension works much better than the old process of opening up a trouble ticket in Salesforce, which was frustrating and a barrier for people when seeking help.

Feb 12670 _ Sunrun hero image v2.png

How can we get devices into peoples’ hands faster?

We’re a lean IT team, with about 35 people serving 4,400 workers. We don’t want to be a bottleneck for employees, like busy salespeople, who need laptops. In the past, we’d collect laptops from former employees and ship them to one of our onsite IT departments. Local IT professionals spent as many as two hours (in between support calls) re-imaging each laptop and installing security software before shipping them around the country to new hires, who may have waited up to a week to receive devices. Employees never liked this slow and costly process. It’s frustrating to show up on day one at a new job and not have the tools you need to work.

Chromebooks completely changed device handouts for the sales team. With Chrome Enterprise Upgrade, we can wipe Chromebooks remotely in five minutes or less—no shipping delays and no time-wasting. We created organizational units for each team’s laptop in the Admin console, each with different policies. It’s a much better IT management and security experience.

How can we onboard and train employees better?

Our overall onboarding process needed work even beyond the sales team. If you’re handing out new devices, training and change management are really important. Fortunately, Chrome Enterprise and G Suite ensure that our “laptop on day one” goal is met.

Our support teams have gone through extensive Chromebook training. Most of them use a Chromebook every day, so when employees call with an issue, support techs can walk them through it using their own devices. 

Google’s training documentation was very helpful, especially the support pages with lots of pictures (we love pictures around here!). In fact, we created GIFs for our monthly “Tips and Tricks” emails, showing employees how to open and edit Excel files in Google Sheets, for example. It’s much more effective than just saying, “click this, then click that.”

chromebook excel.gif

When I came on board at Sunrun, our IT VP’s motto was, “Modernize and simplify.” These should be core values for any business. But in a company whose mission is to “make a planet run by the sun,” reducing wasteful processes and improving efficiency are right in line with what we do. Chrome Enterprise and Chromeboooks help us solve these pain points, and every day, they sprout all kinds of new benefits.

Admin Essentials: Configuring Chrome Browser in your VDI environment

As a Chrome Enterprise Customer Engineer, I often get asked by administrators of virtual desktop infrastructure (VDI) environments what our best practices are for backing up user profiles. For example, many ask us how to minimize backup size to speed up user log-in and log-off into the Windows environment and reduce impact on the overall user experience.

Like any browser, Chrome has cache directories. This is where data is temporarily stored for faster future site loading, cookies are saved in order to provide seamless authentication on websites, extensions cache various resources, and more. Chrome stores all of its caches in folders in the user profile directory. 

VDI administrators may prefer to back up the entire Chrome user profile directory, but the more sites a user accesses, the more the size of the cache folder increases, and the number of small files in those folders can become quite large. This can result in an increased user profile folder backup time. For users, this can lead to slower startup time for Chrome. 

Although we’ll cover different scenarios today, Google Sync is still our recommended method for syncing browser profile data between machines. It provides the best experience for both the user and the administrator as users only need to sign in. However, there are some environments where this option isn’t suitable for technical or policy reasons. If you can’t use Google Sync, there are a few approaches that can be used to minimize the backup size.

Moving the cache folders

One option is for administrators to move the cache folders outside of Chrome’s user profile folder. The VDI administrator will need to identify a folder outside of the Chrome user profile directory where the caches will be stored. Caches should still be in the Windows user’s directory, and keeping them in hidden directories can also reduce the risk of the cache being accidentally deleted. 

Examples of such folder shortcuts would be:

  • ${local_app_data}/Chrome Cache

  • ${profile}/Chrome Cache

The user data directory variables can help you specify the best directory for your caches.

Once the folder location has been decided, administrators need to configure the DiskCacheDir policy that relocates the cache folders. This policy can be configured either via Group Policy or registry. Once the policy configuration has been applied onto the machines, Chrome will start storing the cache directories into the newly defined cache folder location. The administrator might have to do a cleanup of older caches from the user profile folder the first time after enabling this policy as the policy does not remove the old caches.

Then, continue using the standard Chrome user profile directory. This should result in faster startup times for Chrome, as less data will be copied when a user signs-on or signs-off. It’s important to note that this approach will not allow simultaneous sessions from different machines, but it will preserve session data.

Enabling Roaming Profile Support

A second option is to enable the Chrome Roaming Profile Support feature. This will also not allow simultaneous sessions from different machines, and it won’t save a user’s concurrent session data. However, it will enable you to move the Chrome profile into network storage and load it from there. In this scenario, network performance could impact Chrome’s startup time.

To enable Chrome Roaming Profile Support: 

  • Switch on the ​Roaming​Profile​Support​Enabled policy.

  • Optional: Use the RoamingProfileLocation policy to specify the location of the roaming profile data, if this is how you’ve configured your environment. The default is ${roaming_app_data}GoogleChromeUser Data.

  • If you have been using the UserDataDir policy to relocate the regular Chrome profile to a roaming location, make sure to revert this change.

Advanced controls

While the solutions above will work for most enterprises, there are organizations that want more granular control of the files that are backed up. The approach below allows for more control, but comes at a higher risk, as file names or locations can change at any moment with a Chrome version release. A granular file backup could introduce data corruption, but unlike the other options, it will preserve session data. Here is how to set it up: 

  • Set disk cache to ${local_app_data}GoogleChromeUser Data with the DiskCacheDir flag.

  • Set user profile to ${roaming_app_data}GoogleChromeUser Data with the UserDataDir flag.

  • Back up the following files in your VDI configuration:

    • Folder location: AppDataRoamingGoogleChromeUser Data.

    • Files: First Run, Last Version, Local State, Safe Browsing Cookies, Safe Browsing Cookies-journal, Bookmarks, Cookies, Current Session, Current Tabs, Extension Cookies, Favicons, History, Last Session, Last Tabs, Login Data, Login Data-journal, Origin Bound Certs, Preferences, Shortcuts, Top Sites, Web Data, Web Data-journal.

Even though this approach preserves session data, it will not enable simultaneous sessions from different machines. 

There you have it—three different approaches IT teams can take to store Chrome caches in VDI environments. Keep in mind that there are a few ways an administrator can push policies onto a machine. For all desktop platforms, Google offers the Chrome Browser Cloud Management (CBCM) console as a one-stop shop for all policy deployments and it allows the admin to set one policy that can be deployed on any desktop OS and Chrome OS. For Windows, the admin can also use GPO or registry settings. For Mac, they can use managed preferences. These templates and more info can be found at

If you’d like to learn more about the management options that we make available to IT teams, please visit our Chrome Enterprise web site.

Admin Essentials: Improving Chrome Browser extension management through permissions

IT teams often look for best practices on managing extensions to avoid exposing company IP, leaving open security holes and compromising the productivity of end users. Fortunately, there are several options available to admins for extension management in Chrome. I’m going to cover one of them in more detail in this Admin Essentials post. 

Several  configuration options are available to enterprises wanting to manage extensions. Many enterprises are familiar with the more traditional route of blacklisting and whitelisting. But a second approach offers enterprises more granular controls. Instead of managing the extensions themselves, you can block or allow them by their behavior or permissions.

What are extension permissions? 

Permissions are the rights that are needed on a machine or website in order for the extension to function as intended. There are device permissions that need access to devices and site permissions that need access to sites. Some extensions require both.

extension permissions.png

Permissions are declared by the extension developer in the manifest file. Here is an example:

manifest file.png

Take a look at this list of the various permissionsto help you determine what is or isn’t acceptable to be run on your organization’s devices. As a first step towards discovering which extensions are live in your environment, consider Chrome Browser Cloud Management. It has the ability to pull what extensions are present on your enrolled machines as well as what permissions they are using. Here is an example of that view in Chrome Browser Cloud Management:

Chrome Browser Cloud Management.gif

If you’re a G Suite customer, you already have this functionality in the Device Management section of the Admin console.  

Once you’ve done a discovery exercise to learn which extensions are installed on your end users’ machines, and created a baseline of what permissions you will (or won’t) allow in your environment, you can centrally allow or block extensions by those permissions. With this approach, you don’t have to maintain super long whitelists or blacklists. If you couple this with allowing/blocking site permissions, which allows you to designate specific sites where extensions can or cannot run, you add another layer of protection. This approach of blocking runtime hosts makes it so you can block extensions from running on your most sensitive sites while allowing them to run on any other site. 

For a more in depth look at managing extensions, check out this guide (authored by yours truly) that covers all of the different ways of managing extensions. Or watch this video of me and my Google Security colleague, Nick Peterson, at Next 2019 presenting how to get this done. Enjoy, and happy browsing!

3 ways retailers improve the customer experience with help from Chromebooks

In an increasingly competitive market, delivering outstanding customer experiences is top of mind for retailers. Seventy percent of global business and IT decision-makers in retail say that improving the customer experience is a top business priority over the next 12 months, according to a commissioned study conducted by Forrester on behalf of Google.

One big way to improve the customer experience is to give retail associates shared devices, like Chromebooks, that enable them to work securely from wherever they are, whether on the store floor or in the back office. Here are three ways retailers are using Chromebooks to offer better customer experiences.

1. Ensuring customers receive high-quality products

Providing consistent quality is critical to delivering superior customer experiences. Take Panda Express for instance. The company wants customers to enjoy a consistent taste experience for its signature dishes like Original Orange Chicken and Broccoli Beef. That’s why in almost 400 locations, Panda Express workers take training courses on these recipes with the help of Chromebooks. Restaurant associates used to frequently be interrupted when watching training videos by other workers. Now, they have access to touchscreen, flip-capable Asus Chromebooks for training purposes.

“Our restaurant associates work hard to show customers that our food isn’t from an assembly line, and cook it to order each day,” said Dorothy Shih, IS Senior Project Manager, and Young Kim, IS Network Administrator, at Panda Restaurant Group. “With the help of Chromebooks in our training, we’re making sure that our Original Orange Chicken tastes great, no matter which restaurant guests visit.”

2. Reducing customer wait times

More than 3,000 workers at eCommerce company Mercado Libre take calls from customers, helping them place an order or resolve an issue. When contact center employees used Windows PCs, a power outage or transit strike could stop them from helping customers since there was no way to quickly enable employees to work from outside the office. 

In contrast, Chromebooks make it easy for them to work from anywhere because unlike traditional laptops, employee files and customizations are primarily stored in the cloud. As a result, employees can move seamlessly between different Chrome devices to stay productive. And the fast boot up of Chromebooks saves 250 productivity hours each shift, according to a company review of the number of logged customer cases. Contact center employees have gained more time to take orders and answer callers’ questions.  

In another example, at family-owned grocery store chain Schnucks Markets, associates staffing the meat and produce departments had to leave the counter to use Windows PCs in back storerooms to check email or follow up on orders. This left customers waiting for assistance as associates walked back-and-forth from the back room to the counter. With 100 locations across five states in the United States, this impaired its customer service.

To help, Schnucks rolled out about six Acer Spin Chromebooks per store. Now, associates can check email and orders right behind the counter, keeping them front and center when customers approach, speeding their customer service and saving about eight hours a week.

“As a grocer, we have to be ‘best in fresh.’ That means the customer experience has to be 100% efficient and quick, which Chromebooks has helped us accomplish,” said Mike Kissel, Senior Manager of Endpoint and Cloud Security, at Schnucks Markets. “People still want to go to a brick-and-mortar grocery store, but the last thing they want to do is stand in line and not be served quickly.” 

3. Offering personalized customer experiences

Eighty percent of shoppers say they’re more likely to do business with a company that offers personalized customer experiences, and the right technology can make this possible both in storefronts and as part of product development.

That’s the case for pet food retailer NomNowNow, which uses Chromebooks to customize pet meal portions. Workers on the company’s kitchen, packing, and inventory teams prepare, pack and ship personalized pet food based on online profile details from pet parents, such as a pet’s name, age, weight, and breed. 

“Based on these [pet] details, we’re able to make NomNomNow’s personalized customer experience possible,” said Lynn Hubbard, Vice President of Operations, and Dan Massey

Vice President of Data, Product, and Engineering, at NomNomNow. “And for an extra personal touch, every NomNomNow shipment gets a packing slip with the pet’s name and food details.” 

Learn how Chrome Enterprise can benefit your retail business

Many retail businesses use Chrome Enterprise to securely power better customer experiences. To learn more, visit our website. Or if you’re attending NRF 2020, stop by the Chrome Enterprise booth #5065 on Level 3 and check out our session on Monday, Jan. 13, 2020 on the benefits of cloud-powering retail associates.

How Chrome is helping enterprises still using Windows 7

While the new year brings opportunity to rethink many aspects of business, this year, it also brings big changes for some businesses: on January 14, 2020 (just 5 days away), Microsoft will officially end support for Windows 7. If you’re like most enterprises, you’ve started the migration process and may already have a portion of your company now running on Windows 10. 

Operating system migrations are tricky (which is one reason many companies have adopted Chromebooks for parts of their workforce). IT teams want to make the move to the latest OS version quickly to take advantage of the latest security improvements and benefits, while limiting potential disruptions to user productivity. But the browser has become just as critical as the operating system for getting work done, especially when there’s major reliance on cloud and SaaS apps.

We have enterprises covered, even if they haven’t yet made the full move to Windows 10. We will continue to fully support Chrome on Windows 7 for a minimum of 18 months from Microsoft’s End of Life date, until at least July 15, 2021. So if you haven’t started your move to Windows 10 yet, or even if your organization is mid-way through migration, you can still benefit from the enterprise capabilities of Chrome.

Chrome Browser keeps users productive on Windows 10.

First, a highly secure, fully updated browser

Running an OS outside of official support can leave organizations vulnerable to potential security threats. On Windows 7, Chrome will continue to provide built-in security capabilities that help keep users safe while on the web. With Safe Browsing, Site Isolation and new advanced password and phishing protections, Chrome proactively helps protect users working in the cloud. With policy management, IT teams can tighten controls as they see fit. And our fast update cycles mean better protection from vulnerabilities, especially for enterprises taking advantage of automatic updates. 

Second, a consistent browsing experience for your users

Users can work seamlessly between Windows 7 or Windows 10 because, with the help of Chrome, they’re able to pick up where they left off across operating system versions. And because your employees are already familiar with browsing in Chrome, they’ll experience less disruption once they do move to working in Windows 10. Even beyond Windows environments, employees can be productive on Chrome across different desktop and mobile platforms, without interruption. 

Lastly, unified management and visibility for IT

With Chrome Browser Cloud Management, IT teams can get browser insights and manage policies from one place, even across different Windows versions. You can also manage Chrome for Mac, Linux and Chromebooks from the same console. Prefer Group Policy? You can use the templates in our enterprise bundle (with hundreds of options for configuration). 

We understand the challenges IT teams face when migrating to a new OS. Rest assured that Chrome will give your organization the extra time you need, while still giving your IT teams a highly secure and manageable browser that people love to use at work. Check out all the tools you need on our website.

4 Chrome Enterprise Updates You Might Have Missed in 2019

As a growing number of IT leaders invest in their frontline workforce by providing cloud-based tools like Chrome Enterprise, more employees are collaborating with ease and speed to better support customers. It’s been an exciting year for Chrome Enterprise with big announcements aimed at making the modern OS more accessible to every business. Read on for four key Chrome Enterprise updates you might have missed.

1. We enhanced the business capabilities of the Google Admin console.

In August, we announced a major redesign of the Google Admin console, a central, cloud-native suite for IT to manage Chromebooks and Chrome Browser (building off the introduction of Chrome Browser Cloud Management in April). The re-engineered Admin console loads pages up to 10X faster.1


New Admin console capabilities include:

  • Built-in search, which lets you search directly for organizational units nested deeply in the hierarchy, filter out inherited settings, and find devices by serial number, recent user, sync time, and auto-update expiration.

  • Unified app management, which allows you to manage Android, Chrome, and web apps side-by-side in a single interface.

  • Additional policies, to control the complete user experience, such as Chrome Safe Browsing, Password Alert, and quick unlock with PIN and fingerprint.

  • Device fleet oversite features, such as remote screenshot, log capture, and reboot completely in the background.

We’ll continue to improve the Admin console to better serve IT needs, with plans to create a new interface for managing thousands of native printers and to add Legacy Browser Support for Chrome Browser on Windows as a policy soon. 

2. We partnered with OEMS to give you more enterprise device options.

In August, we shared news of the first Chromebook Enterprise devices—Dell Latitude 5400 and Dell Latitude 5300 2-in-1 Chromebook Enterprise. Since then, Acer, Google, and HP have announced Chromebook Enterprise devices, too. 

What’s great about Chromebook Enterprise devices like these is that they combine the user benefits of Chromebooks with the business capabilities of Chrome OS. This gives IT the ability to empower employees to work securely and effectively from anywhere. Businesses already using Chromebooks can gain the same capabilities by addingChrome Enterprise Upgrade to their devices—check out this article to learn how to get started. 

Benefits of upgraded devices include:

  • Advanced security to keep corporate data safe. If an employee misplaces a Chromebook, IT can easily disable the device, protecting data from potential bad actors.

  • Simplified orchestration of the organization’s Chrome device fleet, with access to device policies and fleet oversight capabilities from an easy-to-use, cloud-based Google Admin console or a third-party UEM solution.

  • Flexible access to resources regardless of identity type. Integrate with Active Directory and SAML SSO providers or enable shared device use cases with managed guest sessions or kiosk mode.

  • 24/7 support so IT administrators can call Google if any issues come up, at no additional cost.

“As a global organization, having Chromebook Enterprise availability in 50+ countries is really important. The ability to have devices delivered straight from the factory pre-enrolled into our domain enables users to login and get to work on their own.”– Scott Gardiner, Group End User Computing Manager, Rentokil 

3. We updated Chrome Browser Benchmark recommendations.

The Center for Internet Security (CIS) Chrome Browser benchmark has become a trusted resource for enterprise customers, providing guidance on which policies to configure to make Chrome Browser more secure and compliant for their environment (Companies can select from more than 300 policies). In June, we introduced the CIS Benchmark 2.0 for Google Chrome Browser, an updated benchmark that you can utilize to configure your browser to meet the security, privacy and productivity needs of your organization. The updated benchmark contains five sections: 

  1. Enforce Defaults: Recommends default security configurations for Chrome Browser that can be enforced by policy to avoid employees changing them. Also, it ensures that previous admins haven’t mistakenly set them to non-default or less safe configurations.

  2. Attack Surface Reduction: Details how to disable web features that may be unnecessary in your enterprise environment.

  3. Privacy: Dives into suggestions for improving user privacy.

  4. Management/Visibility/Performance: Recommends how to manage and control remote access to your browser.

  5. Data Loss Prevention (DLP): Offers settings to control how data is synced and where data is sent in order to prevent data loss.

4. We celebrated our customers who support their customers.

We never tire of hearing from IT leaders about how they’re transforming their organizations with help from the cloud. Here are just a few of the stories we’ve heard this year:

  • Blue Cross Blue Shield of North Carolina: increasing security and productivity with Chrome Browser, while having to configure only six out of 1,200 applications (All with help from Legacy Browser Support).

  • Panda Restaurant Group: making it easier for employees to receive training by providing a Chrome device dedicated to training at each location.

  • Hunterdon Healthcare: providing caregivers with secure access to critical healthcare apps via low-maintenance devices that run Chrome Enterprise and G Suite.

  • Japan’s GABA language schools: making it easier for its instructors to teach English lessons with reliable Chrome devices.

  • Pet food manufacturer NomNomNow equipped workers at every stage of the process, from the kitchen to shipping.

Read more Chrome Enterprise customer stories on our website.

More to come

We’re looking forward to bringing you even more ways to better support your users and to transform your organizations with the help of cloud. Learn more about Chrome Enterprise on our website

1: Source: Internal tests completed by Google engineering

Admin Essentials: know your options for Modern Enterprise Browser Management

As more applications move to the cloud, without question, the browser is becoming more important. As an IT admin, you have to manage and ensure working in the cloud is seamless for your users. 

Here at Google, the Chrome Browser enterprise team has been working hard to open up new and easier management options to help you do just that. For example, we’re expanding existing Group Policy templates within Active Directory, enabling support for applying policies to Mac, and even providing a central console to help you  manage Chrome Browser from the cloud. 

When it comes to management, it’s important to take a close look at options to see what works best for you, your team and your endpoints. In this post, we’ll take a look at some of the many management options available in Chrome Browser today.  

1. Chrome Browser Cloud Management
Earlier this year, we announced the availability of Chrome Browser Cloud Management, which makes it possible to centrally enroll and manage browsers, as well as gain visibility into your browser deployments, right from within the Google Admin console. You can unify the management of Chrome Browser across Windows, Mac and Linux environments, and get a single view into extension, policies, versions and more. Check out our website to learn how to get started or watch this demo video:

See how Chrome Browser Cloud Management helps make managing and securing browsers fast and easy in your enterprise. Learn more, and get started at

2. Microsoft Endpoint Manager
Another option to consider is to manage Chrome Browser through Microsoft Intune (now part of Microsoft Endpoint Manager) on your Windows 10 devices, where you can use the same useful Chrome Browser ADMX templates. You can define and apply rules for hundreds of policies right from within the Microsoft management console. One benefit to this option is that if you are using Microsoft System Center Configuration Manager to manage Chrome’s installation and/or updates, it can be easier to handle from the same view. This is especially helpful if you are starting to use Microsoft Intune to manage your mobile devices and mobile apps.

You can also manage the popular Legacy Browser Supportcapability right from the Intune console, pre-defining sites to open in alternate browser outside of Chrome. This capability is used to help seamlessly redirect your users to legacy browsers when older web apps are unable to run in a modern browser. 

3. VMware Workspace ONE Unified Endpoint Management
If your organization uses Workspace ONE as a primary management tool, you can also manage your Chrome Browser instances within the Unified Endpoint Management console for both desktop and Androiddevices. Just apply Chrome’s ADMX templates and push policies out to your Windows machines. Since Chrome Browser is optimized for virtual environments, you can determine and apply settings across your physical and virtual desktops using Chrome’s policy templates.  

With Workspace ONE, you can use a single tool to manage Chrome Browser in your Windows environments, as well as provide basic management on your users mobile devices, without impacting a user’s personal Chrome app installation, if they have one. And for Workspace ONE customers with Chrome OS in their environments, they can also centrally manage their Chrome devices from one panel.

Manage Chrome your Way
Chrome continues to invest in making it possible for you and your team to use existing technology to manage browsers. In the near future, we plan to expand the capabilities available in Chrome Browser Cloud Management and to provide even more options. 

If your enterprise is exploring different management options for endpoints, consider the browser as part of that conversation. With so many options available, managing your user’s Chrome Browser has never been so flexible. Learn more on our website.

Admin Insider: What’s new in Chrome Enterprise, Release 79

Chrome 79—the latest release—includes more security and performance enhancements for Chrome Browser in your organization. Here’s what to expect (and as always, check the release notes for a full list of features).

Adopting modern security protocols

When it comes to Chrome Browser, security is one of the most important considerations. We continue to educate users on how to adopt modern protocols which are critical to enhancing security on our platform. Here are some upcoming changes to expect:

  • Highlighting legacy TLS 1.0 and 1.1 versions more prominently: We’ve been talking about our plans to only support TLS versions 1.2 and higher, and to retire legacy TLS versions (TLS 1.0 and 1.1), for awhile. More recently we announced that starting in January 2020, we will mark sites that do not support recent TLS versions as “Not Secure” and no longer show the lock icon for them. To make that even more clear to users, in Chrome 81, we’ll start showing a full-page interstitial warning telling people that the connection is not fully secure. If you think your company’s websites might be affected by this, read more in this blog post to learn how to prepare.

  • Securing subresources on HTTPS pages: We are also introducing changes in Chrome 79, 80 and 81 to ensure that HTTPS pages will only be able to load secure subresources. First, in Chrome 79, there will be a new setting to unblock mixed scripts content that Chrome currently blocks by default. Users can switch this setting by clicking the lock icon on any https:// page and selecting “Site Settings.” Second, in Chrome 80, mixed audio and video content will be auto-upgraded to https://, and Chrome will block them by default if they fail to load over https://.  It will also start showing a “Not Secure” warning on the URL bar for sites containing mixed content images (users can unblock affected audio and video resources in settings, too). Lastly, in Chrome 81, mixed images will also be auto-upgraded to https://. It’s a good idea to start ensuring that resources in pages under your control are fetched over HTTPS. For more information, read our Chromium blog or the Release Notes.

Enhancements to help users keep data secure 

We are focused on protecting users, all while respecting and maintaining their privacy. As a part of this, we already protect more than 4 billion users from sharing their information with insecure websites by checking the pages they’ve recently visited against the list of known insecure websites—a list that’s updated about every 30 minutes on your machine. Even though this does a great job of preventing personal information from being shared, there’s still more to be done as attackers become more and more sophisticated. We announced recent updates, including:

First, we are now offering enhanced protection against quick-changing, phishing sites that may slip through the window refresh each month. We do this by inspecting page URLs with Safe Browsing’s servers in real-time, and our analysis shows that this results in a 30% increase in protections. To start, we will roll out this protection for users who have opted into the “Make searches and browsing better” option. IT admins will be able to enable or disable this feature using policy

Next, we are also enabling a feature to notify users if their credentials are part of a known data breach. Our system will detect this without sending unencrypted passwords to Google. Similarly, admins will be able to enable or disable this feature using policy

More details about these and additional security enhancements in M79 can be found on the Chrome Security blog

Performance improvements 

We’re giving admins more control over Chrome’s memory usage with a new policy that is particularly beneficial for shared and virtual sessions. The TotalMemoryLimitMb policy configures the maximum amount of memory that a single Chrome instance can use before starting to discard background tabs. When a tab is discarded, its memory is freed, and if the user switches back to that tab, the content will reload. Note: if this policy is not set, the browser will only attempt to save memory after it has detected that the amount of physical memory on its machine is low (available on Windows and Mac).

To stay in the know, bookmark this Help Center page that details new releases, or sign up to receive new release details as they become available.

Behind the counters, Chrome Enterprise and G Suite help Schnucks create faster grocery service

Editor’s note:Founded in 1937, Schnucks Market is a family-owned grocery store founded by the Schnuck family. Since its start, the company has grown to almost 100 stores across five states in the U.S.. In this post, Schnucks executives explain how they rolled out Chromebooks and G Suite to their workforce, with help from partner Agosto.

At this time of year, a fast and friendly shopping experience is top of mind for our customers. At our grocery store counters (and in our IT department), we’re right there with them. We want to help people get through checkout lines faster, so they can get home and prepare family meals. Now that we have Chrome Enterprise tools like Chromebooks in our grocery departments, our workers are able to help customers even more efficiently. This saves us time in our ordering and food prep processes, cuts costs, and helps us reduce waste by going paperless. 

The changes we’ve made behind the scenes might not be obvious to our customers, but for us, they’re a big deal. Here’s how the typical work day for store employees and our IT team is much different today.

Spending more time helping customers
Prior to moving to the cloud, our meat and produce employees had to check email and follow up on orders via Windows PCs located in back store rooms. This meant employees had to walk back and forth from counters to back rooms, often leaving customers waiting for assistance. What’s worse: once employees got there, they would spend several minutes logging into various applications on the PCs—another frustrating time-waster. 

We turned to Chrome Enterprise and G Suite to help. Now we have about six Acer Spin Chromebooks in every store—and nearly 700 company-wide. The counter employees can log in to shared Chromebooks in seconds, check Gmail and review orders, and still help customers in person, all in the same place. Agosto, our partner, made sure our G Suite rollout went smoothly, and that everyone was prepped for the change. Now, each employee is saving about eight hours a week because they’re getting tasks done from counters—with 2,700 fresh food employees, that’s a total of 21,600 company-wide every week. 

Saving money and time 
As mentioned, cost was a major factor as we considered alternative technology options. Because Chromebooks are much less costly than PCs, we can add more devices to each store. In fact, it cost us $250,000 less to get twice as many Chromebooks as PCs. Because the Chrome OS keeps Chromebooks secure right out of the box, we don’t need to buy and manage encryption software, so we can cross that off our list. Our endpoint security team can focus on more urgent issues.

Setting up Chromebooks is incredibly fast with Chrome Enterprise—about 15 minutes compared to the hour or more it took to image and update software on the PCs. That’s another way we are saving time. We recently rolled out new seafood counters in our stores and were able to send out Chromebooks to employees in just a few days. It would have taken weeks to do this with PCs.

Reducing paper and food waste
Our fresh-food department heads used to place their food orders—as many as 30 a day—using paper forms, which could take upwards of an hour and a half to complete each order. Now, using Google Forms (that we customized with simple script using Apps Script), each order only takes 30 minutes to place—two-thirds less time. These orders are saved in Google Drive which means that the meat department is now completely paperless. We’re hoping to eliminate paper across other fresh food departments soon.

With the old paper-based order system, the meat cutters had to guess how much meat to prepare daily. With Chromebooks and Periscope, our fresh-food management application, we’ve reduced food overproduction markdowns—like discounts on excess fresh meat—from 400 a month to just four per month. We can offer fresher meat to customers while better forecasting what we need to sell.

When people walk into a Schnucks store, we’re happy that Chrome Enterprise and G Suite are making grocery shopping fast, efficient, and friendly—during the holidays and all year-round.

How two London borough councils use Chrome Enterprise and G Suite for modern collaboration

Editor’s note: David Grasty is the Corporate Head of Digital Transformation at two councils located in Southwest London. The councils employ roughly 5,000 council workers across 114 sites to keep local services operating for a combined 400,000 residents. This is how Grasty helped his IT team operate more efficiently, while giving his workers a more modern work experience using G Suite and Chrome Enterprise.

About six years ago, our Kingston and Sutton councils began sharing IT services—a step that helped us save money and reduce our IT workload. The process also provided our employees with a more modern work experience, so they can keep local services for borough residents up and running, like libraries, hospitals, schools, sustainable transportation and environmental health programs. 

Using technology to help teams collaborate
We knew we wanted to replace our Windows 7 computers with cloud-based technology that allowed our employees to work together without interruption, including everyone from social workers to hospital staff—so we chose G Suite. We replaced our legacy email solution that operated on each borough’s individual servers and transitioned to Gmail with help from a tool called CloudMigrator offered from our Google Partner, Cloud Technology Solutions. After our council employees got used to working in Gmail—which many already knew from personal use—they began to work in other G Suite apps. Our work habits started to change. 

In one meeting, we discussed areas of responsibility for different council organizations. I created a spreadsheet in Google Sheets to collaborate on ideas and others jumped into the document to add additions. We’d never make progress that quickly if we shared documents back and forth in email attachments. Similarly, it became second nature for people to connect face-to-face in video meetings in Meet or to send messages about projects in Chat.  It sounds like such a simple change, but being able to attend meetings from home or from different administrative buildings, has saved people thousands of hours of commuting and walking time. 

Providing flexible devices to help “sitters,” “walkers,” and “runners”
Our goal as an IT team is to be seen as more than just “wires and Wi-Fi.” Instead, we want to be integral partners for digital transformation. With G Suite technology in place, we were primed to offer flexible work options for employees, like shared desks or the ability to work from home. With that said, many employees work in historic buildings which can’t easily be renovated. The devices we chose needed to be flexible, installed and usable from anywhere.

We rolled out 3,800 Chromebooks in 80 locations, followed by about 1,700 Chromeboxes that replaced PCs. It was simple to deploy Chrome devices—I don’t think we could have rolled out the same number of Windows laptops in only four months. We knew that Chromebooks and Chromeboxes would work right out of the box in just a few minutes, with the correct policies applied. 

To ensure success with the rollout, we carefully matched device types to each worker depending on their role and preference, classifying workers as: “sitters,” “walkers,” or “runners.” 

  • Sitters have assigned desks, so they received Chromeboxes with large displays that help them get their work done.
  • Walkers work at their desks but like the freedom to work from home, so they received Acer Chromebooks, which are more portable. 
  • Runners frequently travel throughout the boroughs and offices,  so they received Acer Spin Chromebooks, which can convert into tablets for presentations. The Acer Spin devices helped people in the field connect more easily with local residents, who might not be able to visit council offices. 

With Chromebooks and G Suite, we’re not tied down to particular offices and data centers because just about every application we use is web-based or is a G Suite app. If we need to use legacy apps, such as council tax and planning systems, we can access them through Chrome’s Legacy Browser Support. Legacy Browser Support allows us to seamlessly access from Chrome just the legacy apps we need to in the required legacy browser, limiting the time we spend in unsecure browsers, while also not stalling what we need to get done in those legacy applications. 

What I also particularly love about Chrome devices is that they require very little administration. With Chrome Enterprise Upgrade they’re secure and manageable right out of the box: we simply set policies within the Google Admin console, and from there we can track device usage, choose network settings, and even lock down devices. 

Evolving workspaces to support modern collaboration
In our two main buildings, we’ve turned very traditional offices into flexible spaces where workers can set up their Chromebook at any open space. We have fewer desks now; many people work from home and join video meetings.

When I see employees working efficiently in the cloud, instead of pushing bits of paper around, I’m confident we’ll have greater impact on Kingston and Sutton residents.