Add a Chromebook Specific Policy

Add a Chromebook-specific policy to Umbrella and protect all Chromebook devices connected to your network. Once added, place this Chromebook-specific policy at the top of your policies list so that it is evaluated first. This ensures that this Chromebook-specific policy is applied to your Chromebooks before any other policy is evaluated. For more information about adding a policy, see Add a Policy.

Note: To maintain end-user privacy when Chromebooks are connected at remote locations, you can also disable Content Logging and include only security-related events in your reporting.

Table of Contents

• Prerequisites
• Procedure

Prerequisites

• Cisco Umbrella Chromebook client deployed. See Deploy the Cisco Umbrella Chromebook Client.
• Cisco Umbrella root certificate installed — To avoid certificate errors when accessing an Umbrella block page, you must install the Cisco Umbrella root certificate on all Chromebook devices. See Install the Cisco Umbrella Root Certificate.
• Full admin access to the Umbrella dashboard. See Manage User Roles.

Procedure

1. Navigate to Policies > Management > All Policies and click Add.
   The DNS Policy wizard opens.

2. Select the Policy wizard components you'd like enabled and determine how Umbrella will block threats.
   The options you choose here determine which steps of the Policy wizard become available for configuration and thus how this policy will protect your identities.
   a. Expand Advanced Settings and disable Enable Intelligent Proxy.
   The intelligent proxy is not supported.
   b. Click Next.

3. Select G Suite OUs, G Suite Users, and Chromebooks identities as required:

• G Suite OUs — To apply a policy to one or more G Suite Organizational Units.
• G Suite Users — To apply a policy to one or more Chromebook users.
• Chromebooks — To apply a policy to one or more Chromebook devices.

4. Click Next and continue through the policy wizard until you are prompted to save it. For more information, see Add a Policy.
   Note: The Custom block page, Bypass Users, and Bypass Codes features are not supported by the Chromebook client. Currently the user is allowed to visit a site that should be blocked, and the result is in some cases erroneously visible in Reports as blocked.

5. Give your policy a good meaningful name and click Save.
   Your policy is automatically applied to Chromebooks.
   Note: We recommend that you place the Chromebook specific policy at the top of the list of policies.

---

Deploy the Chromebook Client < Add a Chromebook Specific Policy > Enable Trusted Network Detection