Before you configure policies, you must deploy the Cisco Umbrella Chromebook client. For more information, see Deploy the Chromebook Client.
The overall process is to create a Chromebook-specific policy that will work together with your "network usage" policy that applies to all devices connected to your networks. You place the Chromebook policy at the top of your policies list, so it will be invoked first. This ensures that the Chromebook policy is applied to your Chromebooks. Then your network policy comes into effect for all other devices connected to your network.
To maintain end-user privacy when Chromebooks are connected at remote locations, you can also disable Content Logging and include only security-related events in your reporting.
Your network usage policy does not need to change at all because it will not be invoked for Chromebooks. For more information about creating Cisco Umbrella policies, see Create and Apply Policies.
Follow these steps to create a policy to apply to all Chromebook users when connected to your network as well as outside of your networks.
- Navigate to Policies > Management > All Policies and click Add.
The Policy Wizard opens.
- Select identities: G Suite OUs*, G Suite Users, and/or Chromebooks.
- To apply a policy to one or more OUs, select G Suite OUs.
- To apply a policy to one or more users, select them from the G Suite users container.
- You can also apply a policy to Chromebooks, which are the devices registered with email IDs on the Deployments > Chromebook users page.
- Click Next.
Choose the content settings and security settings to apply to Chromebooks. A common practice is to enable the default security settings and disable content filtering to maintain user privacy.
- Expand Advanced Settings and disable Enable Intelligent Proxy.
The intelligent proxy is not supported.
Optionally, you can choose to log only Security Events to protect users' privacy.
- Click Next. Generally no changes are needed to the Security Settings.
- Click Next. Similarly, Content Access settings often remain the same.
- Click Next. Make any needed changes to Destination Lists.
- Click Next.
The Custom block page, Bypass Users, and Bypass Codes features on this page are not yet supported by the Chromebook client. Currently the user is allowed to visit a site that should be blocked, and the result is in some cases erroneously visible in Reports as blocked.
- Click Next. Give your policy a name (the name is arbitrary), then click Save.
Your policy is automatically applied to Chromebooks. The process takes up to about 90 seconds.
Policies in Cisco Umbrella are applied in sequence from the top of the Policy List down. Make sure that your Chromebook policy appears above your network usage policy. This ensures that your Chromebooks are protected by your Chromebook-specific policy and all devices on your network (that are not Chromebooks) are protected by your Network Access policy.
Updated about a month ago