How to deploy Sophos Chromebook Security

Disclaimer: This information is posted as-is and the content should be referenced at your own risk

Sophos Chromebook Security can be deployed using Sophos Central or Google G Suite. This is an overview of the steps involved.
For further information about Sophos Chromebook Security please the Sophos Mobile admin guide at docs.sophos.com

Deployment via Sophos Central

Log in to Sophos Central
Navigate to the Mobile section
Create a Chrome OS policy and optionally create a Chrome OS Task Bundle
Navigate to Devices and use the Add device wizard
Follow the wizard, making sure to select Chrome OS as the device platform and assign a Chrome OS policy or Task Bundle
An enrolment token is generated at the end of the wizard along with an email to the user
The user should follow the steps in the email to download the Sophos Chrome Security extension and enter the enrolment token
The device is now enrolled in Sophos Central

Deployment via G Suite

Log in to Sophos Central
Navigate to the Mobile section
Create a Chrome OS policy

Navigate to Setup> Chrome OS setup
From the G Suite tab click Generate connection code
Copy the Connection code to your clipboard and select the desired options from the Owner, Device Group, and Chrome Security policy dropdowns. Click Save.

Open admin.google.com and log in with your G Suite admin user
Go to Devices> Chrome

Select Apps & extensions

Click the Add button at the bottom right of the screen and select Add from Chrome Web Store

Search for Sophos Chrome Security and press Select
Change the Installation policy value to Force Install and enter the Connection code value that you copied earlier into the Policy for extensions field

Each user that logs in with their G Suite account will now have the Sophos Chrome Security extension installed and enrolled automatically

The device is now visible in Sophos Central

Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your feedback! community.sophos.com/.../user-assistance-feedback

Updated
[edited by: tom_w at 4:49 PM (GMT -7) on 26 Oct 2020]

Top Replies

tom_w over 1 year ago in reply to Steven Solano +1

Hi Steven Yes, the Chromebook Security feature requires the Mobile Advanced or Intercept X for Mobile license. Therefore it will consume one of these licenses. Regards Tom

Steven Solano over 1 year ago

Following this Article, question of mine is after the chromebook appears in device list, it looks like it's using the Mobile Advanced license. Is this always true? For example, I was aiming to get the chromebook to use Mobile standard license but haven't been able to find an option that differentiates these two licenses mentioned in the License Matrix.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
tom_w over 1 year ago in reply to Steven Solano

Hi Steven

Yes, the Chromebook Security feature requires the Mobile Advanced or Intercept X for Mobile license. Therefore it will consume one of these licenses.

Regards

Tom
Cancel
Vote Up +1 Vote Down

Sign in to reply

Cancel
Kyle Sibbald 11 months ago

Hello,

So I created this connection via API key a month ago and upon enrollment the force install of the SOPHOS app was working perfectly. Fast forward a month later to now, and new devices that I am enrolling are no longer automatically getting the force install. Any thoughts? I am unable to see the chrome OS gsuite connection in SOPHOS anymore for some reason.

Thank you
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
GlennSen 11 months ago in reply to Kyle Sibbald

Hi Kyle,

You may re-validate your current configuration for auto-enrolment you can refer to this documentation and let us know.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer | Global Community and Digital Customer Support

Connect, Engage, Earn Rewards - Join the Sophos Community
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Kyle Sibbald 11 months ago in reply to GlennSen

Morning Glen! Thank you for the response. So I went ahead and created a new API type key and confirmed all of the settings were correct. I updated the new key in the app installation policy on the google admin side, but I am not sure if the devices will still get the install if they have already been enrolled while the policy was potentially not working at the time. Is there a way to manually push out the install if this is the case?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel