Thread Info
  • Replies 5 replies
  • Subscribers 8 subscribers
  • Views 11884 views
  • Users 0 members are here
Options
Suggested

How to deploy Sophos Chromebook Security

tom_w
over 2 years ago

Disclaimer: This information is posted as-is and the content should be referenced at your own risk

 

Sophos Chromebook Security can be deployed using Sophos Central or Google G Suite. This is an overview of the steps involved.
For further information about Sophos Chromebook Security please the Sophos Mobile admin guide at docs.sophos.com

Deployment via Sophos Central

  • Log in to Sophos Central
  • Navigate to the Mobile section
  • Create a Chrome OS policy and optionally create a Chrome OS Task Bundle
  • Navigate to Devices and use the Add device wizard
  • Follow the wizard, making sure to select Chrome OS as the device platform and assign a Chrome OS policy or Task Bundle
  • An enrolment token is generated at the end of the wizard along with an email to the user
  • The user should follow the steps in the email to download the Sophos Chrome Security extension and enter the enrolment token
  • The device is now enrolled in Sophos Central

 

Deployment via G Suite

  • Log in to Sophos Central
  • Navigate to the Mobile section
  • Create a Chrome OS policy

  • Navigate to Setup> Chrome OS setup
  • From the G Suite tab click Generate connection code
  • Copy the Connection code to your clipboard and select the desired options from the Owner, Device Group, and Chrome Security policy dropdowns. Click Save.

  • Open admin.google.com and log in with your G Suite admin user
  • Go to Devices> Chrome

 

  • Select Apps & extensions

 

  • Click the Add button at the bottom right of the screen and select Add from Chrome Web Store

 

  • Search for Sophos Chrome Security and press Select
  • Change the Installation policy value to Force Install and enter the Connection code value that you copied earlier into the Policy for extensions field

  • Each user that logs in with their G Suite account will now have the Sophos Chrome Security extension installed and enrolled automatically

  • The device is now visible in Sophos Central

 Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your feedback! community.sophos.com/.../user-assistance-feedback



Updated
[edited by: tom_w at 4:49 PM (GMT -7) on 26 Oct 2020]
  • 4 months ago

    Following this Article, question of mine is after the chromebook appears in device list, it looks like it's using the Mobile Advanced license. Is this always true? For example, I was aiming to get the chromebook to use Mobile standard license but haven't been able to find an option that differentiates these two licenses mentioned in the License Matrix. 

  • 4 months ago in reply to Steven Solano

    Hi Steven

    Yes, the Chromebook Security feature requires the Mobile Advanced or Intercept X for Mobile license. Therefore it will consume one of these licenses.

    Regards

    Tom

  • 1 month ago

    Hello,

    So I created this connection via API key a month ago and upon enrollment the force install of the SOPHOS app was working perfectly. Fast forward a month later to now, and new devices that I am enrolling are no longer automatically getting the force install. Any thoughts? I am unable to see the chrome OS gsuite connection in SOPHOS anymore for some reason.

    Thank you

  • 1 month ago in reply to Kyle Sibbald

    Hi Kyle,

    You may re-validate your current configuration for auto-enrolment you can refer to this documentation and let us know.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • 1 month ago in reply to GlennSen

    Morning Glen! Thank you for the response. So I went ahead and created a new API type key and confirmed all of the settings were correct. I updated the new key in the app installation policy on the google admin side, but I am not sure if the devices will still get the install if they have already been enrolled while the policy was potentially not working at the time. Is there a way to manually push out the install if this is the case?

Unfiltered HTML