Application management is a necessary part of any platform management solution. Where Google Workspace users are leveraging multiple repositories for gaining access to applications, it can feel like a maze at times making sure that you’ve done everything in your power to protect users from themselves. And with the ever-changing environments, knowing which settings affect what can be just plain confusing.
Recently there was a major change to the Chrome management portion of the Admin console. Many of these changes were welcomed, such as the faster loading times, quicker switching between device and user settings, and my favorite, not losing all my changes that I’ve made if my 1 hour cookie has expired. But one of the areas that has been met with mixed reviews is the new apps & extension section.
First the things to like – It’s a clean interface that allows control of your Android and Chrome Apps in a single window. There is no more navigating to the Play for Work interface to Approve a Google Play App, then back to the Admin console to configure it. The Additional settings for apps also has a much improved description along with an explanation of what the extension setting “runtime blocked hosts” formerly “blocked URLs” list actually does.
Effectively, this blocks any extension from running on these pages. If you populate the list with sites you don’t want users to go to (which is what “Block URLs” sounds like you should do), you would actually be permitting users to go there if you were relying wholly on a Chrome extension like Securly or GoGuardian for your filtering.
As with all changes, it takes some time to adjust to the new layout, like having the Save button in the top right corner, as opposed to the bottom right corner of almost everywhere else in the Admin console. The placement of the apps & extensions additional settings under the settings gear is a new location as well. Most likely this is due to it being in the “Apps” table and is easy to overlook.
It is under this “Additional settings” that you find the runtime blocked hosts, allow Android installation, allowed app Types, and Chrome web store settings. All settings which were once located in the “users and browsers” settings page.
Now when you add want to add an application, you start by selecting the app repository that you’re going to be installing it from. The options as they appear from the plus button at the bottom right corner of the page are Chrome web store, Google Play store, App ID, or URL.
As previously mentioned this is a welcomed change; having the ability to add an app no matter the type in a single spot without having to jump through different pages of the labyrinth that is the Admin console (and other Google pages). There is also a nice filter ability where you can limit the visible apps you’re working with by title, type, installation policy, or full-text.
All of these changes coincided with some equally big changes on ChromeOS as well. With the release of version 76, the Chromium team changed the default behavior when a user signs into a separate account within the browser. Previously, when you would click on your avatar in a Google apps window, you have the option to “add account.” This would in turn give you a list of all the accounts that are associated with the Chrome Profile. The new change brings up the “manage accounts” option. When this is clicked, it opens the devices settings page, and associates those accounts with the entire device.
This change is mentioned every so subtly in one of the areas this matters most: the Android application settings under “user & browser settings” in both the old and new interfaces.
With the deprecation of the old policy, Google did provide a new one. This new setting contains the ability to limit users to signing into both the Chrome browser and the Play store on their devices. It also can be used to block users from signing out from the same.
Be aware there is an issue with the new setting which if not set properly will allow users to add a newly created user to the system. As a result, our current recommendation is to block users from signing into or out of secondary profiles. This is the only way to ensure that users have not added an unmanaged secondary account to their user profiles.
Application management for Chrome users has become a lot easier, although it has gotten a new look and might take some getting used to. The improvements bring some welcomed new controls administrators did not have in the past. With this unified app management page, it is easier to audit what applications have been forced, permitted, or blocked. Along with the new control over user sign-in experience, controlling what can be accessed from a managed account has become much easier.
If you would like assistance with managing your settings or training your team, book some time in with our technical services team by reaching out to firstname.lastname@example.org. Learn more about the various ways we can help your team.
Technical Support Analyst
About the Author:
Stephen lives in Utah and enjoys the puzzle of investigating users’ problems and finding potential solutions. A recovering/reformed gamer, Stephen throws himself into his passion for staying on top of all things Chrome OS and Chromebook related. Prior to joining Amplified IT, Stephen served as a network admin in a therapeutic boarding school and an IT director, where he implemented Google Workspace for Education. Stephen has studied computer science and security at Weber State University, Western Governors University. A self-anointed honor, Stephen likes Chromebooks more than almost anyone else in the world.