Allow or block apps and extensions

Applies to managed Chromebooks and other devices that run Chrome OS.

As a Chrome Enterprise admin, you can control which apps or extensions users can install on Chrome devices. By default, users can install any app or extension.

Set policies for all your users or customize settings for different groups.

Before you begin

To manage Chrome apps and extensions for users, you need to turn on their Chrome Web Store service in your Admin console. Find this service in your Admin console by going to Apps > Additional Google Services. For steps, see Turn Additional Google Services on or off.

Set policies in the Admin console

Allow all apps but those you want to block

These steps assume you're familiar with making Chrome settings in your Admin console.

  1. Follow standard steps to make Chrome User settings:
    1. In your Admin console, go to Devicesand thenChrome managementand thenUser settings.
    2. Select the organization containing the users you want to block apps for.

    For complete details, see Set a Chrome policy for multiple apps.

  2. Next to Allow or Block All Apps and Extensions, choose the option to allow all apps and extensions except ones you block.
  3. Next to Allowed Apps and Extensions, click Manage.
  4. Select each app or extension you want to block.
  5. Click Save.
Block all apps but those you want to allow

These steps assume you're familiar with making Chrome settings in your Admin console.

  1. Follow standard steps to make Chrome User settings:
    1. In your Admin console, go to Devicesand thenChrome managementand thenUser settings.
    2. Select the organization containing the users you want to allow apps for.

    For complete details, see Set a Chrome policy for multiple apps.

  2. Next to Allow or Block All Apps and Extensions, choose the option to block all apps and extensions except ones you allow.
  3. Next to Allowed Apps and Extensions, click Manage.
  4. Select each app or extension you want to allow.
  5. Click Save.
Block or allow one app

These steps assume you're familiar with making Chrome settings in your Admin console. 

  1. Follow standard steps to set Chrome policies for one app or extension:
    1. In your Admin console, go to Devicesand thenChrome managementand thenApp management.
    2. Select the app you want to block or allow.
    3. Select a type of setting, such as User settings or Public session settings.
    4. Select the organization containing the users you want to allow or block the app for.

    For complete details, see Set Chrome policies for one app.

  2. Under Allow installation, click to either block Turn on or allow Turn off the app.

    Initially, an organization inherits the settings of its parent. If you're changing a setting for a child organization:

    • To override an inherited value, click Override. You can then change the setting.
    • To return an overridden setting to the value of its parent, click Inherit.
  3. Click Save.
Block apps and extensions based on permissions

These steps assume you're familiar with making Chrome settings in your Admin console.

You can prevent users from running apps or extensions that request certain permissions that your organization doesn’t allow. For example, you can block extensions that connect to USB devices or access cookies.

  1. Follow standard steps to make Chrome User settings:
    1. In your Admin console, go to Devicesand thenChrome managementand thenUser settings.
    2. Select the organization containing the users you want to allow apps for.

    For complete details, see Set a Chrome policy for multiple apps.

  2. Next to Block extensions by permission, select the option to either block or allow apps that request the permissions you select.
  3. Check each permission to block or allow. Learn about each permission
  4. Click Save.

Related topics

Was this article helpful?
How can we improve it?