Force wiped Chrome devices to re-enroll

Chrome version 35 and later.

For administrators who manage Chrome devices for a business or school.

By default, wiped or recovered Chrome devices are forced to re-enroll into your domain. Re-enrollment ensures that the devices remain managed and policies you set are enforced on the device.

Considerations

  • Don’t force devices that are used in developer mode to re-enroll. Instead, put them in a different organizational unit and turn off forced re-enrollment for that organization.
  • If a device is no longer going to be managed by your domain, you should deprovision the device instead.

When forced re-enrollment is turned on...

The user has to re-enroll the device before they can use it. If they don't, they can't sign in, browse in guest mode, or see the consumer sign-in screen.

Turn forced re-enrollment on or off

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.

    If you don't see Devices on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization where you want to turn forced re-enrollment on or off.
    For all users, select the top-level organization. Otherwise, select a child organization.
  5. Configure the Forced Re-enrollment setting:
    • To turn it on, select Force device to re-enroll into this domain after wiping.
    • To turn it off, select Device is not forced to re-enroll after wiping.
  6. Click Save.

Settings typically take effect within minutes, but it might take up to an hour to propagate through your organization.

Automatic re-enrollment

Chrome version 75 and later

Automatic re-enrollment lets wiped devices automatically re-enroll into your domain without users having to enter their credentials. The feature will roll out over a few weeks and become the default behaviour for wiped devices.

To stop automatic re-enrollment becoming the default behaviour for your devices,  you need to turn off automatic re-enrollment.

During the roll-out phase (before automatic re-enrollment becomes the default), you can choose to opt in or out of automatic re-enrollment:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome management.

    If you don't see Devices on the Home page, click More controls at the bottom.

  3. Click Device settings.
  4. On the left, select the organization where you want to turn forced re-enrollment on or off.
    For all users, select the top-level organization. Otherwise, select a child organization.
  5. Configure the Forced Re-enrollment setting:
    1. To opt in to automatic re-enrollment, select Force device to automatically re-enroll into this domain after wiping.
    2. To opt out of automatic re-enrollment , select Force device to re-enroll with user credentials into this domain after wiping.
  6. Click Save.

 

Was this helpful?
How can we improve it?