Force wiped devices to re-enroll
By default, wiped or recovered Chrome devices are forced to re-enroll into your domain after they've been wiped. This ensures that those devices remain managed, and that policies you set are enforced on the device.
How it works
When the Forced Re-Enrollment device policy in your Admin console is turned on and you wipe or recover a device, the enrollment screen is the first thing a user sees when they restart the device. This means that the user has to re-enroll the device into your domain before they can use it. If they don't re-enroll the device, they can't sign in to it, browse in guest mode or see the consumer sign-in screen.
Important: If a device is no longer going to be managed by your domain, deprovision the device. This removes all device policies, so the device won't be forced to re-enroll after it's wiped. You might want to do this if you're returning a device, submitting it for repair or selling it.
Turn Forced Re-Enrollment on or off
- Sign in to the Google Admin console.
- Click Device management.
- On the left, click Chrome management.
- Click Device settings.
- Select the organization where you want forced re-enrollment to apply.
Note: By default, an organization inherits the settings of its parent in the organizational tree. However, you can override the inherited setting by explicitly changing the setting for the child organization unit. The new setting applies to devices in that organization unit, and any children of that organization unit.
- Configure the Forced Re-enrollment setting:
- To turn it on, select Force device to re-enroll into this domain after wiping.
- To turn it off, select Device is not forced to re-enroll after wiping.
- At the bottom, click Save. Settings typically take effect within minutes, but it might take up to an hour to propagate through your organization.
- The policy works only on devices that were enrolled while on Chrome version 35 and later.
- You can turn on this policy for your entire domain, or by organization unit to include only devices in specific sub-organizations. If you don't want this policy to be applied to specific devices, move those devices into a sub-organization that has the policy disabled.
- To allow the user enter into developer mode on the Chrome device, turn off forced re-enrollment for their device's organization unit.