Understand Chrome policy management
For administrators who manage Chrome Browser or Chrome devices for a business or school.
To deploy enterprise features to Chrome users, you push policies and settings to their devices or their managed Google Account (Chrome profile). Use policies to set your users' homepage, pre-install their apps, control what sites they can visit, and much more.
Options for enforcing Chrome policies
You have several ways to push policies to users. Which you choose depends on the devices you're managing and the configuration tools you want to use.
What's in the diagram
User devices: Manage Chrome Browsers on Windows, Mac, and Linux computers, or on Chrome devices, such as Chromebooks.
Admin tools: Use your preferred on-premise tools to keep management behind your corporate firewall. Or manage policies from Google's secure, cloud-based Admin console.
Policies: Enforce Chrome policies at the device/machine-level so they apply for anyone who uses the device. Or customize policies at the OS user-level or Chrome profile level.
Order of precedence for Chrome policies
You can set Chrome policies at the device level, where they apply for anyone who uses the device. Or set a policy at the user level, where it only applies when users sign in to a managed account. If the same policy gets set at more than one level, only one value gets applied, as shown below.
1. Device/machine-level policies
- Apply to all users of a device, no matter which browser they use or whether they’re signed in to any account.
- Take precedence over all user-level policies.
- Are set using Windows Group Policy, the Google Admin console for Chrome devices, or Managed preferences for Mac. They can also be set for Linux. On Windows, Mac, and Linux, they're also called machine policies.
2. Machine-level cloud policies
- Apply to Chrome Browsers enrolled in Chrome Browser Cloud Management.
- Take precedence over OS user and Chrome profile settings made in the Admin console.
- Are set using the Admin console.
3. OS-user level policies
- Apply when a user signs in to their account on a corporate-managed Windows or Mac computer.
- Take precedence over Chrome profile settings made in the Admin console.
- Are set using Windows Group Policy, or Managed Preferences on Mac.
4. Chrome profile policies
- Refers to a user’s Chrome experience when they sign in to Chrome Browser on a Windows, Mac, or Linux computer, or on a Chrome device.
- Are overridden by policies set on-premise for corporate-managed PCs.
- Are also called cloud-based user policies, and are set by an administrator using the Admin console.