[Feature Request] Have Devices check for Enrolled status at startup at OOBE
Reported by
stepheng...@amplifiedit.com,
Sep 13 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 9765.53.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.80 Safari/537.36 Platform: 9765.53.0 (Official Build) beta-channel samus Steps to reproduce the problem: 1. Purchase 17,000 Chromebooks and licenses for your school or business. What is the expected behavior? When purchasing devices and device licenses, the devices should be able to be reliably enrolled without interaction of the customer. What went wrong? Current behavior of forcing an enrollment, and having a Force Re-Enrollment behavior requires physical possession of the device. Did this work before? N/A Chrome version: 61.0.3163.80 Channel: beta OS Version: 9765.53.0 Flash Version: 27.0.0.130 Recently, Microsoft has released their 0 touch enrollment to manage devices sent from a vendor directly to a user without the need to touch the device in order for it to be enrolled on the domain. https://blogs.windows.com/business/2017/06/29/delivering-modern-promise-windows-10/ Similar functionality should be considered with Chrome enrollment, foregoing the need for the current Enrollment process and FRE behavior. This behavior would also solve many of the _customer's issues_ related to http://crbug.com/760007 (devices losing enrollment) as they would check their enrollment state at the OOBE, then rather than going through the enrollment process again, simply be enrolled.
,
May 30 2018
We've done trainings for schools as they prepare for next years deployment of Chromebooks and their feedback was that this behavior should be a top priority. The current method of enrollment, whether it be using a scripted keyboard, a bluetooth connection, barcode scanner, or other manual process ALL still have 2 main limitations: 1) requires physical handling of the device, and 2) does not truly automatically re-enroll the device but instead places the device in a state of needing to be re-enrolled before use. I envision this akin to the current SSO solution. Once an identifier is provided (for SSO the users domain upon entering their username; for chrome devices the device ID upon boot/network connection) the appropriate enrollment state along with the appropriate customer id is looked up and applied to the device. My general thought on access to this would be that initialization management this way would only be available to Resellers of Management Licenses in order to prevent abuse of this enrollment method. This is inline with what Microsoft has done with their "0 touch enrollment" method.
,
Aug 3
This bug has an owner, thus, it's been triaged. Changing status to "assigned".
,
Aug 23
,
Oct 25
We use an MDM system for our iPads that when they are wiped/factory rest they auto enroll back into the appropriate group (OU) without the need to use an account to enroll back into the enterprise. This would be a valuable and timesaving capability for chromebooks. Basically when wiped, when they connect to the internet, they check with Google -- am I owned by a domain, and if so, it puts itself back into the domain, policies applied and ready to go. -- Louis McDonald Fauquier County Public Schools
,
Oct 25
hey max, how closely is this linked to zero touch?
,
Oct 26
Sounds like two FRs here: - Auto re-enrollment for a device that was previously enrolled. This one is already in internal testing and should be rolling out in the next month or so pending a few more bug fixes. - Zero touch enrollment for initial device provisioning. This one we're looking into but don't have a timeline yet. +amrutag@
,
Nov 27
This is awesome, we constantly have kids that are power washing and then we have to go out and connect Chromebook to network then enroll to get the students to the login screen.
,
Nov 27
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by pastarmovj@chromium.org
, Sep 18 2017Owner: dskaram@chromium.org
Status: Untriaged (was: Unconfirmed)