14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing ChromeOS Devices
  3. Configurations

Category filter

How to manage ChromeOS updates using Hexnode UEM?

Jump To

Regular OS updates are essential for securing devices and ensuring compatibility with the latest features. In enterprise environments, inadequate update management may expose the devices to security vulnerabilities. Timely OS updates play a critical role in maintaining device stability and security. Therefore, IT teams must take control of update delivery across the organization’s device fleet. With Hexnode, IT admins can efficiently manage ChromeOS updates, ensuring that the updates are rolled out in a way that aligns with organizational needs and minimizes downtime.

Configure ChromeOS updates with Hexnode

To configure OS updates on ChromeOS,

  1. Login to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to ChromeOS > Configurations > OS Update.
  4. Click Configure.
    5. Settings Description Supported OS versions
    Auto Update Enable this option to allow the ChromeOS device to automatically update to the latest version available based on the option selected in the Release channel setting. ChromeOS 19+
    Peer-to-peer auto-update (Available only if Auto Update setting is checked.)  Enable this option to allow ChromeOS devices to share and receive OS updates over the local network. This helps reduce internet bandwidth usage. ChromeOS 69+
    Auto-update target version (Available only if Auto Update setting is checked.) This setting lets you specify which ChromeOS version devices should update to. You can select the Use latest available version option for updating the devices to the most recent ChromeOS version. Or you can select a version from the ones listed.

    Note:

    If the target version is lower than the current ChromeOS version, it will only be installed if the Allow device rollback option is enabled.

    		ChromeOS 19+
    Allow auto-update downloads via HTTP (Available only if Auto Update setting is checked.) Enable this option to allow ChromeOS devices to download updates via HTTP instead of HTTPS. ChromeOS 29+
    Auto-update time restrictions (Available only if Auto Update setting is checked.) Specify the time frames during which ChromeOS devices are restricted from checking for updates automatically. You can add one or more intervals by clicking Add. ChromeOS 69+
    Allow device rollback (Available only if Auto Update setting is checked.) Check this option to enable rollback to an older version if a lower version is specified in the Auto-update target version setting. ChromeOS 67+
    Allowed connection types Specify the types of network connections that can be used for OS updates. You can choose between Wi-Fi and Ethernet only or Allow all connection types. ChromeOS 21+
    Release channel Select the ChromeOS release channel that devices should be locked to. Available options include:
    • Allow user to configure: Let users manually choose their preferred update channel on the device.
    • Stable channel: The most reliable option, recommended for production environments; receives thoroughly tested updates.
    • Beta channel: Includes upcoming features and updates that are almost ready for release; suitable for testing with minimal risk.
    • Long-term support channel (LTS): Devices on this channel receive updates every 6 months, focusing on stability and extended support. They automatically update to the next LTS version upon release.
    • Long-term support candidate channel (LTC): This channel offers LTS features three months before they’re released on the LTS channel. Devices automatically transition to the next LTC version as it’s made available.
    • Dev channel (may be unstable): Contains experimental features and early updates; intended for developers and advanced testing only.
    		 ChromeOS 11+
    Auto-update expiration message Enter a custom message to be displayed when the device has reached its Auto Update Expiration and does not meet the minimum OS version requirement. This message appears either at the login screen or after sign-in, depending on the warning period set in the AUE warning period setting. If left blank, the default system message will be shown.
    Info:

    Auto Update Expiration (AUE) refers to the end-of-support date for a ChromeOS device, after which it will no longer receive automatic updates like security patches and new features.

    		ChromeOS 86+
    Restrict older OS versions Check this option to restrict devices from downloading older versions. ChromeOS 86+
    AUE warning period (Available only if Restrict older OS versions is checked) Set a warning period (ranging from No warning to 1–12 weeks) for devices that have reached Auto Update Expiration. ChromeOS 86+
    Minimum OS version (Available only if Restrict older OS versions is checked) Specify the minimum ChromeOS version from the given list that devices must run. If the device version is older, it must be updated to continue access. ChromeOS 86+
    OS update warning period (Available only if Restrict older OS versions is checked) Set a warning period from No warning to 1–6 weeks during which users can continue using an outdated OS. ChromeOS 86+
    Auto-reboot after update Check this option if you want the device to be rebooted after the update. ChromeOS 29+
    OS update rollout plan Define how ChromeOS updates are rolled out across devices:
    • Default: Updates are applied without any delay or staged distribution once released.
    • Scatter updates: Devices randomly delay the update download by a set number of days (from Do not scatter to 14 days). This option is supported only for ChromeOS 20+.
    • Staging schedule: Specify percentages of devices to receive updates over time after an update has been discovered. For example, update 40% of devices after 4 days, 70% after 10 days, and 100% after 15 days. Ideal for controlled rollouts in large deployments.
    		 ChromeOS 69+

Manage ChromeOS updates on ChromeOS devices with Hexnode

Associate the policy with target entities

  1. Navigate to Policy Targets > Domains/OUs.
  2. Click on +Add Domain/OUs. From the list, select the Google Workspace account integrated with Hexnode.
  3. The parent OU will be listed and indicated with a briefcase icon to differentiate it from other domains.
  4. Click on the dropdown next to the parent OU to view its child OUs. Select the required Organizational Units and click OK.
  5. Associate the policies to the OUs to which the target devices are assigned.
  6. Click Save to associate the policy to the devices with the selected Organization Units.
Notes:

  • Policies cannot be associated with ChromeOS devices directly; they can only be applied via Organizational Units (OUs).
  • Policy assigned to a parent OU will automatically apply to all its child OUs.

What happens at the device end?

Once the OS update policy is applied to the device, you can view the changes by navigating to Settings > About ChromeOS > Additional details.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Managing ChromeOS Devices