Skip to main content

Posts

Showing posts from June, 2018

S/MIME email signature and encryption for G Suite for Education

S/MIME has recently become available for G Suite for education. This offers digital signage of emails and enhanced encryption where supported by the recipient. There are a few steps to setting this up.

Enable on the Admin Console for users
Generate pfx certificates for users (or get them to do it)
Upload pfx into GMail settings - either the user does this or you can do it with GAM
GAM command: gam user jim@acme.com add smime file jim.pfx password p@ssw3rd default
The password is for the certificate - not the user's password.
Optionally force the use of S/MIME via a content compliance rule for certain recipients.

Useful links:
GM Commands
Commodo - one source of certificates
How to make a pfx


Allowing Private Accounts on Managed Chromebooks

We run a 1:1 scheme where parents have the option to buy a Chromebook. However, to make things run smoothly we have always insisted that the Chromebooks are managed and only domain accounts can be used. For some parents, this has been a barrier to buying as it prevents them from using a device they have paid for. That has now all changed with the introduction of timed access to private accounts and guest mode.
In device settings, you can now specify times that a Chromebook can have sign-in restrictions lifted. To keep things secure, you must always sign-in and out with a domain account for this to be visible. We have offered this to guardians where they have paid for a Chromebook and have had a high takeup so far. The settings we use are:
Demo of what it looks like: