Learn how to deploy DNS-over-HTTPS (DoH) across your managed Chrome browsers using the Google Workspace Admin Console. Push CleanBrowsing's encrypted DNS filtering to all devices in your organization.
Log in to the Google Workspace Admin Console. Navigate to Devices > Chrome > Settings > Users & Browsers.
This section controls Chrome browser policies pushed to all managed devices and users in your organization.
In the left sidebar, select the organizational unit (OU) or sub-organization you want to apply the DNS-over-HTTPS policy to.
You can apply the setting organization-wide or target specific groups (e.g., students, staff, a specific office).
Use the search bar at the top of the settings page and search for "DNS". Locate the DNS-over-HTTPS setting in the results.
Click on the setting to expand its configuration options.
Set the DNS-over-HTTPS mode to "Enable DNS-over-HTTPS with insecure fallback".
In the DNS-over-HTTPS template field, paste your custom DoH URL from the CleanBrowsing dashboard. You can find this URL by logging in to my.cleanbrowsing.org/dashboard and navigating to your network configuration settings.
Note: The custom DoH URL is unique to your account. Make sure to retrieve it from your CleanBrowsing dashboard before proceeding.
Click Save to apply the policy. The setting will propagate to managed Chrome browsers the next time they check in with the admin console.
To verify on a managed browser, open chrome://settings/security and confirm that:
Note: This applies to Chrome on all platforms (Windows, macOS, ChromeOS, Linux). Managed browsers will enforce the DoH setting automatically.
