https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2177#M1705 <P><STRONG>So, the solution is to <EM>NOT</EM> do TLS Inspection</STRONG>&nbsp;of the hosts listed in the article.</P> Thu, 18 Jan 2024 14:49:28 GMT Kim_Nilsson 2024-01-18T14:49:28Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2174#M1702 <P>Can anyone tell me more about this email (assuming others have gotten it)?&nbsp; I am not sure what exactly it is for or what we have to do.&nbsp; Do we need to add the addresses to our filter exclusion list so they bypass filtering?&nbsp; The link brings you to a page that has a bunch of steps, adding certificates to devices, etc.&nbsp; Does anyone have more information on this?&nbsp; reading through everything I think I am beginning to understand it, but right now I feel like I know just enough to be dangerous&nbsp;<span class="lia-unicode-emoji" title=":face_with_rolling_eyes:">🙄</span></P> Thu, 18 Jan 2024 14:23:29 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2174#M1702 panderson 2024-01-18T14:23:29Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2175#M1703 <P>Link:&nbsp;<A href="https://support.google.com/chrome/a/answer/6334001" target="_blank">https://support.google.com/chrome/a/answer/6334001</A><BR />E-Mail:</P><P>Dear EDU Administrator,</P><P>We are writing to let you know that starting<SPAN>&nbsp;</SPAN><STRONG>February 2024</STRONG>, managed users may be unable to log-in to<SPAN>&nbsp;</SPAN><STRONG>ChromeOS</STRONG><SPAN>&nbsp;</SPAN>within your network following an upgrade to our sign-in infrastructure, unless you allowlist relevant hostnames.</P><H3>What does this mean for your organization?</H3><P>For users to work on<SPAN>&nbsp;</SPAN><STRONG>ChromeOS devices</STRONG><SPAN>&nbsp;</SPAN>in an enterprise network environment that utilizes TLS inspection (also known as SSL inspection), some hostnames need to be exempt from inspection, as explained in this<SPAN>&nbsp;</SPAN><A href="https://notifications.google.com/g/p/ANiao5oXXFycVLkgaAiGt2cXKuuSZz4sHYpj5BrZbcR7Y_ck75BkdlFwh3TS92sE3xhfHu9GVjjECiNYa88o0Y4LhFJwiZHaSY2RRZYGZLkCuEcjrtS66T2LTzUON7dmsPwwFUKxHCLqGBSTVHkJAnEJpKwdtlNjx2VRVGtXk5ADrkSrBojgplKpqIYsJPWJCLirsqePKFf3FQ7_EjQgPvzhF-qH22s_sYPc1mAhIERCiexD" target="_blank" rel="noopener">support article</A>.</P><H3>What do you need to do?</H3><P><STRONG>Review and confirm</STRONG><SPAN>&nbsp;</SPAN>that<SPAN>&nbsp;</SPAN><A rel="nofollow" target="_blank">www.gstatic.com</A><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><A rel="nofollow" target="_blank">ssl.gstatic.com</A><SPAN>&nbsp;</SPAN>are allowed in your enterprise network and exempt from TLS inspection. If these hostnames are not allowlisted, users may be unable to sign-in to their Chromebooks when connected to your enterprise network.</P><P>On<SPAN>&nbsp;</SPAN><STRONG>February 16, 2024</STRONG>, the Google Team will begin an infrastructure migration that would require these hostnames.</P><P>Thanks for choosing Google for Education.</P><P><STRONG>– The Google Chrome Team</STRONG></P> Thu, 18 Jan 2024 14:45:48 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2175#M1703 Bill_Gibson 2024-01-18T14:45:48Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2176#M1704 <P>Talk to your network admin.</P><P>If your firewall does TLS Inspection, then you need to exclude ALL Google's addresses listed in the support article.</P><P><A href="https://support.google.com/chrome/a/answer/6334001" target="_blank">https://support.google.com/chrome/a/answer/6334001</A></P><P>&nbsp;</P> Thu, 18 Jan 2024 14:48:41 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2176#M1704 Kim_Nilsson 2024-01-18T14:48:41Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2177#M1705 <P><STRONG>So, the solution is to <EM>NOT</EM> do TLS Inspection</STRONG>&nbsp;of the hosts listed in the article.</P> Thu, 18 Jan 2024 14:49:28 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2177#M1705 Kim_Nilsson 2024-01-18T14:49:28Z https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2178#M1706 <P>Yea, this is the email that was confusing me.</P> Thu, 18 Jan 2024 15:06:21 GMT https://www.googleforeducommunity.com/t5/Peer-Peer-Topics/Action-Required-Review-hostname-exemptions-requirements-for-TLS/m-p/2178#M1706 panderson 2024-01-18T15:06:21Z