Your A) is exactly what is happening. Filtering on school account only.
On B) I agree that kids can and will do anything they want on other accounts including just opening their phone! But what happens on school sponsored email, virtual drives, and applications should be controlled I would think. It opens the school to liability if nothing else.
> Your A) is exactly what is happening. Filtering on school account only.
I said "their own network or a school-issued device". Not "on school accounts".
Part of the blame here resides with Google for tying login on Chromebooks to an email address & automatically signing in to various other (possibly managed) services linked to that email when all you really want is some local storage and a web browser. An email address is an identity. A student might not have any other email address—sure you can create a new one pretty easily, but this is how they identify themselves to everyone else they know; inventing an alter ego for non-school activities is a bit much to ask. Facebook and the like don't impose a "managed mode" on your private PC and monitor your access to other sites and apps at the OS level just because you signed up with your school email. To basically anything but a Chromebook your email address is just an arbitrary username which happens to also be a place where you can receive messages.
It should be possible to log in to a Chromebook using an organizational email address without enabling remote management of the Chromebook. You may not be able to access certain managed services as conveniently (though these should also be available as regular web sites, sans device management) but other apps and web sites not linked to the organization should work as usual. And it should be possible to have multiple distinct profiles (e.g. personal and school) with the same email address, and different management settings, if you're going to require an email as the login.
> But what happens on school sponsored email, virtual drives, and applications should be controlled I would think.
So control them—on the server side, which is part of the school's network. They're monitoring all use of the Chromebook while signed in to this account, not just the school's network, services, and applications. Even, apparently, while the device is switched to another account after logging in to the student account.
On B) I agree that kids can and will do anything they want on other accounts including just opening their phone! But what happens on school sponsored email, virtual drives, and applications should be controlled I would think. It opens the school to liability if nothing else.