Compromised device events report

Security dashboard

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus. Compare your edition

The Compromised device events report enables you to view details of compromised device events during a specified time range. Only devices under advanced management are included in this report.

Use this report to view device IDs, device owners, and the timestamps of compromised devices.

A device may be counted as compromised if certain unusual events are detected:

  • iOS devices—An iOS device is counted as compromised if the device has been jailbroken. A jailbreak might enable the installation of unofficial apps, the modification of previously restricted settings, or the bypassing of security controls. 
  • Android devices—An Android device is counted as compromised if the device has been rooted. If a device is rooted, users might be able to modify the software code on the device, or install software that's normally not allowed by the manufacturer.

View the compromised device events report

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu and then Securityand thenSecurity centerand thenDashboard.
  3. In the lower-right corner of the Compromised device events panel, click View Report.

You can customize the report to view data over a specific time range: Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days); or enter a Start date and End date. Click Apply after you set the date range.

By default, the graph displays data for All domains. To select a specific domain, choose from the Domain drop-down list.

Note: This report provides data for both Android and iOS devices.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu