Compromised device events report

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium editions.

The Compromised device events report enables you to view details of compromised device events during a specified time range. Only devices under advanced management are included in this report.

Use this report to view device IDs, device owners, and the timestamps of compromised devices.

A device may be counted as compromised if certain unusual events are detected:

  • iOS devices—An iOS device is counted as compromised if the device has been jailbroken. A jailbreak might enable the installation of unofficial apps, the modification of previously restricted settings, or the bypassing of security controls. 
  • Android devices—An Android device is counted as compromised if the device has been rooted. If a device is rooted, users might be able to modify the software code on the device, or install software that's normally not allowed by the manufacturer.

View the compromised device events report

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. Click Security.
  3. Click Dashboard.
  4. In the lower-right corner of the Compromised device events panel, click View Report.

You can customize the report to view data over a specific time range: Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days); or enter a Start date and End date. Click Apply after you set the date range.

By default, the graph displays data for All domains. To select a specific domain, choose from the Domain drop-down list.

Note: This report provides data for both Android and iOS devices.

Was this helpful?
How can we improve it?