Monitor your Chrome users' computers

As an administrator, you can see details about user devices running Chrome OS or Chrome Browser that access your organization’s data. For example, you can see information about the OS, device, and user. You can see users’ personal computers as well as those that are owned by your organization. 

Supported computers

  • Devices running Chrome OS
  • Apple® Mac OS X® El Capitan (10.11) and later
  • Microsoft® Windows® 7 and 10

Set up Endpoint Verification

Step 1: Turn on Endpoint Sync in your Admin console

To see computers in your organization, Endpoint Sync needs to be turned on in your Admin console. It’s usually on by default. If you turned it off, follow these steps to turn it on again:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. On the left, under Mobile, click Setup.
  4. Click Endpoint Sync.
  5. Check the Allow desktop reporting via browser extension box.
  6. Click Save.
Step 2: Install the Endpoint Verification extension

Chrome Browser, the Endpoint Verification extension, and a native helper app must be installed on the computers you want to monitor.

You have 3 options for installing the Endpoint Verification extension: 

  • Automatically install the extension on computers using the Force-Installed Apps and Extensions Chrome user policy. For details, see Set Chrome user-level policies.
    Note: To use this option on devices running Chrome OS, you need to turn on the Allow access to client certificates and keys and Allow access to challenge enterprise keys policies for the Endpoint Verification extension. For details, see Manage individual apps on Chrome
  • (Mac and Windows only) Set a Chrome machine policy and deploy it to your company-owned devices. For details, see Set device-level policies for Chrome Browser.
  • (Mac and Windows only) Have users manually install the extension from the Chrome Web Store.
Step 3: Install the native helper (Mac and Windows only)

For monitoring to work, a native helper app needs to be installed on Mac and Windows computers.

You have 2 options for installing the native helper: 

See or delete monitored computers

See monitored computers
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Endpoint Verification.
  4. (Optional) To search for devices by operating system, serial number, or user, use the filters on the left. 
  5. Click a device ID to see more information about the device. For details, see Information you can monitor.
Information you can monitor
You can see the following information about computers that have Endpoint Verification installed:
Category Property name Description Supported devices
Device compliance Status Device’s management status: Approved or unknown Mac
Chrome OS
Windows
User details Name The user’s name Mac
Chrome OS
Windows
Email The user’s email ID and aliases Mac
Chrome OS
Windows
Policy profile First sync Date and time the user first synchronized corporate data on the device Mac
Chrome OS
Windows
Last sync Date and time of the most recent sync Mac
Chrome OS
Windows
Device password status Whether the device has a password Mac
Windows
Encryption status Whether the device is encrypted   Mac
Chrome OS
Windows
Device properties Device ID Unique number associated with the user’s device. Mac
Chrome OS
Windows
Serial number Serial number of the device Mac
Chrome OS
Windows
Type Make of device Mac
Chrome OS
Windows
OS Name of the operating system  Mac
Chrome OS
Windows
Verified Access

Indicates whether Chrome OS adheres to your organization’s policies 

Related topics:

Chrome OS
 

 

Delete a device

If you delete a device, it removes the device from the list of managed devices. Information is not removed from the device. And, the user can continue to access their corporate account on the device.
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Endpoint Verification.
  4. Select the device you want to remove and click Delete.

Turn off Endpoint Verification

If you turn off Endpoint Verification, you will not see any computers added after that in your Admin console. You will still see computers that were monitored before, but device information is not updated.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. On the left, under Mobile, click Setup.
  4. Click Endpoint Sync.
  5. Uncheck the Allow desktop reporting via browser extension box.
  6. Click Save.
Was this article helpful?
How can we improve it?