Monitor your users’ computers
As an administrator, you can see when a user signs in to their managed account on a laptop or desktop device. You can also see some details about the computer, including the management type, device type, model, and operating system (OS).
About management types
There are different types of computer device management. Depending on a computer’s management type, you might be able to perform some actions on the computer, such as remotely signing a user out or blocking the computer from accessing corporate data.
- Fundamental management—Supported on devices running Chrome OS, Apple® Mac®, Linux®, and Microsoft® Windows®. In the Google Admin console, you can see when a user signs in to their managed account on a computer and the basic device details. If needed, you can remotely sign a user out from a computer. The user doesn’t need to install anything on the computer. If the device does not sync any corporate data for 180 days, computer details are deleted from your Admin console. For details, see View laptop and desktop device details.
- Endpoint verification—You can see device details when a user signs in to their managed account on a computer. You can block devices from accessing corporate data with Context-Aware Access. To use endpoint verification, you need to turn it on in the Google Admin console and add an extension to Chrome Browser on users’ computers. For details, see Turn Endpoint Verification on or off.
- Drive File Stream—(G Suite only) You can see and block devices that use Drive File Stream to access your organization’s Drive files from a computer. For details, see Deploy Drive File Stream.
If a device managed by fundamental management starts to use another management type, such as endpoint verification, the device listing is archived and a new listing is created for the new management type.
- You can see archived devices in your Admin console for 180 days.
- A device might be listed more than once if it uses more than one management type.
- You can’t perform any actions on archived device listings, such as signing a user out. Instead, find the new device listing and perform the action from there.
If you use endpoint verification, you can see additional information about computers that are accessing corporate data. For example, you can see if devices have a password. You can also use it to configure access levels with Context-Aware Access.
If users don’t have endpoint verification installed on their computers, you can send an email and ask them to install it. For details, see Find users without endpoint verification.