Turn endpoint verification on or off

As an administrator, you can see details about user devices running Chrome OS or Chrome Browser that access your organization’s data. For example, you can see information about the OS, device, and user. You can see users’ personal computers as well as those that are owned by your organization. 

Supported computers

  • Devices running Chrome OS
  • Apple® Mac® OS X® El Capitan (10.11) and later
  • Microsoft® Windows® 7 and 10

Set up endpoint verification

Step 1: Turn on Endpoint Sync in your Admin console

To see computers in your organization, Endpoint Sync needs to be turned on in your Admin console. It’s usually on by default. If you turned it off, follow these steps to turn it on again:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. On the left, under Mobile, click Setup.
  4. Click Endpoint Sync.
  5. Check the Allow desktop reporting via browser extension box.
  6. Click Save.
Step 2: Install the endpoint verification extension

Chrome Browser, the endpoint verification extension, and a native helper app must be installed on the computers you want to monitor. You can deploy the extension to computers or have Mac or Windows users manually install it from the Chrome Web Store.

If you deploy the extension, users are prompted to agree to endpoint verification being installed on their device (subject to the Google Privacy Policy). You have 2 options to deploy the extension:

  • Deploy the extension to computers using the Force-Installed Apps and Extensions Chrome user policy. See Set Chrome user-level policies.
    Note: To use this option on devices running Chrome OS, turn on the Allow access to client certificates and keys and Allow access to challenge enterprise keys policies for the endpoint verification extension. See Manage individual apps on Chrome
  • For Mac and Windows, set a Chrome machine policy and deploy it to your company-owned devices. See Set device-level policies for Chrome Browser.
Step 3: Install the native helper (Mac and Windows only)

For monitoring to work, a native helper app needs to be installed on Mac and Windows computers.

You have 2 options for installing the native helper: 

Step 4: Set up device approvals (optional)

As an administrator, you can individually review each endpoint verification device that accesses corporate data. You can tag these devices as approved or blocked. You can use the tag to configure access levels in Access Context Manager. For details, see Control what devices can access your data

 

See or delete monitored computers

See monitored computers
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Endpoint Verification.
  4. (Optional) To search for devices by operating system, serial number, or user, use the filters on the left. 
  5. Click a device ID to see more information about the device. For details, see Information you can monitor.
Information you can monitor
You can see the following information about computers that have endpoint verification installed:
Category Property name Description Supported devices
Device compliance Status Device’s management status: Approved or unknown Mac
Chrome OS
Windows
User details Name The user’s name Mac
Chrome OS
Windows
Email The user’s email ID and aliases Mac
Chrome OS
Windows
Policy profile First sync Date and time the user first synchronized corporate data on the device Mac
Chrome OS
Windows
Last sync Date and time of the most recent sync Mac
Chrome OS
Windows
Device password status

Whether the device has a screen lock password

Note: This property doesn’t report whether the device has any other type of password (such as a firmware password for Mac).

Mac (managed devices only)
Windows
Encryption status

Whether the device is encrypted  

Supported third-party encryption providers: 
BitLocker for Windows and Filevault for Mac.

Mac
Chrome OS
Windows
Device properties Device ID Unique number associated with the user’s device Mac
Chrome OS
Windows
Serial number Serial number of the device Mac
Chrome OS
Windows
Type Make of device Mac
Chrome OS
Windows
OS Name of the operating system  Mac
Chrome OS
Windows
Verified Access

Indicates whether Chrome OS adheres to your organization’s policies 

Related topics:

Chrome OS
 

 

Delete a device

If you delete a device, it removes the device from the list of managed devices. Information is not removed from the device. And, the user can continue to access their corporate account on the device.
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. Click Endpoint Verification.
  4. Select the device you want to remove and click Delete.

Turn off endpoint verification

If you turn off endpoint verification, you will not see any computers added after that in your Admin console. You will still see computers that were monitored before, but device information is not updated.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device management.

    To see Device management, you might have to click More controls at the bottom.

  3. On the left, under Mobile, click Setup.
  4. Click Endpoint Sync.
  5. Uncheck the Allow desktop reporting via browser extension box.
  6. Click Save.
Was this helpful?
How can we improve it?