This feature is available with Cloud Identity Free and Cloud Identity Premium editions. Compare editions
As an administrator, you can use endpoint verification to get details about devices running ChromeOS or Chrome browser that access your organization’s data. For example, you can get information about the OS, device, and user for personal devices and devices owned by your organization. You can also use Context-Aware Access (CAA) to control device access to data based on the device's location, security status, or other attributes. For example, you can require device approval, then create a CAA policy that blocks data access if the device status is Pending approval or Blocked.
Supported computers
- Apple Mac OS X El Capitan (10.11) and later
- Devices running ChromeOS 110 and later
- Linux Debian and Ubuntu
Note: CPU must support AES instructions. - Microsoft Windows 10 and 11
Set up endpoint verification
Troubleshoot endpoint verification
If users have trouble, they might be able to resolve their issue. For details, see Troubleshoot endpoint verification for users.
If a Mac device doesn’t report password status in the Admin console, make sure the endpoint verification helper app is installed.
If devices with the helper app can’t access secured sites in Chrome browser, make sure that they use the correct certificate to connect. Use one or both of the following methods:
- On the server, set a list of valid CA names for the client certificate request.
- Set the AutoSelectCertificateForUrls Chrome policy to select the trusted certificate.
If these solutions don't work, you can contact Google Support. Before you contact support, we recommend you have the user download the endpoint verification logs so that a support specialist can help them resolve their issue faster.
Find users without endpoint verification
You can get a list of users who don't have endpoint verification installed on their device. If you want, you can send an email to ask them to install it.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
- Click Endpoints.
- At the top of the devices list, click Add a filter.
- Select Exclude: Endpoint Verification.
- To email users who don’t have endpoint verification:
- Check the box next to each device.
- Click Email Users
.
A new email window opens with the users you selected in the To field.
- Compose your email and click Send.
Turn off endpoint verification
Devices added after you turn off endpoint verification aren't shown in your Admin console. You still see devices that were monitored before, but device information isn't updated.
Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Devices > Mobile & endpoints > Settings > Universal.
Requires having the Mobile Device Management administrator privilege.
- Click Data access
Endpoint verification.
- (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
- Uncheck the Monitor which devices access organization data box.
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit.
Delete a device
When you delete a device, the device no longer syncs work data, but no information is removed from it. The device is added back to the list after the next sync unless a Context-Aware Access policy blocks access. In this case, the device might require approval to sync data again.
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
- Click Endpoints.
- Select the device you want to remove and click Delete.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.