Get more information about the laptops and desktops people use to access your organization's G Suite data with the Endpoint Verification Chrome extension and native helper app.
Google's Endpoint Verification for Chrome helps IT administrators build a more complete list of the devices that people use to access organizational data. For years, administrators have been able to see basic information, such as device model and operating system, for Android and iOS mobile devices that connect to G Suite accounts. With the launch of Endpoint Verification in July 2018, administrators now may access similar information for Windows, macOS, and Chrome OS laptop and desktop devices.
Administrators access the laptop and desktop data gathered by Endpoint Verification in the G Suite admin console. The data includes the name of each person who signed in and their email address, along with the basic model, operating system, and operating system version of each device. An administrator can select "Device ID" to display more device details, such as the serial number, password and/or encryption status, and the first and most recent sync dates and times.
Endpoint Verification requires a few steps to set up. The following steps will help you through some of the steps necessary to enable Endpoint Sync, install the Endpoint Verification extension and "native helper app" (as Google refers to it) on Windows and macOS systems.
Note: You'll need G Suite administrator access to deploy Endpoint Verification. You can deploy Endpoint Verification to Chrome OS devices or to Windows (7 or 10) and macOS (10.11 or more recent) systems with the Chrome browser installed.
SEE: Mobile device computing policy (Tech Pro Research)
1. Enable Endpoint Sync
Go to admin.google.com and sign in with a G Suite administrator account. Select Device Management, then Setup (from the menu on the left side of the screen). Scroll to Endpoint Sync, select it, then make sure that "Allow desktop reporting via browser extension" has a checked box next to it. If not, check the box and select Save. Wait up to 24 hours for a changed setting to be applied.
2. Install the Endpoint Verification extension
To install the Endpoint Verification for people who sign in with a G Suite account, return to the admin console dashboard, choose Device Management, then select Chrome Management (from the menu on the left side of the screen), scroll down and select App Management. To the left, under "Find or Update Apps" enter "Endpoint Verification" then select search. Choose the extension.
In addition to any sliders selected, adjust sliders for both "Allow access to client certificates and keys" and "Allow access to challenge enterprise keys" to "on." (If you only wish to gather info from Chrome OS devices, skip to step 3. This is all that is needed for Chrome OS devices.)
Windows and macOS
On Windows and macOS devices, you'll need to install both the Endpoint Verification extension and the native helper app.
Alternatively, you have two options to install the Endpoint Verification extension for Chrome on Windows and macOS: You may either apply Chrome policies when people sign in, or deploy a set of Chrome policies with a separate policy management system.
Many G Suite administrators may prefer to manage and apply Chrome Browser policies when people sign in to Chrome. To enable this for everyone (or for a specific organizational unit), go to admin.google.com, sign in with your G Suite administrator account, select Device Management > Chrome management (from the menu on the left side of the screen) > User Settings. Scroll down to Chrome Management for Signed-in Users. Select "Apply all user policies when users sign in to Chrome, and provide a managed Chrome experience." This option allows a G Suite administrator to customize and control how Chrome works for a person signed in with an organizational account. With this setting enabled, the extension will auto-install in the Chrome browser on Windows and macOS, as it does on Chrome OS above.
IMPORTANT: If people have previously signed in as an unmanaged user, when you enable the "Apply all user policies when users sign in to Chrome" the setting may significantly change a person's Chrome setup. The changes may remove and/or add extensions, apps, and adjust settings. Be sure to alert people before you enable this feature!
However, an organization with an existing policy management system may prefer to install the Endpoint Verification extension using Windows Group Policy (with ADM or ADMX templates) or a Mac policy management tool (with a plist bundle). For either of these options, see Google's " Set Chrome Browser policies on managed PCs" help page.
3. View Endpoint Verification data
To view the system information gathered by Endpoint Verification, go to admin.google.com, sign in with a G Suite administrator account, select Device Management, then Endpoint Verification. Select the column header for any of the columns to sort the data to see similar items together. For example, select the OS column to see systems in order by operating system (e.g., Chrome OS, macOS, and Windows).
As of September 2018, Endpoint Verification helps administrators see basic information about the laptop and desktop devices people in the organization use.
If you're a G Suite administrator, have you deployed Endpoint Verification for all or part of your organization's devices? How do you use the data about connected laptops and desktops that Endpoint Verification provides? Let me know either in the comments or on Twitter ( @awolber).
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Here's Google's biggest secret to not failing at security (TechRepublic)
- Anxious much? Here's how to secure your company the Google way (TechRepublic)
- Google Cloud Platform: A cheat sheet (TechRepublic)
- The secret to Google's rock solid security is now commercially available (TechRepublic)
- How Duo Beyond wants to remove the network perimeter and get rid of the VPN (TechRepublic)
- BeyondCorp: Borderless security for today's mobile workforce (TechRepublic)
- Okta acquires zero trust security firm ScaleFT (ZDNet)
- The best security? Have Zero Trust, says expert (TechRepublic)