Software

How to deploy Endpoint Verification for G Suite

Get more information about the laptops and desktops people use to access your organization's G Suite data with the Endpoint Verification Chrome extension and native helper app.

Google's Endpoint Verification for Chrome helps IT administrators build a more complete list of the devices that people use to access organizational data. For years, administrators have been able to see basic information, such as device model and operating system, for Android and iOS mobile devices that connect to G Suite accounts. With the launch of Endpoint Verification in July 2018, administrators now may access similar information for Windows, macOS, and Chrome OS laptop and desktop devices.

Administrators access the laptop and desktop data gathered by Endpoint Verification in the G Suite admin console. The data includes the name of each person who signed in and their email address, along with the basic model, operating system, and operating system version of each device. An administrator can select "Device ID" to display more device details, such as the serial number, password and/or encryption status, and the first and most recent sync dates and times.

Endpoint Verification requires a few steps to set up. The following steps will help you through some of the steps necessary to enable Endpoint Sync, install the Endpoint Verification extension and "native helper app" (as Google refers to it) on Windows and macOS systems.

Note: You'll need G Suite administrator access to deploy Endpoint Verification. You can deploy Endpoint Verification to Chrome OS devices or to Windows (7 or 10) and macOS (10.11 or more recent) systems with the Chrome browser installed.

SEE: Mobile device computing policy (Tech Pro Research)

1. Enable Endpoint Sync

Go to admin.google.com and sign in with a G Suite administrator account. Select Device Management, then Setup (from the menu on the left side of the screen). Scroll to Endpoint Sync, select it, then make sure that "Allow desktop reporting via browser extension" has a checked box next to it. If not, check the box and select Save. Wait up to 24 hours for a changed setting to be applied.

Screenshot of Endpoint Sync setting with checkbox filled (feature enabled)

First, enable Endpoint Sync in the G Suite admin console.

2. Install the Endpoint Verification extension

To install the Endpoint Verification for people who sign in with a G Suite account, return to the admin console dashboard, choose Device Management, then select Chrome Management (from the menu on the left side of the screen), scroll down and select App Management. To the left, under "Find or Update Apps" enter "Endpoint Verification" then select search. Choose the extension.

In addition to any sliders selected, adjust sliders for both "Allow access to client certificates and keys" and "Allow access to challenge enterprise keys" to "on." (If you only wish to gather info from Chrome OS devices, skip to step 3. This is all that is needed for Chrome OS devices.)

Screenshot that shows the four sliders (mentioned in the caption) turned ON to allow & force installation, and allow access to client certificates (and keys) & challenge enterprise keys.

Next, in the Admin console, configure the Endpoint Verification extension to allow installation, force installation, and allow access to both client certificates and keys and challenge enterprise keys.

Windows and macOS

On Windows and macOS devices, you'll need to install both the Endpoint Verification extension and the native helper app.

Both the extension and native helper app may be installed manually. When a person is signed into their G Suite account in Chrome, they can first install the Endpoint Verification extension from the Chrome web store. Then, after the extension has been installed, they'll be prompted to install the related native helper app. During the installation process, the person will need to approve and agree to the terms of use of the extension. For small organizations with few devices, this may be the simplest setup option.

Alternatively, you have two options to install the Endpoint Verification extension for Chrome on Windows and macOS: You may either apply Chrome policies when people sign in, or deploy a set of Chrome policies with a separate policy management system.

Many G Suite administrators may prefer to manage and apply Chrome Browser policies when people sign in to Chrome. To enable this for everyone (or for a specific organizational unit), go to admin.google.com, sign in with your G Suite administrator account, select Device Management > Chrome management (from the menu on the left side of the screen) > User Settings. Scroll down to Chrome Management for Signed-in Users. Select "Apply all user policies when users sign in to Chrome, and provide a managed Chrome experience." This option allows a G Suite administrator to customize and control how Chrome works for a person signed in with an organizational account. With this setting enabled, the extension will auto-install in the Chrome browser on Windows and macOS, as it does on Chrome OS above.

IMPORTANT: If people have previously signed in as an unmanaged user, when you enable the "Apply all user policies when users sign in to Chrome" the setting may significantly change a person's Chrome setup. The changes may remove and/or add extensions, apps, and adjust settings. Be sure to alert people before you enable this feature!

Screenshot of information displayed when Endpoint Verification extension selected when active.

Once installed and active, the extension displays both the account information and most recent sync date time.

However, an organization with an existing policy management system may prefer to install the Endpoint Verification extension using Windows Group Policy (with ADM or ADMX templates) or a Mac policy management tool (with a plist bundle). For either of these options, see Google's " Set Chrome Browser policies on managed PCs" help page.

In either case, if you don't manually install the helper app, you'll need to deploy the native helper app for Windows or macOS with a third-party app management system.

3. View Endpoint Verification data

To view the system information gathered by Endpoint Verification, go to admin.google.com, sign in with a G Suite administrator account, select Device Management, then Endpoint Verification. Select the column header for any of the columns to sort the data to see similar items together. For example, select the OS column to see systems in order by operating system (e.g., Chrome OS, macOS, and Windows).

Screenshot that shows G Suite administrator view of laptop/desktop devices, with inset of detail for a specific device (e.g., Inspiron 3137).

An administrator may select a Device ID to view more details, such as current OS, device serial number, and most recent sync date and time.

Your thoughts?

As of September 2018, Endpoint Verification helps administrators see basic information about the laptop and desktop devices people in the organization use.

If you're a G Suite administrator, have you deployed Endpoint Verification for all or part of your organization's devices? How do you use the data about connected laptops and desktops that Endpoint Verification provides? Let me know either in the comments or on Twitter ( @awolber).

Also see

Shows Endpoint Verification Chrome extension PLUS Apps (Windows & macOS) = Laptop & Desktop Details for G Suite admin
Illustration: Andy Wolber / TechRepublic

About Andy Wolber

Andy Wolber helps people understand and leverage technology for social impact. He resides in Albuquerque, NM with his wife, Liz, and daughter, Katie.

Editor's Picks

Free Newsletters, In your Inbox