Deploy Endpoint Verification

Stay organized with collections Save and categorize content based on your preferences.

This document shows how administrators can deploy Endpoint Verification to their organization to assess and monitor the security posture of the devices in their organization. As an administrator, you deploy Endpoint Verification from the Google Workspace Admin Console.

For more information about Endpoint Verification, see Endpoint Verification overview.

To deploy Endpoint Verification, you complete the following process:

  1. Turn on Endpoint Verification.
  2. Install Endpoint Verification on your devices.
  3. If required for your device type, install the Endpoint Verification helper app.

Before you begin

  1. You must have a Google Workspace administrator account with the Service Settings privilege.
  2. Log in to the Google Workspace Admin Console by using your Google Workspace administrator account.

    Log in to Google Workspace Admin Console

  3. You must have an organization unit with at least one device running one of the following operating systems:

    • ChromeOS
    • Apple® Mac® OS X® El Capitan (10.11) or later
    • Microsoft® Windows® 7, 8, 8.1, 10, and 11
    • Linux® Debian® and Ubuntu®

Turn on Endpoint Verification

To collect information about the devices accessing the resources of your organization, Endpoint Verification must be turned on for your organizational unit. By default, Endpoint Verification is turned on.

To confirm if Endpoint Verification is turned on, do the following:

  1. From the Admin console Home page, go to Devices.

    Go to Devices

  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data Access > Endpoint Verification.
  4. From the Organizational Units pane, select your organization unit.
  5. Ensure that the Monitor which devices access organization data checkbox is selected.
  6. Click Save. If you configured a child organizational unit, you might be able to inherit or override the settings of a parent organizational unit.

Install Endpoint Verification on your devices

  1. From the Admin console Home page, go to Devices.

    Go to Devices

  2. In the navigation menu, click Chrome > Apps & extensions > Users & browsers.
  3. From the Organizational Units pane, select your organization unit for which you want to install the Endpoint Verification extension.
  4. Hold the pointer over Add, and click Add from Chrome Web Store.

  5. In the Search the store field, enter Endpoint Verification.
  6. Click Endpoint Verification and then click Select.
  7. In the Endpoint Verification dialog, ensure that Allow access to keys and Allow enterprise challenge are enabled.
    • Allow access to keys: allows the Endpoint Verification extension to access client certificates and keys on ChromeOS.
    • Allow enterprise challenge: allows the Endpoint Verification extension to use the Verified Access feature on ChromeOS. For more information, see Chrome Verified Access Overview.
  8. Click the Installation policy drop-down for Endpoint Verification, and select Force install.

  9. Click Save.

Install the Endpoint Verification helper app

If your organization has devices with the following specifications, then you must install the helper app on those devices:

  • Apple Mac or Microsoft Windows devices that are not using Chrome M80 or later.
  • Linux devices that are not using Chrome M93 or later.

To install the helper app, you can use the device management tools such as Jamf on Apple Mac devices and Active Directory on Microsoft Windows devices.

Jamf

  1. Download the helper.dmg file.
  2. Mount the helper.dmg file and extract EndpointVerification.pkg.
  3. To deploy EndpointVerification.pkg, follow the instructions in Deploying Mac Packages. After the app appears in the Apps page, it's ready for deployment with Blueprint.
  4. To deploy the app to all devices, follow the instructions in Deploying an App to All Devices in a Blueprint.

Active Directory

Follow the instructions in Use Group Policy to remotely install software.

What's next