Device attributes collected by Endpoint Verification

This document describes the details of device attributes that are collected by Endpoint Verification from the devices accessing your organization's resources.

Device attributes

The following table describes the attributes that are collected by Endpoint Verification that you can use to create access levels:

Attribute name Description Supported OS Example of using the attribute in the CEL expressions
is_secured_with_screenlock A boolean value that indicates whether the screen lock function is enabled on a device.
  • macOS
  • ChromeOS
  • Windows
  • Linux
 device.is_secured_with_screenlock == true
encryption_status

The encryption status of a device. Possible values:

  • ENCRYPTION_UNSPECIFIED = 0 indicates that the encryption status of the device is not specified or not known.
  • ENCRYPTION_UNSUPPORTED = 1 indicates that the device does not support encryption.
  • ENCRYPTION_UNENCRYPTED = 2 indicates that the device supports encryption, but is not encrypted.
  • ENCRYPTED = 3 indicates that the device is encrypted.
  • macOS
  • ChromeOS
  • Windows
  • Linux
 device.encryption_status == DeviceEncryptionStatus.ENCRYPTED
os_type

The operating system running on a device. Possible values:

  • OS_UNSPECIFIED = 0 indicates that the operating system of the device is not specified or not known.
  • DESKTOP_MAC = 1
  • DESKTOP_WINDOWS = 2
  • DESKTOP_LINUX = 3
  • DESKTOP_CHROME_OS = 6
  • macOS
  • ChromeOS
  • Windows
  • Linux
 device.os_type == OsType.DESKTOP_MAC
os_version The version of the operating system running on a device.
  • macOS
  • ChromeOS
  • Windows
  • Linux
  • device.os_version == "MacOS 13.4.0"
  • device.os_version == "ChromeOs 14541.0.0"
  • device.os_version == "Windows 10.0.19045"
  • device.os_version == "Linux rodete"
    • Note: Operating system names are case-sensitive.
    verified_chrome_os A boolean value that indicates whether the request comes from a device with a verified ChromeOS. ChromeOS (only for enterprise-enrolled devices) device.verified_chrome_os == true
    model The model of a device.
    • macOS
    • Windows
    • Linux
    		 device.model == "MacBookPro16,1"
    is_managed_browser_profile A boolean value that indicates whether the Chrome content area account associated with a device matches its Chrome profile account.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    		 device.is_managed_browser_profile == true
    certificates Attributes of the certificates associated with a device. For example, Enterprise certificates.
    • macOS
    • ChromeOS
    • Windows
    • Linux
    		 device.certificates.exists(cert, cert.is_valid && cert.root_ca_fingerprint == "SOME_ROOT_CA_FINGERPRINT")

    Device identity attributes

    The following table describes the attributes that are collected by Endpoint Verification that you can use to identify devices:

    Attribute name Description Supported OS
    Serial number The serial number of the device.
    • macOS
    • ChromeOS (only for enterprise-enrolled devices)
    • Windows
    • Linux
    Hostname The hostname of the device.
    • macOS
    • Windows
    • Linux
    Device ID The unique identification number associated with the device.
    • macOS
    • Windows
    • Linux
    Wifi MAC Address The MAC address of the device.
    • macOS
    • ChromeOS
    • Windows
    • Linux

    What's next