Stay organized with collections Save and categorize content based on your preferences.

Set up Endpoint Verification on your devices

This quickstart document guides you how to set up Endpoint Verification on your devices to understand the security posture of your devices.

Before you begin

  1. You must have a Google Workspace administrator account with the Service Settings privilege.
  2. Log in to the Google Workspace Admin Console by using your Google Workspace administrator account.

    Log in to Google Workspace Admin Console

  3. You must have an organization unit with at least one device running one of the following operating systems:

    • ChromeOS
    • Apple® Mac® OS X® El Capitan (10.11) or later
    • Microsoft® Windows® 7, 8, 8.1, 10, and 11
    • Linux® Debian® and Ubuntu®

Turn on Endpoint Verification

To collect information about the devices accessing the resources of your organization, Endpoint Verification must be turned on for your organizational unit. By default, Endpoint Verification is turned on.

To confirm if Endpoint Verification is turned on, do the following:

  1. From the Admin console Home page, go to Devices.

    Go to Devices

  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data Access > Endpoint Verification.
  4. From the Organizational Units pane, select your organization unit.
  5. Ensure that the Monitor which devices access organization data checkbox is selected.
  6. Click Save. If you configured a child organizational unit, you might be able to inherit or override the settings of a parent organizational unit.

Install Endpoint Verification on your devices

  1. From the Admin console Home page, go to Devices.

    Go to Devices

  2. In the navigation menu, click Chrome > Apps & extensions > Users & browsers.
  3. From the Organizational Units pane, select your organization unit for which you want to install the Endpoint Verification extension.
  4. Hold the pointer over Add, and click Add from Chrome Web Store.

  5. In the Search the store field, enter Endpoint Verification.
  6. Click Endpoint Verification and then click Select.
  7. In the Endpoint Verification dialog, ensure that Allow access to keys and Allow enterprise challenge are enabled.
    • Allow access to keys: allows the Endpoint Verification extension to access client certificates and keys on ChromeOS.
    • Allow enterprise challenge: allows the Endpoint Verification extension to use the Verified Access feature on ChromeOS. For more information, see Chrome Verified Access Overview.
  8. Click the Installation policy drop-down for Endpoint Verification, and select Force install.

  9. Click Save.

View your devices information

  1. From the Admin console Home page, go to Devices > Overview.

    Go to Devices overview

  2. Click Endpoints.

    The list of devices in your organization is displayed.

  3. To get more information about a specific device, click the device. The device information is displayed for that specific device.

    The device details show that the device is managed by Endpoint Verification.

Clean up

If you do not want Endpoint Verification to manage your devices, do the following:

  1. From the Admin console Home page, go to Devices.

    Go to Devices

  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data Access > Endpoint Verification.
  4. From the Organizational Units pane, select your organization unit.
  5. Clear the Monitor which devices access organization data checkbox.
  6. Click Save.

What's next