Set up Endpoint Verification on your devices

This quickstart document guides you how to set up Endpoint Verification on your company-owned devices to help you understand the security posture of those devices.

Before you begin

  • Log in to the Google Workspace Admin Console by using your Google Workspace admin account.

    Google Workspace Admin Console

  • Ensure that you have an organization unit with at least one device that has one of the following specifications:

    • Devices running Chrome OS
    • Apple® Mac® OS X® El Capitan (10.11) and later
    • Microsoft® Windows® 7 and 10
    • Linux® Debian® and Ubuntu®

Turn on Endpoint Verification

To collect information about your company-owned devices, Endpoint Verification must be turned on for your organizational unit. By default, Endpoint Verification is turned on.

To confirm if Endpoint Verification is turned on, do the following:

  1. From the Admin console Home page, go to Devices.
  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data access > Endpoint verification.
  4. From the Organizational units pane, select your organization unit.
  5. Ensure that the Monitor which devices access organization data checkbox is selected.

  6. Click Save. If you configured a child organizational unit, you might be able to inherit or override a parent organizational unit's settings.

Install Endpoint Verification on your devices

To install the Endpoint Verification extension on your devices, do the following:

  1. From the Admin console Home page, go to Devices.
  2. In the navigation menu, click Chrome > Apps & extensions > Users & browsers.
  3. Hold the pointer over Add and click Add from Chrome Web Store.

  4. In the Search the store field, enter Endpoint Verification.

  5. Click Endpoint Verification and then click Select.

  6. From the Organizational units pane, select your organization unit for which you want to install the Endpoint Verification extension.

  7. In the Endpoint Verification dialog, ensure that Allow access to keys and Allow enterprise challenge are enabled.

    • Allow access to keys: allows the Endpoint Verification extension to access client certificates and keys on Chrome OS.
    • Allow enterprise challenge: allows the Endpoint Verification extension to use the Verified Access feature on ChromeOS. For more information, see Chrome Verified Access Overview.

  8. Click the Installation policy drop-down for Endpoint Verification and select Force install.

  9. Click Save.

View your devices information

  1. From the Admin console Home page, go to Devices > Overview.
  2. Click Endpoints.
  3. From the list of devices, click any company-owned device for which you want to view the device information.

    The device details show that the device is managed by Endpoint Verification.

Clean up

If you do not want Endpoint Verification to manage your devices, do the following:

  1. From the Admin console Home page, go to Devices.
  2. In the navigation menu, click Mobile & endpoints > Settings > Universal settings.
  3. Click Data access > Endpoint verification.
  4. From the Organizational units pane, select your organization unit.
  5. Clear the Monitor which devices access organization data checkbox.
  6. Click Save.

What's next