This document shows how administrators can set up device approvals to control the devices that users can use to access their organization's resources.
As an administrator, you can enforce administrator approval for device access, and approve or block devices from the Google Admin console. By default, all devices are approved when users log in to their devices by using their Google Accounts unless you set up administrator approvals for the devices.
Enable administrator approval for device access
If you want to review devices that users use to access their organization's resources, you can enable the Require admin approval option. After you enable this option, when users add their corporate account to their device, they see a message that an administrator must review and approve the device.
To enable administrator approval for device access, do the following:
From the Admin console Home page, go to Devices.
In the navigation menu, click Mobile & endpoints > Settings > Universal settings > Security.
From the Organizational Units pane, select your organization unit. To apply the setting to everyone, select the top organizational unit.
Click Device approvals and then select Require admin approval.
Enter an email address to get notifications when users enroll their devices. You can use a group email address that includes all administrators who can activate devices.
Click Save.
Approve or block devices
Approving or blocking a device adds a device status tag, which you can use to create admin approval-based access levels. Approving or blocking a device doesn't affect the device's ability to access data.
When a device approval is pending or a device is blocked, the device can still sync data unless you create access levels to block access based on the device status tag.
To approve, block, or unblock devices, do the following:
-
From the Admin console Home page, go to Devices.
- Click Endpoints.
Depending on whether you want to approve, block, or unblock devices, perform the appropriate action:
To allow devices to access data and to tag them as approved, select the devices, click More
and select Approve devices.To prevent devices from accessing data and to tag them as blocked, select the devices and click Block Devices
.To unblock devices and to tag them as approved, select the devices and click Unblock Devices
.