Evonence | Google Cloud Partner

View Original

End Point Verification for Google Workspace

What is End Point Verification?

Endpoint Verification is a tool that allows an administrator in your organization to see information about computers that are accessing corporate data. You need to install Chrome Browser, the Endpoint Verification extension, and possibly the native helper app on your computer.

Why to use?

Admins will have more control over how devices running endpoint verification can access corporate data in Google Cloud.

Specifically, Admin will be able to :

  • Tag endpoint devices running Chrome as approved or blocked — Admins can use the tag to configure access levels with the Access Context Manager

  • Decide whether an additional review is needed for newly registered endpoint verification devices before they’re tagged as approved.

This will bring similar functionality to what’s currently available for mobile device management to desktop devices using Chrome OS or Chrome browser.

With the ability to limit Google Workspace access for devices that use endpoint verification, admins will now get fine-grained control over managing device access beyond just mobile devices.

How to turn on Endpoint Sync

Endpoint sync is usually on by default, you can follow the below steps to turn it on. Admin console > Device Management > More Controls > Set up > Endpoint Sync> Allow  desktop reporting via browser extension

INSTALLING ENDPOINT VERIFICATION EXTENSION

You can deploy the extension to computers or have Mac or Windows users manually install it from the Chrome Web Store

If you deploy the extension,  users are prompted to agree to endpoint verification being installed on their device. Two options to deploy

  1. Deploy the extension to computers using the Force-Installed Apps and Extensions Chrome user policy.

    Note : turn on the Allow access to client certificates and keys and Allow access to challenge enterprise keys policies for the endpoint verification extension.

    2. For Mac and Windows, set a Chrome machine policy and deploy it to your company-owned devices.

Install the native helper

A native helper app needs to be installed on Mac and Windows computers for monitoring to work.

Two options you can use to install native helper.

  1. Deploy the Mac native helper or Windows native helper using a 3rd-party software management solution, for company owned devices.

  2. If users installed the Endpoint Verification extension, they’re prompted to install the native helper after they install the extension.

Admin can individually review each endpoint verification device that accesses corporate data. You can tag these devices as approved or blocked.