While using the company-owned devices, the major problem arises: what is that particular device's security posture?
For that, we have Endpoint Verification.
So in this article we'll learn about the company owned devices and setting them up, approving , blocking them
Let's dive into the topic to learn more about it.
Configuring company-owned devices.
How to add devices to your company's inventory is described on this page. Add it to the Google Workspace Admin Console for complete control of a device.
As an administrator, you may keep track of information regarding your business's devices, including the type of device and the user to whom it has been assigned. Microsoft Windows, Apple Mac, and enterprise-enrolled Chrome OS devices can all be added.
By individually adding it, you can control a device's data more. You lose control if an employee adds their device.
Adding devices to your inventory
To register these devices as corporate-owned, you can import the serial numbers into the Google Workspace Admin Console. You can still add devices as company-owned devices even if you gave them to users before adding the device details to your Google Workspace Admin Console.
Log in to your admin account and launch the Google Workspace Admin Console.
Go to Devices from the Admin console's Home page.
Go to Mobile & endpoints > Company-owned inventory in the navigation menu.
Click add to add a new device .
Choose the device category you want to import in the Import business-owned devices window, then click Download import template. Your computer downloads the import template.
Open the import template and carry out these steps:
Type in the device's serial number. The string you input must correspond to the device's serial number. Should it not, you can upload the device to the Google Workspace Admin Console, but you are unable to assign it to a user.
Enter an asset tag if you want to monitor the gadget.
Do one of the following things if you omitted asset tags:
Remove the "Asset Tag" from the file header.
After each serial number, a comma should be used. The comma should now be used to separate each row of data items. A new line should be used to divide each row.
File saving.
Return to the imported business-owned equipment
Following the import procedure, you get an email stating how many devices were imported successfully.
Viewing your inventory
Go to Devices from the Admin console's Home page.
Go to Mobile & endpoints > Company-owned inventory in the navigation menu to examine your company-owned devices.
Removing a device
Go to Devices from the Admin console's Home page.
Go to Mobile & endpoints > Company-owned inventory in the navigation menu to examine your company-owned devices.
Click Delete after selecting the device.
Serial number import issues
You may experience one of the following errors if there is a problem importing devices:
Deleting a device
Untagging a device is equivalent to doing this. When a mobile device is deleted, its ability to sync with corporate data is interrupted, but no data is lost. Wipe the account or device before deleting it if you want to get rid of any business data.
Setting up device approvals
Each Endpoint Verification device that accesses corporate data can be reviewed and approved by an admin. Once users connect their Google accounts, all devices are automatically approved. These gadgets can be marked as approved or prohibited.
Access Context Manager uses these tags to set up admin approval-based access levels.
Even if you set up device approvals, they are automatically applied to devices that are registered by serial number. For further information, see Configuring company-owned devices.
Enabling admin approval
To tag devices, you must first enable admin approval.
Log in to your admin account and launch the Google Workspace Admin Console.
Navigate to Devices from the Admin console's home page.
Click Mobile and endpoints > Universal settings > Security from the navigation menu.
Optional: Choose an organization from the Organizational units pane to personalize device approvals across organizational units.
On the Security card, click.
Select Requires admin approval under Device Approvals.
You can provide an email address to receive notifications when people enroll in their devices. For all administrators with permission to activate devices, you can use a single email address.
Click Save.
Approving and blocking devices
Log in to your admin account and launch the Google Workspace Admin Console.
Go to Devices from the Admin console's Home page.
Toggle to Endpoints.
Take the necessary action based on whether you wish to accept or block devices:
Select the devices, click More, and then choose Approve devices to grant access to corporate data and mark Endpoint Verification devices as approved.
Select the devices, then click Block to block access to corporate data and mark them as blocked for Endpoint Verification.
A notice stating that an administrator must activate the device is displayed to an employee who adds a corporate account to their device.
Enforcing admin approval
A device's capacity to access company data remains unchanged regardless of whether it is approved or blocked. Instead, a tag that can be used to set access levels with Access Context Manager is added to the device. To enforce device approval settings, adhere to the procedure below.
Utilize IAP to protect your resources.
Make a device policy-setting access level. The property "Requires admin approval" to "Yes."
Use resources according to your access level.
Frequently Asked Question
What is endpoint verification?
A technology called Endpoint Verification enables a company administrator to discover details about the PCs that are accessing corporate data.
What is an API endpoint?
An API endpoint is where a software application connects to an API, the code that enables two software programs to communicate with one another.
Should I have verified access on Chromebook?
Verified access guarantees that the Chromebook connected to the corporate network is unaltered and adheres to corporate policy.
What is the application endpoint?
The Application Endpoint class is a sort of endpoint that is mostly utilized by server applications and offers end users communication and collaboration functions.
What are Chrome URLs?
The Google Chrome browser's internal sites, known as Chrome URLs, are primarily created to give developers and advanced users precise information on the browser's internals.
Conclusion
This blog has extensively discussed Setting up device approvals, approving and blocking devices ,etc. We hope this blog has helped you in enhancing your knowledge about Endpoint Verification. If you want to learn more, check out the excellent content on the Coding Ninjas Website: