Google Workspace Computer Endpoint Management

Depending on the size of your organization, you may have a large number of computers connected to your Google Workspace resources. These connected computers, also known as endpoints, have access to your private Google Workspace data. As such, it is important to provide them with comprehensive security policies that will prevent unauthorized access to your important data. In this article we will discuss computer endpoint management and explore how it can be used to increase security for your organization.

Topics include

• Why Use Computer Endpoint Management?
• Computer Endpoint Management Options
• Enabling Endpoint Verification

Why Use Computer Endpoint Management?

Computer endpoint management is useful for enhancing security for your computer-based endpoints. Instead of letting potentially insecure machines into your Google Workspace network, endpoint management can be used to ensure that connected computers all use the same software and security settings, particularly in the case of Windows environments. Setting up this feature will allow you to fine-tune who has access to your Google Workspace network.

Computer Endpoint Management Options

Google Workspace provides a number of options for computer endpoint management, each offering a different level of security for your connected devices. By default, you can use this feature to determine what type of access, if any, a connected device will have. You can also use this feature to see when users sign in, regardless of which option you choose. To help you decide which options are best for your organization, we will describe them below:

Fundamental Management – Automatically enabled, provides features described above.

Endpoint Verification – Must be enabled for endpoint management to function properly. This feature allows you to find and email users that are not verified, giving them the opportunity to verify their connected device. Through endpoint verification, organization administrators can approve, block, unblock or delete devices. In order for a device to be verified, the administrator must approve the verification request.

Google Drive for Desktop – This option requires users to install the Google Drive for desktop application onto their computer. The advantage of using this option is that it can specify that only company-owned devices can run Google Drive, enhancing the security of your shared file sharing resource. Similar to endpoint verification, it is possible to approve, block, or delete devices connected to the network. By blocking a device, you will prevent them from accessing Google Drive regardless of the device.

Enhanced Desktop Security for Windows – This option is only available for computers that use Windows. Using this option allows organization administrators to apply Windows settings for connected computers and even remove data if necessary. Through this option, administrators can approve, block, or delete devices. Blocking a device from this option means it will no longer be able to receive configuration changes to Windows settings or have data removed.

Enabling Endpoint Verification

Google Workspace administrators can enable endpoint verification from the dashboard using the following instructions:

1. First, login to your Google admin dashboard.
2. Next, go to Devices.
3. On the next page, navigate to Mobile & endpoints > Settings > Universal Settings.
4. Next, navigate to Data Access > Endpoint Verification.
5. Click the checkbox labeled Monitor which devices access organization data.
6. Once done, click Save.

Congratulations, you now know how to enable endpoint verification in Google Workspace!

Next Steps

To assist with the management of non-computer physical resources such as meeting rooms and conference equipment, consider setting up building management in your Google Workspace organization. If your organization has a large number of users, consider setting up organizational units to make managing their permissions and access-levels even easier.