No-brainer for Every Google Workspace Admin: Endpoint Verification

Administration of Google Chrome Browser settings are often overlooked by many Google Workspace admins, despite being available for all SKUs. I have been an advocate for Chrome Management since before Chrome Browser Cloud Management (CBCM) became available. Since there seems to be a continued convergence and integration across different products (Google Workspace, Chrome, Google Cloud Platform, etc.), I thought it would be important to highlight some of the features for people who may be less familiar with Google Workspace Admin Console.

What is endpoint verification?

It is a Chrome Extension that you can push to your users, which gathers and reports information about devices that are accessing your organization’s data.

On Enterprise SKUs, you can use Context Aware Access (BeyondCorp, Zero-Trust) to allow or restrict access to Core Google Workspace applications or SAML Applications, the prerequisite of which is Chrome with Endpoint Verification installed.

Recommended Setting

  1. Go to https://admin.google.com/ac/chrome/apps/user
  2. Click on + icon on the bottom right, then select Add from Chrome Web Store (apply the setting at Root OU if you want everyone to inherit the setting)
  3. Search for Endpoint Verification
  4. Select Force install + pin

What’s the Impact for the End Users?

The change impact is very minimal. You can share the article below with your users to let them know about the information that is gathered by the extension.

  • For BYOD devices, the setting will apply only if the users are signed-in to Chrome
  • For company-owned devices, it is recommended that you push the extension using EMM (Intune, Jamf, etc.) or use CBCM to push the extension to the enrolled browsers.

Brian is a Google-certified Collaboration and Security Engineer. You can find him hanging out in SaaSOps or MacAdmins Slack