skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN)

Control access to corporate data on Chrome, Mac, and Windows devices

What’s changing

We’re giving admins more control over how devices running endpoint verification can access corporate data in Google Cloud. Specifically, we’ll give admins the ability to:


  • Tag endpoint devices running Chrome as approved or blocked — Admins can use the tag to configure access levels with the Access Context Manager
  • Decide whether an additional review is needed for newly registered endpoint verification devices before they’re tagged as approved.


This will bring similar functionality to what’s currently available for mobile device management to desktop devices using Chrome OS or Chrome browser.


Who’s impacted

Admins only


Why you’d use it

With the ability to limit G Suite access for devices that use endpoint verification, admins will now get fine-grained control over managing device access beyond just mobile devices.


Now, admins can view the inventory of devices that are access this data, and approve or block access to specific devices based any internal criteria. Examples include, lost devices, which can now be ‘blocked’ from accessing apps, or approving new users who need to access applications as their job titles shift.


How to get started


  • Admins:


    • To set a policy for whether newly registered endpoint verification devices need admin approval, go to Admin Console > Device management > Setup > Device Approvals > Device Approvals.
      • Check or uncheck the box to set a policy. This will default to unchecked, meaning that admins will not have to manually approve newly registered devices.
      • Optionally, you can also add an email that approval requests will be sent to.  


    • Note that device access to corporate data can be configured at any time by using the Access Context Manager.
      • For desktop devices, Admins will have the option to select Approve or Block, which will tag the device accordingly in the Access Context Manager.
    • Approve or block actions on devices will generate an audit event within the Admin Console. For more information on audit logs for devices, see here.
  • End users: No action needed


Additional details

This launch allows you to control access for devices with endpoint verification installed. This includes Chromebooks and other desktop devices running the Google Chrome browser.


Tag newly registered endpoint verification devices as ‘Approved’ or ‘Blocked’ before setting access


When a new device is registered via Endpoint Verification, admins can turn on access restriction in the Access Context Manager. From there, they can govern device access by selecting ‘Approve’ or ‘Block’.


See image below to see how this will look in the Admin console with the feature ON.


If this policy is OFF, devices will be approved by default and can be blocked later on, for example, if a device is lost or a device is compromised.





Turn individual device access on or off


Admins can approve or remove access for devices in the Admin Console. A new view at Admin console > Device Management > Device Approvals will list all devices in a pending approval state. From this list, they can be tagged as Deviced/Approved — once devices are tagged, further access policies can be configured in the Access Context Manager.


Admins can also get email notifications for when a device is registered but needs admin approval. See our Help Center to learn how to configure email notifications.


Helpful links


Updated: Gimasys

Back To Top
0974 417 099