Featured launch: Fundamental device management brings basic coverage to all desktop computers
With this launch, all desktop devices that log in to G Suite will get fundamental device management by default. This means that when a user logs in to G Suite through any browser on a Windows, Mac, Chrome, or Linux device, the device will be registered with Google endpoint management. This will happen automatically upon login – it does not require any other user actions or software to be installed on the device.
When a device is registered with fundamental device management, admins can see the device type, operating system, first sync time, and last sync time in the Admin console. They can also sign the user out from that device.
This provides the basic benefits of device management without additional costs or requiring installation of agents or profiles. We’re also making enhancements to the filters available in the device list that can help endpoint verification and Context-Aware Access deployment. See more information below.
Why you’d use it
Fundamental device management provides a base level of security to every device that accesses corporate data. The device data collected can help admins make more informed security and policy decisions about how to manage the devices in their organization. More specifically, the feature will help admins to:
- Get a clearer picture of all the devices that are accessing corporate data.
- Use more comprehensive data to analyze device access in the organization through reports and the security center. For example, you could use it to identify devices that require OS updates.
- Improve Context-Aware Access deployment by ensuring a more comprehensive device inventory and increasing the visibility into which users might be impacted by Context-Aware Access.
- Take remedial action to remotely sign out a user when a device is lost, stolen, or compromised.
Additionally, a new “Exclude Endpoint Verification” filter on the device list can help increase endpoint verification deployment and ease Context-Aware Access adoption.
How to get started
- Admins: Use our Help Center to find out more about fundamental device management.
- End users: No action needed.
Fundamental desktop management provides device information without apps or agents
When fundamental device management is enabled, the admin will get information about a limited set of device properties: device type, device model, OS version, first sync, and last sync.
This will be visible in two places in the Admin console:
- The devices list found at Admin console > Device management > Devices > Endpoints.
- The audit section found at Admin console > Reporting > Audit > Devices.
Information about devices with fundamental device management will be listed alongside devices that use other agents to provide admins with details about devices accessing corporate data. Admins can filter the endpoint list by “Management Type” to see devices with a specific device management type, such as fundamental, endpoint verification, or Drive File Stream.
You can filter for “Fundamental” managed devices at Admin console > Device management > Devices
A device page with information provided through fundamental device management
Limitations of fundamental device management and other endpoint verification options
Fundamental device management is designed to be an agentless, lightweight information collection tool. Its goal is to provide a basic data set, which can help admins make some decisions and add some controls to devices accessing their data.
Google provides other services, which offer more detailed data and enable more comprehensive controls to admins, including endpoint verification, Chrome device management, Drive File Stream, and Google Mobile Management.
New Endpoint Verification filter helps deploy Endpoint Verification and Context-Aware Access
We’re also adding the ability to filter for devices without endpoint verification in the device list at Admin console > Device management > Devices. This can help admins to identify devices which are accessing corporate data without endpoint verification, and see if they’d like to install endpoint verification on any of them. This can also improve the deployment of Context-Aware Access, which relies on Endpoint Verification. By seeing users and devices without Endpoint Verification installed, admins can identify and avoid potential user disruption before turning on Context-Aware Access.