Use a new enterprise certificate condition to set context-aware access rules for company-managed devices

Quick launch summary 

When configuring context-aware access rules, you can now use a new signal to determine whether a device is company-owned. By using new enterprise certificates as an alternative context-aware signal to determine if a device is a company-managed asset, you can set more specific context-aware policies that are appropriate based on the trustworthiness of the device. 

The Admin console screen to configure context-aware access rules using enterprise certificate condition

Getting started 

• Admins: The feature is available by default, but needs to be configured before use. Use our Help Center to learn more about configuring enterprise certificates and configuring context-aware access rules. 
• End users: No end user impact. 

Rollout pace 

• This feature is now available for all eligible users. 

Availability 

• Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers 
• Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business, and Cloud Identity Free customers 

Resources 

• Google Workspace Admin Help: Context-aware access overview
• BeyondCorp Enterprise documentation: Configuring enterprise certificate conditions