What’s changing
With this launch, all desktop devices that log in to G Suite will get
fundamental device management by default. This means that when a user logs in to G Suite through any browser on a Windows, Mac, Chrome, or Linux device, the device will be registered with endpoint management. This will happen automatically upon login and does not require any other user actions or software to be installed on the device.
When a device is registered with fundamental device management, admins can see the device type, operating system, first sync time, and last sync time in the Admin console. They can also sign the user out from that device.
This provides the basic benefits of device management without additional costs or requiring installation of agents or profiles. We’re also making enhancements to the filters available in the device list that will strengthen our
endpoint verification and
Context-Aware Access functionality. See more information below.
Who’s impacted
Admins only
Why you’d use it
Fundamental device management provides a base level of security to every desktop device that accesses G Suite data. The device data collected can help admins make more informed security and policy decisions about how to manage the devices in their organization. More specifically, the feature will help admins to:
- Get a clearer picture of all the devices that are accessing corporate data.
- Use more comprehensive data to analyze device access in the organization through reports and the security center. For example, you could use it to identify devices that require OS updates.
- Take remedial action to remotely sign out a user when a device is lost, stolen, or compromised.
- Improve Context-Aware Access controls. The device inventory will be more comprehensive, and admins can use a new “Exclude Endpoint Verification” filter, which will enable admins to see which devices would not be able to access G Suite when context-aware access is deployed.
How to get started
Additional details
Fundamental desktop management provides device information without apps or agents When fundamental device management is enabled, the admin will get information about a limited set of device properties: device type, device model, OS version, first sync, and last sync.
This will be visible in two places in the Admin console:
- The devices list found at Admin console > Device management > Devices > Endpoints.
- The audit section found at Admin console > Reporting > Audit > Devices.
Information about devices with fundamental device management will be listed alongside devices that use other agents to provide admins with details about devices accessing corporate data. Admins can filter the endpoint list by “Management Type” to see devices with a specific device management type, such as fundamental,
endpoint verification, or
Drive File Stream.
You can filter for “Fundamental” managed devices at Admin console > Device management > Devices
A device page with information provided through fundamental device management
Limitations of fundamental device management and other endpoint verification options Fundamental device management is designed to be an agentless, lightweight information collection tool. Its goal is to provide a basic data set, which can help admins make some decisions and add some controls to devices accessing their data.
Google provides other services, which offer more detailed data and enable more comprehensive controls to admins, including
endpoint verification,
Chrome device management,
Drive File Stream, and
Google Mobile Management.
New Endpoint Verification filter helps deploy Endpoint Verification and Context-Aware AccessWe’re also adding the ability to filter for devices without
endpoint verification in the device list at
Admin console > Device management > Devices. This can help admins to identify devices which are accessing corporate data without endpoint verification, and see if they’d like to install endpoint verification on any of them. This can also improve the deployment of
Context-Aware Access, which relies on Endpoint Verification. By seeing users and devices without Endpoint Verification installed, admins can identify and avoid potential user disruption before turning on Context-Aware Access.
Helpful links
Availability
Rollout details - Rapid and Scheduled Release domains:
- Extended rollout (longer than 15 days for feature visibility) starting on October 29, 2019.
- Rollout may not reach all domains until the end of 2020.
- When it reaches your domain, you’ll see the banner pictures below, and there will be a new “Management Type > Fundamental” filter option available in the endpoint devices list.
When the rollout reaches your domain, you’ll see this banner when you go to Admin console > Device management > Devices
When the rollout reaches your domain, you’ll see the “Fundamental” management type filter option at Admin Console > Device Management > Devices.
G Suite editions Available to all G Suite editions.
On/off by default? This feature will be enabled by default.
Stay up to date with G Suite launches