On Google Apps Device Management options

personal wiki, photos, other stuff

On Google Apps Device Management options

19th February 2020 technical 0

Google Apps has a number of Device Management options which cover mobile phones, Chromebooks/Chromeboxes, Chrome Browsers installed on Windows/Mac OSX and Meeting Room Hardware. I will skip the meeting room hardware as I don’t know anywhere that uses these – they tend to just use a Chromebox instead,

  • Mobile Devices. This include both Android and iOS devices. If a device is logged into a Google account, it will be registered here. This include Google Mail, Calender, Chat, Meet, etc. If a user uses the OSX Mail app or a third party android mail app, it will not be registered here. There are two different types of management, this can be enabled on an OU basis.
    • Base Management: Allow account wipe, force PIN and force encryption. Suitable for personal device, not company owned ones. Can see basic machine info such as serial and OS.
    • Advanced Management: Allow full control over the device, accounts and applications. Set up a work account. Suitable for company owned devices. Can see a lot of detailed machine info.
  • Chrome Devices. This includes both Chromebooks and Chromeboxes. This requires a Device Management License for each machine which can be bought on either a yearly basis or a perpetual license. I can suggest Eclipse Digital Media in the UK as we have bought four licenses from them previously.. Once a license is purchased and the device is enrolled you can see the serial number of the machine (the serial cannot be retrieved without a license.
    • This is the equivalent of group policy for Chromebooks. Settings can be configured on user or device basis, things like setting proxy settings, changing a desktop background, forcing a logout…the options go on. I believe every domain has a 60 day trial limited to 100 machines, so you can try and see if it’s something you need. This is NOT REQUIRED for Chome browsers on a Mac or Windows machine though – this is a…
  • Managed Browsers. This is Chrome installed on a Mac, Windows, or Linux machine. They have to be enrolled via a management token and once done, policies can be pushed down much like Chrome Devices. The policy list is not as detailed as Chrome Devices but is still suitable for forcing some settings like proxy. It will show you plugins and policies applied to the machine, profiles logged in and the version of Chrome.
  • Endpoint Verification. This is a plugin which can be used to view device status as long as they are running a Chrome browser than is logged into your domain. It shows basic information on all devices – Chromebooks, Chromeboxes, Mac, Windows and Linux machines. It will not show serial numbers unless the device as a Device Management license assigned to it. It could be used in line with an asset management system (Spiceworks for one, I have found, has issues with scanning Chromebooks).

I personally consider “Mobile Devices” essential. Chrome Devices are essential if you have Chromebooks/Boxes. Managed browsers I’ve not really used but is nice to have. Endpoint Veritifcation provides a small sliver of info but is nigh useless.

Leave a Reply

Your email address will not be published. Required fields are marked *