This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Rolling out Context Aware

Posted on 06-23-2021 09:28 AM
davidgallant
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Do folks have stories about rolling out Context Aware to existing deployments of Google devices? There doesn't seem to be a great way to just turn this on with alerting, and not blocking devices as we ensure 100% of our devices are identified properly so we are rolling out in smaller groups.

Thanks in advance

Solved Solved
0 6 401
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
kim_nilsson
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

If I remember correctly, @brian_kim has started looking into CAA. Maybe  even @stevelarsen & @dominik ?

View solution in original post

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dominik
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

I am curious as to what your reason for a phased roll out is.

You could go and allow/approve all existing devices and then turn it on as to then go and notify / email users about existing devices that don't comply to your settings. 

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
kim_nilsson
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

If I remember correctly, @brian_kim has started looking into CAA. Maybe  even @stevelarsen & @dominik ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dominik
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

I am curious as to what your reason for a phased roll out is.

You could go and allow/approve all existing devices and then turn it on as to then go and notify / email users about existing devices that don't comply to your settings. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidgallant
Bronze 1
Bronze 1
In response to dominik
Reply posted on --/--/---- --:-- AM

We basically need a way to turn on all of the Google Apps for alerting, but not blocking.

Right now we add one OU at a time, and find edge scenario's for computers which are not marked as company owned. We already did a few passes at our purchasing receipts, and 3rd party asset tracking system, but there are still devices which we miss. We also do not want to accidentally enroll employee purchased systems

Jump to Solution

Posted on --/--/---- --:-- AM
dominik
Silver 2
Silver 2
In response to davidgallant
Reply posted on --/--/---- --:-- AM

I understand.  In this case your approach is probably a pretty good one. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
brian_kim
Silver 2
Silver 2
In response to davidgallant
Reply posted on --/--/---- --:-- AM

sounds like you are definitely on the right track in terms of google's recommendation of following the steps of discover, remediate, and enforce. two tools you can leverage here which may help with reporting (endpoint verification extension and chrome browser cloud management). you can validate that the user has a company owned associated with them which reported last activity within x hours/days (should be possible using GAM?) it may help remove some of ambiguities you may have.
https://support.google.com/a/answer/9275380

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davidgallant
Bronze 1
Bronze 1
In response to brian_kim
Reply posted on --/--/---- --:-- AM

@brian_kim Thanks for sharing all of this. We use the endpoint verification extension as one of our rules. We really need some changes to CA instead of tinkering with GAM, from what it sounds like. 

We are a ChromeOS shop, so it should be easier for us.

Thanks again

Jump to Solution
0 Likes
Top Labels in this Space