GAT Shield can now collect the serial number from the Chrome OS based device it is deployed to. To enable this feature we need to configure some additional features in G-Suite Chrome management console.
Ensure all devices are enrolled on your domain. You have probably already done this, but if not you should be aware that this will not work for devices not currently enrolled.
Ensure GAT Shield is deployed as outlined here.
In your G-Suite Admin Console select Device Management, Chrome Management, Device Settings. There select the root OU, or if you only wish to use this feature on a sub-OU, select the sub-OU. Once there configure the settings as shown in the screenshot below.
For ‘Verified Access’ set it to ‘Enable for Enterprise Extensions’ and ‘Enable for Content Protection’ and in addition add the following as the verified service account.
Remember to ‘Save’ when configured.
Next return to Device management, Chrome Management, and select App Management. Once there, search for the following App
And add it to your list of Apps. Save when done.
Once the App is installed, double click on the listing for the new app, GAT ‘Shield Verifier’.
Select the ‘User settings’ and set the switches as shown below.
Save as requested.
GAT Shield will now start reporting the device serial number in the Shield ‘User/Device Geo Reporting’ section of the GAT Shield tool. This will show active and inactive devices by serial number, showing last known IP address, time used, geolocation and user.