Authorized Device Management

Before adding any new device to your trusted list, you need to submit a formal request. This helps IT maintain an accurate inventory and ensures devices meet security requirements. Information to include in your request: Device type (laptop, phone, tablet, etc.) Device make and model Operating system and version Device ownership (company-issued or personal/BYOD) Which systems you need to access from this device Business justification for the access For personal devices (BYOD): You will need to acknowledge the BYOD policy requirements, including allowing IT to remotely wipe company data if needed, and keeping the device updated with security patches.

IT Security needs to verify the device meets minimum security requirements before granting trusted status. This step protects the organization from vulnerable endpoints. Security checklist for the device: Operating system is a supported version (not end-of-life) Security patches are up to date (within 30 days) Antivirus/endpoint protection is installed and active Screen lock is enabled with reasonable timeout (5 minutes or less) Full disk encryption is enabled Device is not jailbroken or rooted For BYOD devices, also verify: User has signed the BYOD agreement Mobile device management (MDM) profile is installed if required Personal device meets the minimum OS version requirement Document any exceptions: If the device does not meet all requirements but access is still approved, document the exception and compensating controls.

Adding a device to your trusted list means you will not need to enter a verification code every time you sign in from that device. This saves time while still keeping your account secure. How to add a trusted device: Sign in on the computer or device you want to trust (make sure it is actually yours and not shared) Complete the 2-step verification process as normal When prompted, check the box that says "Do not ask again on this computer" or similar Verify the device appears in your account trusted device list Security reminders: Only trust devices you personally control - never shared workstations or public computers Make sure your device has a screen lock enabled before adding it as trusted Document which devices you have added so IT can track authorized endpoints

When a device is lost, stolen, sold, or no longer used, remove it from your trusted list immediately. This prevents unauthorized access if someone else gets their hands on that device. When to revoke device trust: Device was lost or stolen (do this immediately) You sold or gave away the device Employee is leaving the company Unusual login activity detected on your account As part of regular security hygiene (review quarterly) How to remove trusted devices (Google example): Go to your Google Account settings (you may need to sign in again) Navigate to Security > Signing in to Google Select 2-Step Verification Under "Devices you trust," click Revoke all or remove specific devices Confirm the revocation Note: After revoking, you will need to verify with a code the next time you sign in from any device. This is expected behavior - the security feature is working as intended.

After any device authorization change (adding or removing a device), update the central device inventory. This record is critical for security audits, incident response, and compliance reporting. Information to record for new devices: Device unique identifier (serial number or asset tag) Device type, make, and model Owner (employee name and ID) Authorization date Systems/applications the device can access Ownership type (company-issued or BYOD) Next review date (typically 12 months) For removed devices, update: Revocation date and reason Whether the device was company-issued (needs asset recovery) or personal Mark the device as inactive in the inventory Pro tip: Set a calendar reminder to review all device authorizations quarterly. Stale entries are a common audit finding.