As an administrator who uses Windows device management, if you have problems managing Windows devices, you can try the following solutions.
Have an issue with Google Credential Provider for Windows (GCPW)? See Troubleshoot Google Credential Provider for Windows
Fix common Windows 10 and 11 device management issues
Before you begin: Make sure you complete all the setup steps.
Can't manually enroll a deviceIf you get an error when you try to manually enroll a device, check the following possible causes:
- Is Windows device management enabled? For details, go to Enable Windows device management.
- Does the account you’re trying to enroll have a Google Workspace or Cloud Identity license that supports Windows device management? To review which license a user has, open their user details in the Admin console.
If you configure Windows settings in your Admin console but the policies don't seem to apply to one or more devices, the device might not be enrolled in Windows device management, the policy might not be synced to the device, or the policy isn't configured correctly.
To troubleshoot these issues:
- Confirm that the device is enrolled in Windows device management. In your Admin console, go to the Endpoints list, find the device, and confirm that its management type is reported as Enhanced desktop security. For instructions, see View laptop and desktop device details.
If the device isn't enrolled:
- Enable Windows device management for the user's organizational unit.
- If your organization doesn't use GCPW, enroll the device.
- Confirm that the policy synced to the device. In your Admin console, go the the Devices audit log. For instructions, see Devices audit log.
To find the specific device and policy, add some or all of the following filters:
- Device ID—Enter the device's ID
- Event name—Enter Advanced Policy Sync event
- Policy name—Enter the OMA-URI of the policy
The Event Description column contains details about if applying the policy succeeded or failed.
If the policy isn't synced to the device:
- Confirm that the policy is applied to the user's organizational unit. For instructions, see Apply Windows settings.
- For custom settings, confirm that the policy is configured correctly and applied to the user's organizational unit. For instructions, see Edit a custom setting.
The Windows event logs provide detailed log information. To export the logs:
- On the Windows device, open Event Viewer by one of the following methods:
- From the Windows Start menu, click Windows Administrative ToolsEvent Viewer.
- From the Windows Start menu, click Run. In the Run box, enter eventvwr.msc and press Enter.
- In Event Viewer, click Windows logsApplication.
All application events load, which can take a minute.
- Click Filter Current Log.
- Click Event sources and select the following sources:
- Device Management-Enterprise-Diagnostics-Provider
- GCPW (if you use GCPW)
- Click OK. The event list refreshes with only the events relevant to enhanced desktop security for Windows.
- Click Save All Events As.
- For File name, enter a name that includes the log type and the server it was exported from.
- For Save as type, select CSV (comma separated values).
- Click Save.
More help
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.