block/remove windows/Mac Devices

[blessing saw]

How can I block windows/mac devices with deviceID on my GAM 7.22.07 .

I noted that If I need Windows device block/unblock, I need GAMADV-XTD3 but I also saw that GAMADV-XTD3 has been replaced with GAM7 . 

[blessing saw]

I tried with 

`gam update device 74ce097e-6f99-42d2-bce8-5eb6308c4963 action block`

and the error is 

`ERROR: Invalid choice (block): Expected <cancelwipe|wipe>`

[Ross Scroggs]

You block device users, not devices.

See: https://github.com/GAM-team/GAM/wiki/Cloud-Identity-Devices#approve-or-block-device-users

gam info device 74ce097e-6f99-42d2-bce8-5eb6308c4963

Get the Device User value from the output

gam block deviceuser /devices/74ce097e-6f99-42d2-bce8-5eb6308c4963/deviceUsers/5b138017-1234-5668-81ee-142bf4feb909

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/b47f3c63-a307-4ea2-8e09-29b7ad24f033n%40googlegroups.com.

[Jay Lee]

Note that block does not work for these desktop OS devices the way it does for mobile Android/iOS devices. To really block a given device's data access to Wrokspace you need to create a context aware access level and assign it to the service:

https://support.google.com/a/answer/7543044?hl=en#:~:text=block%20devices.-,Endpoint%20verification,-Approved%20by%20default

Jay Lee

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/A58BBC5C-4031-4CE8-B3C2-3164E77998DA%40gmail.com.

[blessing saw]

I need to block devices, not users, since the use case here is that users may have multiple devices and only those registered with us should be allowed. There should at least be an option to issue a delete device command, as the option is already visible on the UI.

[Jay Lee]

Yes, and blocking a desktop device doesn't actually do anything unless you have a CAA access level in place.

Jay Lee

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/debedd4a-b3db-44d7-8c07-88f05d59a944n%40googlegroups.com.

[The waiting]

Hi Jay,

Yes, I have already set up the CAA access level. My current goal is to block the previous devices that had access to the workspace.

You received this message because you are subscribed to a topic in the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apps-manager/-GEwn9gWHwA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apps-man...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_AQVeRfv2LTqwQUnMrky%2B2HGBQPDCxqDtNnwny4Tirrg%40mail.gmail.com.

[Ross Scroggs]

See: https://github.com/GAM-team/GAM/wiki/Mobile-Devices#manage-mobile-devices

You will use the Device Resource ID in the command.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

On Sep 30, 2025, at 3:54 PM, The waiting <hope.ne...@gmail.com> wrote:

Hi Jay,

Yes, I have already set up the CAA access level. My current goal is to block the previous devices that had access to the workspace.

On Wed, Oct 1, 2025 at 6:43 AM Jay Lee <jay...@gmail.com> wrote:

Yes, and blocking a desktop device doesn't actually do anything unless you have a CAA access level in place.

Jay Lee

On Tue, Sep 30, 2025, 6:32 PM blessing saw <hope.ne...@gmail.com> wrote:

I need to block devices, not users, since the use case here is that users may have multiple devices and only those registered with us should be allowed. There should at least be an option to issue a delete device command, as the option is already visible on the UI.<Screenshot 2025-09-30 at 6.59.28 AM.png>

To view this discussion visit https://groups.google.com/d/msgid/google-apps-manager/CAJDoNbH8rYDfT5vCKT%2BEMQqKVZ4CtMgSNHkMVK81MBL-k0v10g%40mail.gmail.com.