Configuring the Geolocation setting

Configure the Geolocation setting to control whether public IP addresses are used to determine your devices' primary location when other geolocation technologies (Wi-Fi, OS Location) are unavailable or invalid.

Note that locations based on a device's public IP address are typically accurate at the country and region level only; locations within a city are less reliable. Location accuracy may also be negatively impacted by VPNs, proxies, and the location of the device's Internet Service Provider (ISP).

Learn more about geolocation technologies

Configuration of the Geolocation setting has the following effect:

When the setting is...	The following conditions apply...
Enabled	When a device's location changes by more than 100 meters, but Wi-Fi andOS locations are unavailable or invalid: The device's IP location is reported as its Last known location in Device Details. A Public IP location updated event is logged to Event History. The device's IP location is reported as its primary location on the History page in the device's Device Details. Note that the location is resolved to the city-level only; street addresses are not available. As a result, the map is not shown. In device reports, the following columns show a icon to indicate that the location is based on the device's public IP address and its accuracy may be low: Device Location > City Device Location > State/Province Device Location > Country On the Location History page in the device's Device Details, IP locations show a icon and a city-level location in the timeline, but a location marker is not shown on the map. When a device's location changes by more than 100 meters, and a Wi-Fi or OS location is available and valid: The device's Wi-Fi or OS location is reported as its Last known location in Device Details. A Device location updated event is logged to Event History. On the History page in Device Details, the device's primary location is resolved to a street address, and a location marker shows on the map. IP location may be reported as a secondary location, but a location marker is not shown on the map. The Include IP locations checkbox is available for selection when you're creating a rule based on device location. Note that if you select this option, and an IP location change triggers the rule, the map in the email notification does not contain a marker. Enabling the Geolocation setting option may increase the number of false alerts generated by rules based on device location.
Disabled (default configuration for new accounts)	Wi-Fi (if available) and OS Location are used to determine a device's primary location. When a device's location changes by more than 100 meters: The device's Wi-Fi or OS location is reported as its Last known location in Device Details. A Device location updated event is logged to Event History. Public IP location updated events are never logged. On the History page in Device Details, the device's primary location is resolved to a street address, and a location marker shows on the map. IP location may be reported as a secondary location, but a location marker is not shown on the map. The Include IP locations checkbox is not available for selection when you're creating a rule based on device location. Note that if the Include IP locations option was enabled in an existing Action rule, it is disabled and removed when the Geolocation setting is disabled.

When the setting is...

The following conditions apply...

Enabled

When a device's location changes by more than 100 meters, but Wi-Fi andOS locations are unavailable or invalid:
- The device's IP location is reported as its Last known location in Device Details.
- A Public IP location updated event is logged to Event History.
- The device's IP location is reported as its primary location on the History page in the device's Device Details. Note that the location is resolved to the city-level only; street addresses are not available. As a result, the map is not shown.
- In device reports, the following columns show a icon to indicate that the location is based on the device's public IP address and its accuracy may be low:
- On the Location History page in the device's Device Details, IP locations show a icon and a city-level location in the timeline, but a location marker is not shown on the map.
When a device's location changes by more than 100 meters, and a Wi-Fi or OS location is available and valid:
- The device's Wi-Fi or OS location is reported as its Last known location in Device Details.
- A Device location updated event is logged to Event History.
- On the History page in Device Details, the device's primary location is resolved to a street address, and a location marker shows on the map. IP location may be reported as a secondary location, but a location marker is not shown on the map.
The Include IP locations checkbox is available for selection when you're creating a rule based on device location. Note that if you select this option, and an IP location change triggers the rule, the map in the email notification does not contain a marker.

Enabling the Geolocation setting option may increase the number of false alerts generated by rules based on device location.

Disabled

(default configuration for new accounts)

Wi-Fi (if available) and OS Location are used to determine a device's primary location.
When a device's location changes by more than 100 meters:
- The device's Wi-Fi or OS location is reported as its Last known location in Device Details.
- A Device location updated event is logged to Event History. Public IP location updated events are never logged.
- On the History page in Device Details, the device's primary location is resolved to a street address, and a location marker shows on the map. IP location may be reported as a secondary location, but a location marker is not shown on the map.

The Include IP locations checkbox is not available for selection when you're creating a rule based on device location. Note that if the Include IP locations option was enabled in an existing Action rule, it is disabled and removed when the Geolocation setting is disabled.

If your devices predominantly use a wired network connection, and you want to track their location, it is best practice to enable the Geolocation setting.

To configure the Geolocation setting:

Log in to the Secure Endpoint Console with the Manage permission for Geolocation. Only System Administrators are granted this permission by default.
On the navigation bar, click Settings > Account settings.
Under Geolocation, do one of the following:
- To use IP Location to determine a device's primary location, click the slider to set it to On, and then click Enable in the dialog that opens.
- To not use IP Location to determine a device's primary location, click the slider to set it to Off, and then click Disable in the dialog that opens.
  
  Disabling the setting does not remove historical IP location data. All IP locations reported on each device's Location History page are retained, as are the Public IP location updated events logged to Event History.

The setting is updated and a Geolocation setting updated event is logged to Event History.