Getting started with Geolocation Tracking policies

Depending on your Absolute product licenses and the configuration of your account, Geolocation Tracking policies may not be available.

Geolocation Tracking policies control the collection of geolocation information from your devices. Activate the Geolocation Tracking policy if you want to view up-to-date information about the geographical location of your devices in the Devices and Reports areas of the console.

Geolocation refers to the identification of the most recent geographic location of a device. The Secure Endpoint Agent can collect the geolocation of a device and report that information in the Secure Endpoint Console.

The agent can collect geolocation information using any of the following technologies:

The technologies are presented in priority order. For example, if Wi-Fi is available, it takes precedence over GPS and IP Location.

Supported on Windows and Mac devices.

Absolute uses Google Maps Geolocation to determine a device's location. This technology compares the Wi-Fi access points detected by the device with Google's extensive database of known access points and their locations. The device does not need to be connected to an access point for it to be detected. This technology is most effective in urban areas where access points are plentiful.

Limitations

Wi-Fi triangulation is a correlational tracking method based on the known location of Wi-Fi access points detected near a device. Typically, Wi-Fi triangulation provides a location accurate to within approximately 20 meters.

Note that if a device is in a country where Google Maps is prohibited, Wi-Fi cannot be used to resolve the device’s location.

Supported on select Windows devices only.

Absolute uses Windows Location Services to detect a device's GPS location.

For GPS locations to be detected, devices need to be equipped with a built-in GPS chipset, and GPS capability must be enabled. Windows Location Services does not natively support external GPS cards. For more information, see Microsoft documentation.

Limitations

The accuracy and availability of GPS depends on a number of environmental factors, such as how many satellites are in view, potential reflection of satellite signals from nearby objects, and atmospheric effects. GPS is far less reliable is urban areas if the device is surrounded by high-rises, or it is inside a metal-framed or concrete building.

In ideal conditions, GPS typically reports locations within 10 meters of the device's actual location.

Supported on Windows and Chromebook devices.

Windows

If the device's location can't be determined using Google Maps Wi-Fi Positioning or GPS, Windows Location Services can be used to locate the device. Note that for this technology, the availability and accuracy of a device's location depend on a number of factors, such as the location capabilities enabled on the device and the location service providers used by Microsoft. For more information, see Windows documentation.

Chromebooks

Google's Geolocation API uses the sensors enabled on a device to retrieve the device's current location. A sensor may provide location information based the device's IP address, or its position relative to nearby Wi-Fi access points or cell towers. The Geolocation API provides the most appropriate geolocation data from all available sources.

Note that locations based on Wi-Fi access points are typically accurate to within 30 meters and 500 meters of the actual location, while locations based on nearby cell towers are typically less reliable (between 300 and 5000 meters).

Supported on all devices.

Absolute uses the IP2Location™ geolocation service to find IP locations.

A device's current location is determined by querying the IP2Location database to match the device's IP address to a geographical location.

This technology is typically accurate at the country level, but device locations within a region or city are less reliable.

Note the following:

  • The accuracy of a reported location depends on the technology used. For example, while GPS locations can be quite accurate (within 10 meters), Wi-Fi locations can be less so (between 30 meters and 500 meters), while locations based on IP addresses may only be accurate at the country or region level.
  • The end users of a device may be able to disable a geolocation technology or turn off location services or settings. To collect location information, at least one of the supported technologies needs to be enabled on the device.

Each time a device uploads its location, it sends a payload containing data from all available geolocation technologies. Absolute then evaluates this data to determine if the device's location has changed and to ensure that the reported location is as accurate as possible.

In some cases, data may be ignored if a location is deemed to be invalid.

Example

A device's current Wi-Fi location is Los Angeles. Two hours later, it reports its Wi-Fi location is New York. Given that it's impossible to travel between these two cities in two hours, the new location is considered an anomaly and it is ignored. The device's primary location is not updated in the console.

To determine a device's primary location when more than one technology is available, the following priority order is applied:

  1. Wi-Fi

    If a Wi-Fi location is available and valid, it takes precedence over all other technologies and it is reported as the device's primary location.

  2. GPS (select Windows devices only)

    If a Wi-Fi location is not available or valid, a valid GPS location (if available) is reported as the device's primary location. If a Wi-Fi location is available, the GPS location is reported as a secondary location.

  3. OS Location

    • Windows: If a Wi-Fi or GPS location is not available or valid, a valid OS location (if available) is reported as the device's primary location. Note that it is never reported as a secondary location.
    • Chromebook: If an OS location is available and valid, it is reported as the Chromebook device's primary location.

  4. IP Location

    If no other technologies are available and valid, the IP Location is reported as the device's primary location. Otherwise, it is reported as a secondary location.

If none of the reported locations are valid, or location information is unavailable, the device's primary location is shown as Unknown.

If a valid location is less than 100 meters from its last reported location, the device's primary location is not updated, but its Last data received field is updated to the current date and time.

Regardless of the technology used to report a device's location change, the device's History page shows all available geolocation information, such as:

  • BSSID and SSID of each detected Wi-Fi access point (applies to Wi-Fi locations on Window and Mac devices only)
  • Detected public IP address
  • Distances between secondary locations and the primary location

When a device changes its location by more than 100 meters, the following events are logged to Event History, regardless of the geotechnology used:

  • Device location updated
  • Device entered a geofence (if applicable)
  • Device exited a geofence (if applicable)

To collect geolocation information about your devices and make it available in the Secure Endpoint Console the following requirements must be met:

  • Each device is running a supported version of the Windows, macOS, or Chrome OS operating system.
  • The Secure Endpoint Agent is regularly connecting to the Absolute Monitoring Center.

In addition, the following requirements must be met for each platform:

Platform Requirements

Windows

  • To detect a device's location, Location Services need to be enabled on the device in Settings > Privacy > Location. In addition:

    • To detect locations using Wi-Fi, the device's Wi-Fi network adapter must be enabled.

    • To detect locations using GPS, the device must be equipped with a built-in GPS chipset. External GPS cards are not supported.

Mac
  • To detect locations using Wi-Fi, the device's Wi-Fi network adapter must be enabled.

    Apple Core Location is not supported.
Chromebook
  • The device must be equipped with sensors that are supported by Google's Geolocation API.

The Geolocation (GEO) component of the Secure Endpoint Agent is responsible for collecting geolocation information. When you activate a Geolocation Tracking policy, the GEO component is activated on each device after its next successful connection to the Absolute Monitoring Center.

How frequently is geolocation information collected?

Geolocation information is collected at different intervals depending on a device's platform type:

Platform

Details

Windows
Mac

The Secure Endpoint Agent performs a daily scan of a device's current location and uploads the results to the Absolute Monitoring Center. Every two hours, it also performs a scheduled scan, but those results are uploaded only if the device's location has changed.

Triggered scans

In addition to the daily and scheduled scans, a scan is also triggered when any of the following events occur:

  • The device is restarted.
  • The detected public IP address, BSSID, or SSID changes.
  • A user logs in to the device. Note that a scan is not triggered when a device is unlocked, or when it wakes from sleep mode or hibernation.

If one or more of these events occur within a 15 minute period, only one scan result is uploaded. The results of a triggered scan are typically uploaded within the next 15 minutes, assuming the device is online.

Triggered scans impact a device's scan schedule. For example, if a triggered scan occurs 20 minutes prior to the next scheduled scan, the scheduled scan is reset to start two hours after the triggered scan.

Chromebook

The Secure Endpoint Agent performs a daily scan of a device's current location and uploads the results to the Absolute Monitoring Center. It also performs an hourly scan, but those results are uploaded only if the device's public IP address or location has changed.

Triggered scans

In addition to the daily and hourly scheduled scans, a scan is also triggered when a user logs in to the device. However, if a user logs in more than once within a 15 minute period, only one scan result is uploaded. Note that a scan is not triggered when a device is unlocked, or when it wakes from sleep mode or hibernation.

The results of a triggered scan are typically uploaded within the next 15 minutes, assuming the device is online.

Triggered scans impact a device's hourly scan schedule. For example, if a triggered scan occurs 20 minutes prior to the next scheduled scan, the scheduled scan is reset to start 60 minutes after the triggered scan.

To see when a device's location was last scanned (and the results uploaded), add the Geolocation Tracking > Last data received column to the page or report.

If a device changes its location by less than 100 meters, the Last data received value is updated but no location change event is logged to the Events page.

By default, the Global Policy Group includes a Geolocation Tracking policy, which is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups and activate each policy group's Geolocation Tracking policy, as required.

After you activate a Geolocation Tracking policy, the GEO component begins collecting location information for the devices associated with the applicable policy group. Within the next 24 hours, you can view the location of your active devices by doing the following:

Note that the location of offline devices won't be available until they come online and check in to the Absolute Monitoring Center.

After you activate a Geolocation Tracking policy, use the Rules feature to help you monitor your devices' location changes and keep the devices secure. Rules allow you to be notified if a device moves out of (or into) a geographical location, or an area defined by a geofence A boundary that defines the geographical area within which you allow (or disallow) your devices to reside..