We are trying to make use of the Endpoint Management features of Google Workspace (Business Plus tier), with Windows devices using device management and GCPW, and macOS and Linux devices using Endpoint Verification. These are managing to collect device data quite well.

However, both the Windows and macOS devices are showing up with what looks like multiple entries per device in the device list. The Windows devices have one entry with all of "Managed by
Endpoint verification, Drive for desktop, Enhanced desktop security, GCPW" listed then several for the same device listed as "Managed by Fundamental" with very little information. All the device entries have different Device IDs.

MacOS devices are similar, they have one "Managed by Endpoint Verification" an several "Managed by Fundamental".

In both cases this happens even with an entry in the "Company-owned inventory" against their serial numbers. We can see login events in the User logs (often hours after they happen) that correspond to what we think are the events linked to these entries, but all we have are IP addresses, which behind NAT don't help much to track this down. We can't find where these other Device IDs are on the devices.

Given the Device approval system can't block devices without Context Aware Access (Enterprise tier) we end up with triple the device number we should have due to all these "Managed by Fundamental" devices appearing. Our best guess is that they are other applications on the same devices connecting to Google services?

Is there any way to unify these entries? How on earth do you keep track of logins from random devices given all these extra entries and only a NATed IP address to go by in the logs? How else can we do this?