G Suite Business Free for 30 Days
Sign up for a Free 30 Day Trial of G Suite Business and get Free Admin support from Google Certified Deployment Specialists.
Enable Chrome user policies in the Admin console
Before you can set up and enforce policies, you'll need to turn the policy engine on in the G Suite Admin Console:
- In your Google Admin console (at admin.google.com)...
- Go to Devices > Chrome management.
- Click User & browser settings.
- Go to the Chrome Management for Signed-in Users section and change the setting to Apply all user policies when users sign into Chrome, and provide a managed Chrome experience.
- Click Save.
Force Users to log into Chrome
With policies enabled, you can require G Suite users to log in to Chrome:
- In your Google Admin console (at admin.google.com)...
- Go to Devices > Chrome management.
- Click User & browser settings.
- To apply the setting to all users and enrolled browsers, leave the top organizational unit selected. Otherwise, select a child organizational unit.
- Go to Sign-in settings.
- For Browser sign-in settings, select Force users to sign-in to use the browser.
- Click Save.
Use Chrome policies to block Gmail and other accounts
As an administrator, you might want to prevent users from signing in to Google services using any accounts other than those you provided them with. For example, you might not want them to use their personal Gmail accounts or a managed Google Account from another domain.
To only allow users from specific domains to access Google services:
- In your Google Admin console (at admin.google.com)...
- Go to Devices > Chrome management.
- Click User & browser settings.
- To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
- Go to User experience > Sign-in to secondary accounts.
- Select Allow users to sign-in only to the G Suite domains set below.
- (Optional) To see a list of your domains, click organization’s domains under the domain list box.
- Enter the list of all of your organization’s domains.
(If you don’t, your users might not have access to Google services.) - (Optional) To include other types of accounts, enter the following text in the list:
- For consumer Google Accounts, such as @gmail.com and @googlemail.com, add consumer_accounts.
- For authenticated service accounts, add gserviceaccounts.com.
- Click Save.
Turn Off Google Drive sync for your organization
Allowing users to synchronize work documents to their home computer presents a lot of risks. Require users to download specifically needed files or have them work directly in the browser to prevent malware from infecting the company files.
After you choose a sync solution, turn it on for your organization and decide whether users can see download links in the Drive interface.
- In your Google Admin console (at admin.google.com)...
- Go to Settings for Drive and Docs > Features and Applications.
- To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
You can select an organizational unit or group for this feature only if you have G Suite Enterprise, Business, Education, Nonprofits, or Drive Enterprise edition. (Compare G Suite editions.) - Disable Drive File Stream, Backup and Sync, both applications:
- Uncheck Allow Drive File Stream in your organization.
- Turn Backup and Sync off:
- Choose Do not allow Backup and Sync to disable the option and hide the download links.
Conclusion
These policies are just the tip of the iceberg on how you, as a G Suite Administrator, can protect your domain, users and organization while still providing the freedom to innovate from anywhere.
Do you have any G Suite security tips? Share them with me in the comments!