01 Google Workspace For Education

Proprietary + Confidential

Data loss prevention (DLP) Rules (1/2) Storage and Security
Controls
DLP for Gmail and Drive: DLP Incident Management dashboard:
Protect sensitive company data by Simple deployment:
preventing users from sharing outside the Get alert delivery options and integration With role-based access, predefined
organisation with policy investigation tools content detectors, and policy exports for
admins

● Block or warn on external access ● Dry Run” for your data protection rules ● Roles-based access for administrators -
● DLP templates utilising predefined ● New alert delivery options Assign delegated admins for DLP functions in
● Detailed incident reports the Admin console. Learn more.
content detectors ● Integration with policy investigation tool
● Sends an email to super admins when a user ● Predefined content detectors - Use 90+
predefined content detectors to help expand
creates, edits, or uploads a file with coverage and better manage policy violations
sensitive content.
● Custom rules with keywords and regular ● Policy exports - Download a copy of
expressions DLP policies
● Optical Character Recognition (OCR)
● Nested conditions with AND, OR, and NOT ● Flexibility for scoping policies - Scope DLP
● Volume-based detection policies to include or exclude specific groups
● Finer detection thresholds or OUs

Data loss prevention (DLP) Rules (2/2) Proprietary + Confidential

Prevent data leaks on Mobile Devices: DLP Incident Management dashboard: Storage and Security
Mobile Device data protection Controls
Admin setting for IRM in the DLP rule
creation workflow Simple deployment:
Create granular access control policies to
apps based on attributes such as user
identity, device security status, and IP
address

● Restrict copy and paste on data belonging to ● Users will see new notifications on ● Get visibility into a user’s devices accessing
Google Workspace accounts to other accounts. affected files Workspace apps, and deploy endpoint
This can prevent corporate data from being verification to learn more about
exfiltrated to personal accounts device attributes

● Restrict the ability for users to drag and drop ● Use device context to enable continuous
files from specific apps within their Google secure access to GWS from personal laptops
Workspace account
● Enable secure sign-in to SAML apps like
Salesforce from personal laptops for
select employees

● Automatically restrict the ability to download,
print, and copy sensitive documents through
data loss prevention (DLP) rules

Google Vault - Introduction Proprietary + Confidential

● Data retention and eDiscovery for Google Workspace Storage and Security
● Protect data and stay covered Controls
● Retrieve valuable information even from suspended accounts
● Provide legal team what they need to be prepared
● Allows data preservation from specific Google Workspace apps

Google Vault - Supported data types Proprietary + Confidential

Storage and Security
Controls

Service Manage retention Hold Search and export
Gmail Available Available Available
Groups Available Available Available
*Drive (supported file types) Available Available Available
Google Chat (with history on) Available Available Available
Classic Hangouts (with history on) Covered by retention on Google
Google Meet Chat Covered by holds on Google Chat Use Gmail search and export
Available
Covered by Use Drive
holds on Drive search and export

Proprietary + Confidential

Enterprise device and fundamental endpoint management Identity Management

Including Windows

Device management and control device: Password Vaulting: Secured LDAP service:
With fundamental desktop management get
more control over all desktop devices which Single sign-on for apps that don’t support Simple and secure way to connect LDAP-
are automatically enabled, meaning modern authentication standards like SAML based application and services to Google
employees don’t have to install agents or and OIDC. The combination of standards- Workspace/Cloud Identity
profiles on Mac, Windows, Chrome and Linux based and password-vaulted app support
devices. will deliver one of the largest SSO app
catalogs in the industry

● Monitor corporate data access in a single ● Securely manage credentials in a single space, ● Manage LDAP clients from the LDAP page in
dashboard enable access to shared credentials the Google Admin console

● Remotely sign out from stolen or lost devices ● Manage access based on group membership ● Connect LDAP-based apps/services to Google
● Multi-user management on single device ● Generate insights on credentials usage Workspace or Cloud Identity
● Admin task no longer needs connecting with

corporate network

Security and application management Proprietary + Confidential
Advanced endpoint and
Set password requirements for device management
managed mobile devices
Apply universal settings for
Set the type of mobile management and mobile devices and endpointS
password requirements for mobile devices in
Set the type of mobile management and
your organisation and enforce security password requirements for mobile devices in
policies, such as data access methods, your organisation and enforce security
encryption, device approval, and strong policies, such as data access methods,
encryption, device approval, and strong
passwords passwords

Apply settings for Android Manage mobile apps for your
mobile devices organisation

Control how users access and interact with Control which apps Android and iOS device
their Android device by applying policy users can find and install for work or school
settings by adding them to the Web and mobile app
list in the Google Admin console. Add public
apps—such as third-party apps for security,
business, and document management—and
private Android apps

Device Management Proprietary + Confidential
Advanced endpoint and
Maintain devices inventory to track details such as device type and who the device is assigned to device management

Generate detailed reports: information on attributes like device type and operating system), device security, user
information, and installed apps.

Configure Approve Block Remotely wipe device

● iOS: Integrate Apple ● Auto approvals ● Approve, block, unblock, ● Remove corporate data
Business Manager with ● iPhones and iPads access or delete a device from a through Google
admin console to directly Admin console
push configurations from wifi network with pending
Google endpoint approval ● Depending on the device
management ● For endpoint verification platform, admin can wipe
devices, users can access user’s work account,
● Zero touch android Google data before profile, or opt ‘factory
enrollment: configure approvals unless reset’
online with pre enforced specifically restricted
organization’s policies through Context-Aware ● Users can access data vua
Access policy sign on computer, a web
browser, or authorized
device

Enterprise endpoint and device management Proprietary + Confidential
Enterprise endpoint and
Apply settings for iOS devices device management

Decide how people use their work account Selectively distribute mobile
on managed iPhones and iPads apps

Add company owned devices Distribute an app to some people in your
to the inventory organisation with different app settings to
different people
Keep an inventory of the computers and
mobile devices your company owns to track Get a report of inactive
company devices
details
Get a monthly report of unused company-
owned Android devices that haven’t
synchronised any work data in the last 30
days

Feedback! We wanna hear from you!

https://forms.gle/bbxnqXeEpDHw4yuP8