Trước đây, việc sử dụng Gmail luôn phụ thuộc vào kết nối mạng ổn định.…
G Suite: Control access to enterprise data on Chrome, Mac, Windows
What’s new:
Google is giving admins more control over how devices perform endpoint verification and how it affects access to business data across Google Cloud. Specifically, G Suite (Workspace) admins will be able to:
- Mark whether endpoint devices using Chrome are allowed or blocked – Admin can use tags to set access levels with Access Context Manager.
- Decide whether the admin needs to check again for new devices that require authentication, before they are actually marked as “allowed access”.
This will be a similar feature to what is already available in the mobile device manager on the desktop, using Chrome OS or Chrome browser.
Who’s impacted
Only admins are affected
Why you should use this feature
With the ability to restrict access to devices using endpoint authentication, admins can now have a tighter level of control, through managing access rights of devices. , not just mobile devices
Now, admins can view the list of devices accessing this data, and allow or block access to specific devices, based on any internal rules. For example: Lost devices will now be “blocked” and unable to access applications, or allow new users (or users with new positions) that need access to the application .
How to get started
- To set up policies and decide whether a newly registered device for authentication requires admin approval or not, go to Admin Console > Device management > Setup > Device Approvals > Device Approvals.
- Select (or deselect) Requires Admin approval. (The system initially defaults to not selecting this feature, meaning the admin will not need to view and evaluate each newly registered device.
- Besides, you can also choose to add an email address that specializes in receiving requests from users.
-
- Note: devices' access to corporate data can be adjusted at any time using Access Context Manager. For devices that are computers, the admin will have the option to Approve or Block - this option will highlight the corresponding devices in the Access Context Manager section.
- Agreeing or blocking actions on the device will generate an event that needs to be audited in the Admin console. For more detailed information about audit logs for devices, see here.
Additional details
This update allows you to control device access by authenticating endpoint devices. Including Chromebooks and other computing devices using Google Chrome Browser.
Mark authenticated endpoint devices as “Approval” or “Block” before setting access permissions
When a new device is registered through Endpoint Authentication, admins can enable access restriction in the Access Context manager. Here, they can manage device access rights by selecting “Approve” or “Block”.
Please see the image below to visualize this feature in the Admin console once it is available turn on go up.
If this feature is being turn off, devices will only be consented by default and may be blocked later. For example, if a device is lost or information has been taken.
Enable or disable access for individual devices
Admin can approve or remove device access rights in the Admin console. A brand new perspective Admin console > Device Management > Device Approvals will list all devices that are waiting to be approved. From this list, they can be marked as Deviced/Approved – once the devices have been marked, further access permissions can be adjusted in Access Context Manager.
Admin can also receive notification emails when a device is registered but requires admin permission. Visit the Help Center to learn more How to configure email notifications.
Helpful links
- Help Center (end users): Allows an admin to manage your computer (Endpoint Verification)
- Help Center (Admins): Enable or disable endpoint verification)
- Help Center (Admins): Control which devices have access to your data
- Help Center (Admins): Devices audit log.
Update: Gimasys