February 02, 2023
10 Things Google Admins Should Be Able to Do with Workspace for Education Plus
Google Workspace for Education provides academic institutions with a suite of productivity, communication, and collaboration tools that are intuitive, reliable, and secure.
1. Automate Licensing Delegation
After purchasing Education Plus licenses, you will need to decide how to license users since it is not a site license. Google Admins do not have to manually assign them to domain users but can automate license delegation by turning on the setting in the Google Admin console.
- Navigate to Billing > License settings.
- Select the service for license assignment.
- Click Off.
- Select On.
- Click Save.
Once enabled, Google Admins can bulk assign licenses to every user in their Google Workspace domain. This is only effective if you have an OU structure that has suspended, and active users separated. Otherwise, the licenses will also be applied to suspended users in the OU. Additionally, when you suspend users, without an automated process you will have to move the suspended user to a suspended OU and also remove the license.
CDW Amplified for Education recommends not using Google’s auto-assign feature but using GCDS (if you are already using it for user provisioning), GAM, or if you purchased through CDW Amplified for Education – our free licensing tool. More on the options can be found in this post.
2. Pivot from Alert Center to Investigation Tool
With Education Plus, the Alert Center becomes more actionable because of the ability to pivot to the Investigation Tool. Prior to assigning Education Plus licenses, there was not an easy way to review logs beyond the Admin logs, reviewing Vault, or asking an end-user. With the Investigation Tool, Google Admins can not only view the potential threat but mitigate it as well.
3. Investigate Various Data Sources to Take Action
Google Admins work to prevent security attacks and to mitigate breaches if hackers or viruses find their way around the firewall. Education Plus allows for investigating a user’s actions across data sources. If, for example, a user’s account is compromised, Google Admins can search one data source, like Gmail log events, and then pivot to search another, like Drive log events, from that user’s account.
To investigate a user across data sources after completing the first search:
- In the search results, hover over the user in the Sender column.
- Hover over an item in the search results and click the pivot button to open the menu options.
- Click Drive log events > Actor. This opens a new search page where Drive log events are the data source, and where a condition is included with the same actor.
- Click SEARCH.
- View and export the search results.
4. Share Your Findings in an Investigation
Education Plus allows Google Admins to share their Investigation Tool findings with another Super Admin. This saves time and resources because teams can access and view the same query without having to recreate it.
5. Analyze Dashboard for Trends Across Your Domain and Customize Dashboard Experience
An effective way for Google Admins to monitor their institution’s domain security is to monitor the security dashboard. The security report panel displays data that can be used to keep track of domain trends.
To view the dashboard:
- Navigate to Security>Dashboard.
- Click View Report in the bottom-right corner of any panel to see additional details about the report.
For Google Admins who want to focus on the most important panels, Education Plus allows them to customize their dashboard experience. By clicking Customize dashboard, located in the upper-right corner, they can Add widgets to add charts by clicking+ or hide charts by clicking–. While in edit mode, Google Admins can also reorder charts by moving them up or down or shifting them to another column.
6. Create Activity Rules to Alert Admins to Potential Risks
No effective security system is complete without an alert for transpiring attacks or automated remediations. With Google Workspace for Education Plus, Google Admins can create activity rules that help detect, prevent, and mitigate security issues. These rules can be configured to send an alert or to take action based on searches in the Investigation tool.
To create a rule from an Investigation tool search:
- Navigate to Security>Investigation tool.
- Choose a data source for the search (ex. Device log events, Gmail log events etc.)
- Click ADD CONDITION.
- From the menu, select Create activity rule.
- Define the rule by typing a Rule name and a Rule description.
- Click, VIEW CONDITIONS to review the configured search or to continue making changes.
- Click ADD ACTIONS to delegate a time period and a threshold for the rule.
- After this, decide if there should be an alert triggered in the alert center and who the alert should go to by checking All super administrators or by clicking ADD RECIPIENTS.
- REVIEW the rule status before clicking CREATE RULE.
7. Review How Files Are Being Shared Across the Domain with the File Exposure Report
One way Google Admins keep institutional data and information safe is by monitoring internal and external file sharing. On the security dashboard, there is a File Exposure report that examines:
- The different types of file sharing methods and which shared files have been viewed frequently: At the bottom half of the File Exposure report page, view a table that lists the top viewed files that were shared from your domain (this table is displayed by default when the File Exposure report is open). The table lists the file names, the top viewed files, the sharing method, and the owners of the files. Click EXPORT to export all information in the table. By default, the table displays data for the time range specified at the top of the page, but the top viewed files can be displayed for just one date by clicking that date in the line graph.
- Which outside domains the files have been shared to: Navigate to Security>Dashboard>File exposure and select DOMAINS. From there, Google Admins can see a list of domain names, a list of the number of files that were shared to that domain, and they can export a spreadsheet of files that were shared.
- Which DLP rules have been triggered: DLP prevents users from sharing sensitive content within Google Drive files outside the company domain by scanning Drive files and creating policy-based actions that can be triggered when any sensitive content is detected. Available actions include sending an email to super administrators, sending an email to the user who created, edited, or uploaded a file with sensitive content, or blocking sharing of any file with sensitive content.
8. Export Your Logs Using BigQuery, Extending Their Retention Beyond the 180 Days
The Google Admin console, like many other tools with data retention, only maintains data logs for 30 to 180 days. With Google Workspace for Education Plus, Google Admins can collect multiple data logs and export them to the Google Cloud platform so they can be kept longer than the Admin console permits with BigQuery.
To create a BigQuery project begin exporting data by going to Reports > Audits and then select BigQuery Export. Data will be exported into two tables: Activity and Usage. The Activity table reports on user actions, such as login, Drive sharing or Meet participation and the Usage table, on the other hand, contains aggregate data on things like Drive storage usage per user, teacher posting frequency in Classroom, or number of Meets organized by a user.
9. Use Context-Aware Access to Create Granular Access Control Policies
With Context-Aware Access, Google Admins can create control policies to delegate which users have access to which apps based on attributes such as identity, location, device security status, and IP address. Use cases include wanting to:
- Allow access to apps only from institution-issued devices
- Allow access to Drive only if a user storage device is encrypted
- Restrict access to apps from outside the institution’s network
10. Set Up Your Gmail Security Sandbox
Google Workspace for Education Plus gives Google Admins access to the Security Sandbox, which can scan email attachments from inside and outside the institution’s domain. Google Admins can determine when attachments are scanned by setting up Gmail to scan all supported attachment types, setting up rules to specify which attachments are scanned, or setting up content compliance rules to manage suspicious files. Attachments identified as security threats are then sent to the recipient’s spam folder.
Make teaching more efficient, elevate the student experience, and keep information and data secure at your institution by purchasing or upgrading to Google Workspace for Education Plus.