Your sales team, which is organized as its own organizational unit, is prone to receiving malicious attachments. What action should you take, as an administrator, to apply an additional layer of protection in the admin console for your sales team without disrupting business operation?
Access Admin Console: Log in to the Google Admin console.
Navigate to Security Settings: Go to Security > Sandbox.
Configure Security Sandbox: Enable the security sandbox feature and apply it to the sales team's organizational unit.
Policy Setup: Configure policies to ensure that email attachments received by the sales team are automatically analyzed in the security sandbox.
Monitor and Review: Regularly monitor the sandbox reports and adjust the settings as needed to maintain protection without disrupting business operations.
Google Workspace Admin Help - Security Sandbox
Google Workspace Admin Help - Advanced Phishing and Malware Protection
Your organization is expected to start using Google Workspace Enterprise Standard in several countries. During the planning phase, the change management leadership team mandates that meeting rooms near each participant's office location should be suggested when someone creates a Google Calendar event, to simplify the user experience and avoid booking rooms when people would not be able to move easily. What should you do?
Navigate to Google Admin Console: Go to admin.google.com and sign in with your admin account.
Access Buildings and Resources: In the Admin console, go to Menu > Directory > Buildings and resources.
Create Buildings and Rooms: Create buildings and define floors and sections within these buildings. Each building should represent an office location.
Set Users' Work Locations: Assign building ID, floor name, and floor section to users. This can be done manually for each user or in bulk using a CSV file upload.
Configure Calendar Settings: Ensure that the Google Calendar settings are configured to suggest nearby meeting rooms based on users' work locations.
This setup allows Google Calendar to suggest meeting rooms near the users' defined work locations, improving the user experience and avoiding the booking of inconvenient rooms.
Reference
Manage buildings, features & resources
Set up work locations
A user reached out to the IT department about a Google Group that they own: info@company.com. The group is receiving mail, and each message is also delivered directly to the user's Gmail inbox. The user wants to be able to reply to messages directly from Gmail and have them sent on behalf of the group, not their individual account. Currently, their replies come from their individual account. What would you instruct the user to do?
Send from Group Email:
To send emails on behalf of a group, users must add the group's email address to their Gmail account and verify access.
This allows them to select the group email as the sender when composing or replying to messages.
Steps to Add Group Email:
The user should go to their Gmail settings by clicking the gear icon and selecting 'See all settings'.
Navigate to the 'Accounts and Import' tab.
Under 'Send mail as,' click 'Add another email address'.
Enter the group email address (info@company.com) and follow the verification process, which may involve receiving and entering a confirmation code.
Once verified, the user can select the group email address from the 'From' dropdown menu when composing or replying to messages.
Reference
Google Workspace Admin Help: Send Emails from a Group Alias
Your organization has a group of users who interact with sensitive information and their accounts contain valuable files You need to protect these users from targeted online attacks What should you do?
Understanding the Requirement:
The scenario involves a group of users who handle sensitive information and have valuable files in their accounts.
The goal is to protect these users from targeted online attacks.
Options Analysis:
Option A: Enable 2-Step Verification for those users and recommend they use Google Authenticator
2-Step Verification (2SV) enhances security by adding an extra layer of authentication. Google Authenticator is a reliable method, but it may not be sufficient against highly targeted attacks.
Option B: Enable 2-Step Verification for those users and recommend they use SMS codes
While SMS codes are a form of 2SV, they are considered less secure than other methods due to potential vulnerabilities like SIM swapping.
Option C: Disable password recovery for end users
Disabling password recovery can prevent unauthorized access through recovery options but does not provide active protection against targeted attacks.
Option D: Enroll all accounts for those users in the Advanced Protection Program
The Advanced Protection Program (APP) is designed specifically to protect users at high risk of targeted attacks. It includes strong measures such as requiring a physical security key for login, blocking unauthorized access attempts, and restricting access to sensitive data.
Recommended Solution:
Enrolling users in the Advanced Protection Program (APP):
Step 1: Identify High-Risk Users:
Identify users who handle sensitive information and have valuable files.
Step 2: Enroll in APP:
Go to the Google Admin console.
Navigate to the Security section and find the Advanced Protection Program.
Enroll the identified high-risk users in APP.
Step 3: Implement Security Keys:
Ensure users have security keys (e.g., Titan Security Keys) for login.
Guide users through the process of setting up and using security keys.
Step 4: User Education:
Educate users on the importance of APP and how it protects their accounts.
Provide training on recognizing phishing attempts and other security best practices.
Benefits of APP:
Enhanced Security:
APP provides the highest level of security for Google accounts, requiring security keys for authentication.
Protection Against Phishing:
Security keys are highly resistant to phishing attacks, which are common in targeted online attacks.
Limited Access:
APP restricts access to sensitive data, ensuring that only trusted apps and services can interact with the protected accounts.
Google Workspace Admin Help: Advanced Protection Program
Google Workspace Security: Advanced Protection Program
Google Security Blog: Advanced Protection Program
Your company has just acquired a new group of users. They have been provisioned into the Google Workspace environment with your primary domain as their primary email address. These new users still need to receive emails from their previous domain. What is the best way to achieve this for these new users, without updating the information of preexisting users?
To ensure new users receive emails from their previous domain without affecting existing users:
Add the acquired domain as a secondary domain to the primary Google Workspace domain.
Update the email information of all new users to include alias emails from the previous domain. This allows them to receive emails sent to their old addresses.
This method segregates the old and new user groups effectively and maintains the integrity of the email addresses.
Google Workspace Admin Help: Manage domains
