Chrome Enterprise Premium threat and data protection features are available only for customers who have purchased Chrome Enterprise Premium.
As an admin, you can use the Google Admin console to check for sensitive data or help protect your Chrome users from content that contains malware. You can also prevent certain files from being sent for analysis. You can then allow or block uploads and downloads for those unscanned files.
Where do Chrome Enterprise connector policies fit into Chrome Enterprise Premium?
To implement and use the entire set of Chrome Enterprise Premium protections, you need to:
- Set up Chrome Enterprise connector policies (described below).
- Set up data protection rules. For details, see Use Chrome Enterprise Premium to integrate DLP with Chrome.
- Set up activity alerts. For descriptions of alert types, go to View alert details.
Before you begin
- Set up Chrome Enterprise Core. For details, read Set up Chrome Enterprise Core.
- Chrome Enterprise Premium threat and data protection features are not supported in Incognito windows. For information about how to prevent users from opening new Incognito windows, read about the Incognito mode setting.
- (Recommended) Turn on Safe Browsing to help protect users from websites that might contain malware or phishing. Read about the Safe Browsing Protection Level setting.
- Sign up for Chrome Enterprise Premium. Go to the sign-up form.
Set policies
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
- For users and browsers:
For managed guest sessions:In the Admin console, go to Menu DevicesChromeSettings.
If you signed up for Chrome Enterprise Core, go to Menu Chrome browserSettings.
In the Admin console, go to Menu DevicesChromeSettingsManaged guest session settings. - Select your top-level organizational unit, so that all child organizations will inherit the policy.
- Scroll to Chrome Enterprise connectors.
- (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Premium threat and data protection for Chrome Enterprise.
- Configure Chrome Enterprise connectors settings. Click below for settings details, based on what type of content you want to send for analysis.
- Click Save.
Specifies the cloud service APIs that you want to use to report security events. To see these events, you need to set up Chrome security events. For information, see Manage Chrome Enterprise reporting connectors.
For details about how to view reports on the security dashboard, see:
Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.
Setting | Description |
---|---|
Delay file upload |
Choose an option:
|
Check for sensitive data |
Scan uploads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for uploading the data.
|
Check for malware |
Scan uploads for malware. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. |
File that won’t be sent for analysis |
Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:
|
Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.
Setting | Description |
---|---|
Delay file access | Choose an option:
|
Check for sensitive data |
Scan downloads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for downloading the data.
|
Check for malware |
Scan downloads for malware. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. |
File that won’t be sent for analysis |
Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:
|
[Optional] Apply download restrictions
You can use the DownloadRestrictions policy to prevent users from bypassing security warnings to download dangerous files. Or, prevent all downloads.
Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.
Setting | Description |
---|---|
Delay transfer | Choose an option:
|
Check for sensitive data |
Scan transfers for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome. Choose an option:
LocationsSpecify a list of file systems and whether transfers to or from those file systems should be checked. When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for transferring the data
|
Check for malware |
Scan transfers for malware. Choose an option:
LocationsSpecify a list of file systems and whether transfers to or from those file systems should be checked. |
File that won't be sent for analysis |
Some transferred content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:
|
Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.
Setting | Description |
---|---|
Delay text entry | Choose an option:
|
Check for sensitive data |
Scan bulk text for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for pasting the text.
|
Minimum character count |
Minimum number of characters, in bytes, required to send content for analysis. In general, one character is equal to one byte. However, there are some exceptions, such as emojis. |
Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.
Setting | Description |
---|---|
Delay printing | Choose an option:
|
Check for sensitive data |
Scan printed content for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome. Choose an option:
URL patternSpecify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format. When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for printing the sensitive data.
|
Printed content that won't be sent for analysis |
Some printed content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:
|
Choose the cloud service API to be used by Chrome for sending URLs to be scanned in real time to protect users against dangerous sites. We also recommend that you turn on Safe Browsing. For details about the Safe Browsing Protection Level setting, see Set Chrome policies for users or browsers.