Google extends G Suite identity and security device management to Windows 10 PCs
- 30 April, 2020 08:38
Google this week extended G Suite's device management tools to Windows 10 PCs, adding them to the Android, iOS and Chrome endpoints already on the list.
Administrators can now use the G Suite console to secure G Suite accounts on Windows 10 systems using Google's anti-hijacking and suspicious-login-detection technologies, and set those machines for single-sign on (SSO) so that G Suite account credentials double as Windows 10 log-in authentication.
The roll-out of the new console capabilities started April 27, with the rapid release and scheduled release tracks (the latter is the default) beginning simultaneously rather than staged, as usual.
Administrators must install the Google Credential Provider for Windows (GCPW) app on each Windows 10 PC for that device to be managed through the console. Among other things, GCPW links existing users' Windows profiles with their G Suite accounts.
Set Windows update options, offer single sign-on
Google previewed the console-based management of Windows 10 devices starting in January, moving it out of the beta stage significantly faster than usual for the Mountain View, Calif. company.
Requirements on the Windows 10 PC mandate Pro, Enterprise or Business versions of the OS (that last is an expansion of Windows 10 Pro that comes with a Microsoft 365 Business Premium subscription). On the G Suite side, only customers subscribing to G Suite Enterprise, G Suite Enterprise for Education or Cloud Identity Premium can use the non-identity functions newly added to the Admin console.
Once in place, administrators can choose to allow single-sign on for G Suite and other Google services, let users' G Suite-credentials server as Windows 10 log-ons, protect accounts by calling on Google technologies to detect suspicious behavior and phishing attacks, and set a range of options on the PCs. The latter includes actions such as setting Windows update options, enable BitLocker's full-disk encryption and remote wiping of devices.
The new functionality is separate from what Google called "fundamental device management" back in October, when it outlined how the default would be to enroll every system, whether personal computer or mobile, in endpoint management as soon as a user logs into G Suite through any browser.
That concept was designed to make every device visible from the G Suite Admin console so that IT could locate the ones whose operating systems need to be upgraded or could log out from an account if the hardware is lost or stolen.
On the same day Google announced Windows 10 management, the company also reported on a postponement of fundamental device management. "Due to COVID-19 related activity, full roll-out of fundamental device management has been delayed until later in 2020," Google said here.
Some G Suite customers had been served the fundamental management option because deployment has been ongoing for the past six months.