Enhanced desktop security for Windows
As administrators, people can set up company-owned and personal Microsoft Windows devices to use Google’s single-sign on (SSO) access security, push Windows settings, and erase device data remotely. Enhanced desktop security for Windows has two complementary features that can be set up individually or together.
Google Credential Provider for Windows (GCPW)
Business organisations can let users sign in to a Windows 10 device using the provided Google account. They can also configure GCPW to the user’s Google account that syncs with their Active Directory or local Windows profiles. GCPW also provides the benefits mentioned below:
- Additional security – users are offered the complete security benefits of their Google account on their Windows 10 device. These features include, anti-hijacking features like 2-step verification (2SV) and login challenges.
- SSO experience – users can access the Google Workspace services and SSO apps in the Chrome browser without re-entering their Google credentials.
- Password synchronization – business organisations can keep the users’ Google passwords in sync with their Windows passwords in the Admin console or with G Suite Password Sync.
- Automatic enrollment in Windows device management– when business organisations use GCPW and Windows device management together, the devices are enrolled automatically in Windows device management when the user signs in through GCPW.
Only one user per device can enrol in Windows device management, even though business organisations can allow multiple accounts to sign in through GCPW. Due to a Microsoft limitation in Windows 10, when multiple users sign in through GCPW on the same device, the first user is enrolled in Windows device management. Their device-level settings (including Windows updates, admin privileges etc.) apply to all device users.
Windows device management
With the help of Windows device management, business organisations can configure and manage enrolled devices from the admin console.
With setting management, business organisations can:
- Set the users’ administrative permission level
- Allow BitLocker encryption
- Manage the automatic updates for Windows
- Apply custom settings (they can block specific apps, disable USB drives, set the screen lock timeout, among others)
With Device Management, business organisations can:
- Erase data from a device
- Get the details of the managed device
- Sign out users from their Google Account
- Audit the device system activity
- Remove a device from Windows device management