Top 5 Enterprise Security Features for Google Admins

Enterprise security for google admins

As a Google Cloud Premier Partner, we at HiView work with our clients to ensure that their team gets the very most out of Google Workspace (G Suite). We meet regularly with IT administrators and company executives to see how things are going for their team. During these meetings, we often uncover new ways that Google Admins can better take advantage of the range of features available to them when managing their domain.


This is especially true for organizations using Google Workspace Enterprise Standard and Enterprise Plus (formerly called G Suite Enterprise). In this article, we’ll take a look at 5 key features available exclusively to Admins at these organizations.


1. DLP policies (Enterprise Standard, Enterprise Plus)

DLP (data loss prevention) policies can be configured to detect and react to user attempts at sharing sensitive information. Examples of sensitive information include credit card numbers, social security numbers, and drivers license numbers.

Configurable for both Gmail and Google Drive, this feature allows admins to set up policy-based actions that block the sharing of sensitive information or require additional approval to do so. A wide variety of organizations can benefit from this key feature, from healthcare to consumer goods and beyond.


2. Windows Device Management (Enterprise Standard, Enterprise Plus)

By configuring Windows Device Management for company-owned devices, you can deploy single-sign on (SSO) access security,, and push desired Windows settings to devices. Quite granular settings can be pushed to devices, such as disabling a device’s camera and blocking users from changing VPN.

Another important part of this feature is the ability to block users from unenrolling a device as well as the ability to wipe devices remotely. For example, if a company-owned Windows laptop got into the wrong hands, the assailant could potentially gain access to sensitive company data if precautions were not taken on the Admin’s part. He or she could also unenroll the laptop from your organization, making it easy to steal and repurpose the device. By enabling Windows Device Management, you can take steps to drastically reduce this security risk and keep your organization’s property and data safe.

Note: We recommend also adding company-owned devices to your company-owned inventory. For more information about Google Workspace device management, click here.


3. Access Transparency audit log (Enterprise Plus)

One helpful security feature only available to Workspace Enterprise Plus users is Access Transparency audit logs. These logs provide Admins with insights into Google employees’ accessing of your company data. Specifically, you’ll see the following:

  1. What data was accessed
  2. When the data was accessed
  3. The reason for the action (e.g. the case number attached to the customer support request)
  4. Information about the Google employee who accessed the data (e.g. office location)


To generate an Access Transparency audit log, open the Admin console, click Reports, and click Audit > Access Transparency.


4. Security Sandbox (Enterprise Plus)

The Security Sandbox is a valuable feature that is too often overlooked by Enterprise Google Admins. Built to protect against malicious email attachments, this virtual environment enables Gmail to scan and run attachments. If deemed safe, the email in question is then released to the recipient’s Gmail inbox. However, if any threats are identified, the email is routed to the recipient’s Spam folder.

As an Admin at your organization, you can configure the Security Sandbox to respond to emails with attachments in a variety of ways. You can:

  • Have Gmail scan all supported attachments in incoming emails
  • Have Gmail scan only certain attachments based on your custom rules
  • Configure content compliance rules to manage potentially malicious attachments


5. Security Investigation Tool (Enterprise Plus)

Exclusive to Enterprise Plus Superadmins, the final feature we’d like to share is the Security Investigation Tool. This tool is used to identify, triage, and take action against privacy and security issues within your domain. All queries and actions within the tool can be reviewed in the Admin audit log.

Below are some examples of what you can do with this tool:

  • View device log data
  • Access user Gmail and Chat logs
  • Move, flag, and erase user emails
  • View data of suspended users
  • Investigate Drive activity such as file creation, deletion, sharing, and editing


This streamlined tool makes it easy for delegated Admins to access and react to key security metrics. We highly recommend incorporating regular checkups in the Security Investigation Tool as part of your routine as a Superadmin.


We hope you’ve discovered Enterprise features you never knew you needed. Whether you’re a current Google Workspace or G Suite user looking to upgrade to an Enterprise edition or a longtime Enterprise Admin, contact us for help in getting the very most at your Google Cloud-powered organization. With us as your Google Cloud Partner, you’ll enjoy premium support, admin training services, exclusive discounts, and more, all at no additional cost to you.

Questions? Seeking Google Cloud experts? Send us a message to get in touch.