Set Chrome Enterprise connector policies for Chrome Enterprise Premium

    Chrome Enterprise Premium threat and data protection features are available only for customers who have purchased Chrome Enterprise Premium.

    As an admin, you can use the Google Admin console to check for sensitive data or help protect your Chrome users from content that contains malware. You can also prevent certain files from being sent for analysis. You can then allow or block uploads and downloads for those unscanned files.

    Where do Chrome Enterprise connector policies fit into Chrome Enterprise Premium?

    To implement and use the entire set of Chrome Enterprise Premium protections, you need to:

    1. Set up Chrome Enterprise connector policies (described below).
    2. Set up data protection rules. For details, see Use Chrome Enterprise Premium to integrate DLP with Chrome .
    3. Set up activity alerts. For descriptions of alert types, go to View alert details .

    Before you begin

    • Set up Chrome Enterprise Core. For details, read Set up Chrome Enterprise Core .
    • Chrome Enterprise Premium threat and data protection features are not supported in Incognito windows. For information about how to prevent users from opening new Incognito windows, read about the Incognito mode setting.
    • (Recommended) Turn on Safe Browsing to help protect users from websites that might contain malware or phishing. Read about the Safe Browsing Protection Level setting.
    • Sign up for Chrome Enterprise Premium. Go to the sign-up form .

    Set policies

    1. Sign in with an administrator account to the Google Admin console.

      If you aren’t using an administrator account, you can’t access the Admin console.

    2. For users and browsers:
      Go toMenu  Devices > Chrome > Settings

      Requires having the Mobile Device Management administrator privilege.

      If you signed up for Chrome Enterprise Core, go to Menu  Chrome browser > Settings .

      F or managed guest sessions:
      Go to Menu  Devices > Chrome > Settings > Managed guest session settings .

      Requires having the Mobile Device Management administrator privilege.

    3. Select your top-level organizational unit, so that all child organizations will inherit the policy.
    4. Scroll to Chrome Enterprise connectors.
    5. (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Premium threat and data protection for Chrome Enterprise.
    6. Configure Chrome Enterprise connectors settings. Click below for settings details, based on what type of content you want to send for analysis.
    7. Click Save.

    Open all   |   Close all

    Security events reporting

    Specifies the cloud service APIs that you want to use to report security events. To see these events, you need to set up Chrome security events. For information, see Manage Chrome Enterprise reporting connectors .

    For details about how to view reports on the security dashboard, see:

    Upload content analysis

    Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

    Setting
    Description

    Delay file upload

    Choose an option:
    • Allow immediate upload—Allow users to upload the file while the scan is taking place.
    • Delay upload until analysis is complete—Allow users to upload the file only after the scan is completed and passed.
      • Block file upload on failure—If selected, users cannot upload the file if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

    Check for sensitive data

    Scan uploads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome .

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for uploading the data.

    • Custom warning text—Enter the text the user sees when uploading sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
    • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn morelink. If you leave this field empty, the learn morelink isn't displayed. If a custom message is defined directly in a rule, the learn morelink isn’t displayed, only the rule’s custom message.
    • User justification to bypass warnings—If you select Allow, the user can add a reason why they are uploading sensitive data. You can view these reasons in the Alert center .

    Check for malware

    Scan uploads for malware.

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    File that won’t be sent for analysis

    Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:

    • Allow upload
    • Block upload
    Download content analysis

    Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

    Setting
    Description
    Delay file access
    Choose an option:
    • Allow immediate file access—Allow users to open the file while the scan is taking place.
    • Delay file access until analysis is complete—Allow users to open the file only after the scan is completed and passed.
      • Block file access on failure—If selected, users cannot open the file if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

    Check for sensitive data

    Scan downloads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome .

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for downloading the data.

    • Custom warning text—Enter the text the user sees when downloading sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
    • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn morelink. If you leave this field empty, the learn morelink isn't displayed. If a custom message is defined directly in a rule, the learn morelink isn’t displayed, only the rule’s custom message.
    • User justification to bypass warnings—If you select Allow, the user can add a reason why they are downloading sensitive data. You can view these reasons in the Alert center.
    Check for malware

    Scan downloads for malware.

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    File that won’t be sent for analysis

    Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:

    • Allow download
    • Block download

    [Optional] Apply download restrictions

    You can use the DownloadRestrictions policy to prevent users from bypassing security warnings to download dangerous files. Or, prevent all downloads.

    File transfer content analysis

    Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

    Setting
    Description
    Delay transfer
    Choose an option:
    • Allow immediate transfer—Allow users to transfer the file while the scan is taking place. Users will not notice any influence in their workflows, but admins receive reports of the user activity if reporting is enabled.
    • Delay the transfer until analysis is complete—Allow users to transfer the file only after the scan is completed and passed.

    Check for sensitive data

    Scan transfers for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome .

    Choose an option:

    • On by default, except for the following locations
    • Off by default, except for the following locations

    Locations

    Specify a list of file systems and whether transfers to or from those file systems should be checked.

    When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for transferring the data

    • Custom warning text—Enter the text the user sees when transferring sensitive data. Leave this field empty to display the default warning message.
    • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn morelink. If you leave this field empty, the learn morelink isn't displayed.
    • User justification to bypass warnings—If you select Allow, the user has to add a reason why they are transferring sensitive data. You can view these reasons in the Alert center. 
    Check for malware

    Scan transfers for malware.

    Choose an option:

    • On by default, except for the following locations
    • Off by default, except for the following locations

    Locations

    Specify a list of file systems and whether transfers to or from those file systems should be checked.

    File that won't be sent for analysis

    Some transferred content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:

    • Allow transfer
    • Block transfer
    Bulk text content analysis

    Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

    Setting
    Description
    Delay text entry
    Choose an option:
    • Allow immediate entry—Allow users to paste text on the page while the scan is taking place.
    • Delay text entry until analysis is complete—Allow users to paste text on the page only after the scan is completed and passed.
      • Block text entry on failure—If selected, users cannot paste text on the page if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

    Check for sensitive data

    Scan bulk text for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome .

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for pasting the text.

    • Custom warning text—Enter the text the user sees when pasting sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
    • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn morelink. If you leave this field empty, the learn morelink isn't displayed. If a custom message is defined directly in a rule, the learn morelink isn’t displayed, only the rule’s custom message.
    • User justification to bypass warnings—If you select Allow, the user can add a reason why they are pasting sensitive data. You can view these reasons in the Alert center.
    Minimum character count

    Minimum number of characters, in bytes, required to send content for analysis. In general, one character is equal to one byte. However, there are some exceptions, such as emojis.

    Print content analysis

    Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

    Setting
    Description
    Delay printing
    Choose an option:
    • Allow immediate printing—Allow users to print the page while the scan is taking place.
    • Delay printing until analysis is complete—Allow users to print the page only after the scan is completed and passed.
      • Block printing on failure—If selected, users cannot print the page if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

    Check for sensitive data

    Scan printed content for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome .

    Choose an option:

    • On by default, except for the following URL patterns
    • Off by default, except for the following URL patterns

    URL pattern

    Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format .

    When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for printing the sensitive data.

    • Custom warning text—Enter the text the user sees when printing sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
    • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn morelink. If you leave this field empty, the learn morelink isn't displayed. If a custom message is defined directly in a rule, the learn morelink isn’t displayed, only the rule’s custom message.
    • User justification to bypass warnings—If you select Allow, the user can add a reason why they are printing sensitive data. You can view these reasons in the Alert center.
    Printed content that won't be sent for analysis

    Some printed content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:

    • Allow printing
    • Block printing
    Real time URL check

    Choose the cloud service API to be used by Chrome for sending URLs to be scanned in real time to protect users against dangerous sites. We also recommend that you turn on Safe Browsing. For details about the Safe Browsing Protection Level setting, see Set Chrome policies for users or browsers .

    Related topics

    Was this helpful?

    How can we improve it?

    Need more help?

    Try these next steps:

    Post to the help community Get answers from community members
    true
    Enable Dark Mode
    Search
    Clear search
    Close search
    Google apps
    Main menu
    7175480568269916469
    true
    Search Help Center
    false
    true
    true
    true
    true
    true
    410864
    false
    false
    false
    false
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: