G Suite Rolled out New Feature Dynamic, Context-Aware Access Control

Context-Aware Access is one of the most efficient security features of G Suite, which was only present in beta.  Now it is generally available in G Suite Enterprise and Education domains as well. 

This feature can be OFF by default, also can be enabled at the OU level.

Benefits of Utilizing Context-Aware Access Control

As an admin you can set multiple access levels depending on the identity of the users and the condition of the requests (such as IP address, Surroundings, Device Security Status, etc).

You can provide multiple access to the users depending upon the organizational policies with the help of granular access control and even without a VPN.

Cases Where you Can Apply Context-Aware Access Control

Context-Aware access control helps you in the following cases

• Restrict access to the applications when the used device is not issued by the company.

• Allow access to the applications only in the corporated WIFI.

• Allow access to the Drive only when the device storage encryption is done.

You can also combine more than one case into policy, such as an access level that only can access apps in the corporate environment, company-issued device and meet a minimum OS. If anyone from the access level couldn’t meet the criteria, then the access will be denied and an error message will be displayed.

Platform Requirements:

You can create different types of policies based on IP, Location, and Devices.

1. IP: A specified range of IP from where users can access the apps.

2. Location: Specified countries from where users can access the apps.

3. Devices:  Specified requirements in the features of the device to get the access, such as device must be encrypted, then only users can access the apps.

Availability in the Editions:

You can apply this feature only if the users are using one of the following G Suite editions.

• G Suite Enterprise

• G Suite Enterprise for Education

• Cloud Identity Premium

• Drive Enterprise

Applicable Apps:

You can apply context access control in the following apps

• Calendar

• Cloud Search

• Drive and Docs (includes Sheets, Slides, and Forms)

• Gmail

• Google Hangouts

• Google Vault

• Google+

• Groups for Business

• Hangouts Chat

• Jamboard Service

• Keep

• Sites

• Tasks

Don’t Lockout Partners, Employees or External Collaborator:

During setting up always remember the following:

• Don’t block the access of G Suite services such as Gmail, as it is used from both sides for communication purposes.

• Identify the IP range, that is a need for employees or partners or collaborators.

• Keep in mind that some services like Forms or sites are not available in mobile app hence it will get automatically blocked.