Chrome Enterprise Premium features are available only for customers who have purchased Chrome Enterprise Premium .
You can use Chrome Enterprise Premium threat and data protection to integrate Chrome with a variety of security features, to enhance existing Chrome security protections or use new features with Chrome. These include additional protections against web-based threats, such as malware and social engineering, and use Data Loss Prevention (DLP) rules, security alerts, and reporting tools.
Here are steps for implementing these protections, and reporting and investigation options to explore after the protections are configured and in use.
Configure Chrome, create DLP rules, and set up alerts
Step 1: Set up Chrome Management
Set up either Cloud Management for your Chrome browser, Chrome Managed Profiles, or Chrome Device Management, depending on your supported operating system(s).
For details:
- Chrome Browser Cloud Management - for Microsoft Windows, Apple Mac OS, and Linux
- Chrome Managed Profiles - for Windows, Mac OS, and Linux
- About Chrome Device Management - for ChromeOS
Step 2: Set up Chrome Enterprise connector policies
To enable additional protections against data loss and malware in Chrome, you need to enable Chrome Enterprise connectors so content gathered in Chrome is uploaded to Google Cloud for analysis. You must enable the Chrome Enterprise connectors for DLP rules to integrate with Chrome.
These settings are in addition to any general settings you configured as part of overall Chrome Browser Cloud Management or Chrome Device Management.
For details: Set Chrome Enterprise connector policies for Chrome Enterprise Premium
Notes:
- On Windows and Mac without Chrome Browser Cloud Management configured, and ChromeOS—Chrome Enterprise Premium is enabled through user-level cloud policies. This means that Chrome Enterprise Premium is applied for a managed user independent of whether or not the device or browser is managed. For details, go to Understand Chrome Policy Management.
- On Windows or Mac with Chrome Browser Cloud Management configured—Chrome Enterprise Premium is enabled through device or machine-level cloud policies. This means that Chrome Enterprise Premium is applied to any Chrome browsers enrolled in Chrome Browser Cloud Management on that device. For details, go to Understand Chrome Policy Management.
- On ChromeOS Managed Guest Sessions—Chrome Enterprise Premium is enabled through Managed Guest Session policies on a managed device.
Step 3: Verify that the Chrome Enterprise Premium service is enabled
-
In the Admin console, go to Menu AppsAdditional Google services.
- If the Chrome Enterprise Premium service is not currently ON, click the service to open its settings page.
- Click Service status.
-
Click On for everyone, and then click Save.
For information on how to turn a service on for specific organizational units or groups, see Turn a service on or off for Google Workspace users.
Step 4: Set up data protection rules
After you enable Chrome Enterprise connectors, create DLP rules to control the sharing of sensitive data. You can create rules specific to Chrome and define which action (block, warn, audit) to take when certain events take place in the browser, such as uploading or downloading a file, pasting or printing content, or accessing a website.
You can also create DLP rules specific to ChromeOS to scan files transferred between ChromeOS and other file systems, for example, an external USB or Google Drive. You can block file transfers, warn users about sharing sensitive data when transferring files, or log the event for future audit to assess the impact of new rules.
For details: Use Chrome Enterprise Premium to integrate DLP with Chrome
Step 5: Set up activity alert rules
Set up alert center rules so analysts are notified of certain security events.
For details: View alert details
View the audit log and security reports, and perform investigations
After you configure Chrome Enterprise Premium and events occur, you can use the Rules audit log and security dashboard security reports to monitor security events. Also, you can use the investigation tool to learn more about alert notifications.
View the Rules log events
Use the Rules audit log to track user attempts to share sensitive data. The Rules audit log tracks Device ID and Device Type audit data types for Chrome Enterprise Premium-related events.
For details on DLP rules-related audit data types: Rules log events.
View security dashboard reports
View reports in the security dashboard. Security reports related to Chrome Enterprise Premium are:
- Chrome threat summary
- Chrome data protection summary
- Chrome high risk users
- Chrome high risk domains
Use the investigation tool to examine security issues
You can further investigate the source of the alert in the security investigation tool, which allows you to identify, triage, and take action on security and privacy issues in your domain.
For details: About the security investigation tool
Chrome Enterprise Premium threat and data protection URLs
Chrome uses these URLs to check for updates when running Chrome Enterprise Premium threat and data protection. Chrome must access the following URLs when Chrome Enterprise Premium threat and data protection is implemented.
For details: Manage Chrome updates (Windows); the URLs are listed under Questions: What URLs are used for Chrome browser updates?