Set Chrome Enterprise connector policies for Chrome Enterprise Premium

Chrome Enterprise Premium threat and data protection features are available only for customers who have purchased Chrome Enterprise Premium.

As an admin, you can use the Google Admin console to check for sensitive data or help protect your Chrome users from content that contains malware. You can also prevent certain files from being sent for analysis. You can then allow or block uploads and downloads for those unscanned files.

Where do Chrome Enterprise connector policies fit into Chrome Enterprise Premium?

To implement and use the entire set of Chrome Enterprise Premium protections, you need to:

  1. Set up Chrome Enterprise connector policies (described below).
  2. Set up data protection rules. For details, see Use Chrome Enterprise Premium to integrate DLP with Chrome.
  3. Set up activity alerts. For descriptions of alert types, go to View alert details.

Before you begin

  • Set up Chrome Enterprise Core. For details, read Set up Chrome Enterprise Core.
  • Chrome Enterprise Premium threat and data protection features are not supported in Incognito windows. For information about how to prevent users from opening new Incognito windows, read about the Incognito mode setting.
  • (Recommended) Turn on Safe Browsing to help protect users from websites that might contain malware or phishing. Read about the Safe Browsing Protection Level setting.
  • Sign up for Chrome Enterprise Premium. Go to the sign-up form.

Set policies

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. For users and browsers:
    In the Admin console, go to Menu and then Devicesand thenChromeand thenSettings

    If you signed up for Chrome Enterprise Core, go to Menu and then Chrome browserand thenSettings.

    For managed guest sessions:
    In the Admin console, go to Menu and then Devicesand thenChromeand thenSettingsand thenManaged guest session settings.
  3. Select your top-level organizational unit, so that all child organizations will inherit the policy.
  4. Scroll to Chrome Enterprise connectors.
  5. (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Premium threat and data protection for Chrome Enterprise.
  6. Configure Chrome Enterprise connectors settings. Click below for settings details, based on what type of content you want to send for analysis.
  7. Click Save.

Open all  |  Close all

Security events reporting

Specifies the cloud service APIs that you want to use to report security events. To see these events, you need to set up Chrome security events. For information, see Manage Chrome Enterprise reporting connectors.

For details about how to view reports on the security dashboard, see:

Upload content analysis

Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

Setting Description

Delay file upload

Choose an option:
  • Allow immediate upload—Allow users to upload the file while the scan is taking place.
  • Delay upload until analysis is complete—Allow users to upload the file only after the scan is completed and passed.
    • Block file upload on failure—If selected, users cannot upload the file if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

Check for sensitive data

Scan uploads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for uploading the data.

  • Custom warning text—Enter the text the user sees when uploading sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
  • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn more link. If you leave this field empty, the learn more link isn't displayed. If a custom message is defined directly in a rule, the learn more link isn’t displayed, only the rule’s custom message.
  • User justification to bypass warnings—If you select Allow, the user can add a reason why they are uploading sensitive data. You can view these reasons in the Alert center.

Check for malware

Scan uploads for malware.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

File that won’t be sent for analysis

Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:

  • Allow upload
  • Block upload
Download content analysis

Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

Setting Description
Delay file access Choose an option:
  • Allow immediate file access—Allow users to open the file while the scan is taking place.
  • Delay file access until analysis is complete—Allow users to open the file only after the scan is completed and passed.
    • Block file access on failure—If selected, users cannot open the file if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

Check for sensitive data

Scan downloads for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for downloading the data.

  • Custom warning text—Enter the text the user sees when downloading sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
  • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn more link. If you leave this field empty, the learn more link isn't displayed. If a custom message is defined directly in a rule, the learn more link isn’t displayed, only the rule’s custom message.
  • User justification to bypass warnings—If you select Allow, the user can add a reason why they are downloading sensitive data. You can view these reasons in the Alert center.
Check for malware

Scan downloads for malware.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for malware. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

File that won’t be sent for analysis

Some file types are not checked for sensitive data or malware, including password protected files and files larger than 50 MB. Choose how you want to handle those files:

  • Allow download
  • Block download

[Optional] Apply download restrictions

You can use the DownloadRestrictions policy to prevent users from bypassing security warnings to download dangerous files. Or, prevent all downloads.

File transfer content analysis

Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

Setting Description
Delay transfer Choose an option:
  • Allow immediate transfer—Allow users to transfer the file while the scan is taking place. Users will not notice any influence in their workflows, but admins receive reports of the user activity if reporting is enabled.
  • Delay the transfer until analysis is complete—Allow users to transfer the file only after the scan is completed and passed.

Check for sensitive data

Scan transfers for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Choose an option:

  • On by default, except for the following locations
  • Off by default, except for the following locations

Locations

Specify a list of file systems and whether transfers to or from those file systems should be checked.

When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for transferring the data

  • Custom warning text—Enter the text the user sees when transferring sensitive data. Leave this field empty to display the default warning message.
  • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn more link. If you leave this field empty, the learn more link isn't displayed.
  • User justification to bypass warnings—If you select Allow, the user has to add a reason why they are transferring sensitive data. You can view these reasons in the Alert center. 
Check for malware

Scan transfers for malware.

Choose an option:

  • On by default, except for the following locations
  • Off by default, except for the following locations

Locations

Specify a list of file systems and whether transfers to or from those file systems should be checked.

File that won't be sent for analysis

Some transferred content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:

  • Allow transfer
  • Block transfer
Bulk text content analysis

Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

Setting Description
Delay text entry Choose an option:
  • Allow immediate entry—Allow users to paste text on the page while the scan is taking place.
  • Delay text entry until analysis is complete—Allow users to paste text on the page only after the scan is completed and passed.
    • Block text entry on failure—If selected, users cannot paste text on the page if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

Check for sensitive data

Scan bulk text for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for pasting the text.

  • Custom warning text—Enter the text the user sees when pasting sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
  • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn more link. If you leave this field empty, the learn more link isn't displayed. If a custom message is defined directly in a rule, the learn more link isn’t displayed, only the rule’s custom message.
  • User justification to bypass warnings—If you select Allow, the user can add a reason why they are pasting sensitive data. You can view these reasons in the Alert center.
Minimum character count

Minimum number of characters, in bytes, required to send content for analysis. In general, one character is equal to one byte. However, there are some exceptions, such as emojis.

Print content analysis

Specify the cloud service APIs that you want to use. Select Chrome Enterprise Premium, and then configure the additional settings.

Setting Description
Delay printing Choose an option:
  • Allow immediate printing—Allow users to print the page while the scan is taking place.
  • Delay printing until analysis is complete—Allow users to print the page only after the scan is completed and passed.
    • Block printing on failure—If selected, users cannot print the page if the scan fails due to issues such as network errors, an unreachable server, or a request timeout.

Check for sensitive data

Scan printed content for sensitive data. For details about how to specify what you want to check for, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Choose an option:

  • On by default, except for the following URL patterns
  • Off by default, except for the following URL patterns

URL pattern

Specify a list of URL patterns for which pages Chrome allows or prevents scans for sensitive data. If you include multiple URLs, separate them by putting one URL per line. For information about valid URL patterns, see URL blocklist filter format.

When sensitive data is found, you can choose to display a custom warning and require the user to enter a justification for printing the sensitive data.

  • Custom warning text—Enter the text the user sees when printing sensitive data. Leave this field empty to display the default warning message. If a custom message is defined directly in a rule, it takes precedence over this message.
  • Custom warning "learn more" link—Enter the URL that you want to display when the user clicks the learn more link. If you leave this field empty, the learn more link isn't displayed. If a custom message is defined directly in a rule, the learn more link isn’t displayed, only the rule’s custom message.
  • User justification to bypass warnings—If you select Allow, the user can add a reason why they are printing sensitive data. You can view these reasons in the Alert center.
Printed content that won't be sent for analysis

Some printed content is not checked for sensitive data or malware, including files larger than 50 MB. Choose how you want to handle those files:

  • Allow printing
  • Block printing
Real time URL check

Choose the cloud service API to be used by Chrome for sending URLs to be scanned in real time to protect users against dangerous sites. We also recommend that you turn on Safe Browsing. For details about the Safe Browsing Protection Level setting, see Set Chrome policies for users or browsers.

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
10150173383880303524
true
Search Help Center
true
true
true
true
true
410864
false
false