resources:courses:gws_c3
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录前一修订版后一修订版 | 前一修订版 | ||
| resources:courses:gws_c3 [2025/01/23 16:15] – [测试2] jackiez | resources:courses:gws_c3 [2025/01/23 18:06] (当前版本) – jackiez | ||
|---|---|---|---|
| 行 124: | 行 124: | ||
| - Apps > Web and mobile apps > plus sign (+) > SETUP MY OWN CUSTOM APP from the Enable SSO for SAML Application window | - Apps > Web and mobile apps > plus sign (+) > SETUP MY OWN CUSTOM APP from the Enable SSO for SAML Application window | ||
| - Apps > Settings > Third-party integrations. Then search for Asana. | - Apps > Settings > Third-party integrations. Then search for Asana. | ||
| + | |||
| + | ## App安全 | ||
| + | - Control access from the Admin SDK API | ||
| + | - Block access to a specific service | ||
| + | - Create a trusted application list | ||
| + | - Explore the GWS Marketplace | ||
| + | ## 练习1 | ||
| + | {{: | ||
| + | {{: | ||
| + | ## 练习2 | ||
| + | 有许多第三方APP会连到GWS上,作为管理员要进行控制。 | ||
| + | {{: | ||
| + | {{: | ||
| + | {{: | ||
| + | 最后点FINISH,然后再把它限制 | ||
| + | {{: | ||
| + | < | ||
| + | 2.当用户想安装被禁用的APP,会收到错误信息</ | ||
| + | 参考链接:[[https:// | ||
| + | ## 练习3 | ||
| + | {{: | ||
| + | {{: | ||
| + | 安装GA4 | ||
| + | {{: | ||
| + | {{: | ||
| + | 查看结果 | ||
| + | {{: | ||
| + | 然后设置,只允许用户安装白名单的APP | ||
| + | {{: | ||
| + | 再添加白名单APP,练习中要求添加Google Apps Script, | ||
| + | 换成某一个用户的账号登录,查看URL apps.google.com/ | ||
| + | {{: | ||
| + | 再打开Market,任意安装一个APP,会跳出提示 | ||
| + | {{: | ||
| + | ## 测试3 | ||
| + | < | ||
| + | - Already installed applications that use the blocked API will continue to work until the application needs a new OAuth token | ||
| + | - **Already installed applications will stop working and OAuth tokens will be revoked** | ||
| + | - Already installed applications that use the blocked API will continue to work indefinitely | ||
| + | - Already installed applications that use the blocked API will continue to work until the user next signs in to Google Workspace | ||
| + | |||
| + | < | ||
| + | - **Users can not attempt to install an application that is not on the allowlist because they only see allowed apps in the Marketplace** | ||
| + | - When the user attempts to install the app they will see a message advising that the app cannot be installed because it has not been allowed | ||
| + | - Users can install an app that is not in the allowlist but they cannot grant it access to their data so it will not work | ||
| + | - The app will appear to install, but it will not function correctly. | ||
| + | |||
| + | < | ||
| + | - **Change the Marketplace settings to allow users to install only allowed applications from Google Workspace Marketplace** | ||
| + | - Complete a Domain install for each application that you want to allow | ||
| + | - Get your users to Install the Marketplace allowlist app onto each device | ||
| + | - Add the names of all the trusted applications to each user's device policy | ||
| + | |||
| + | < | ||
| + | - Disable API access from the Gmail and Drive service settings | ||
| + | - **From Security > Access and Data Control > API Controls, ensure Trust domain owned apps is enabled. From Security > Access and Data Control > API Controls > MANAGE GOOGLE SERVICES, restrict access to the Gmail and Drive services.** | ||
| + | - From Security > API Permissions, | ||
| + | - Disable Gmail and Drive API access from the top level organization settings | ||
| + | |||
| + | ## 练习1 | ||
| + | Security> | ||
| + | {{: | ||
| + | 发现有一个高危警报,User suspended | ||
| + | {{: | ||
| + | {{: | ||
| + | 找到TLS Failure | ||
| + | {{: | ||
| + | {{: | ||
| + | {{: | ||
| + | 系统预设的Rule只能设置Email通知(被触发时) | ||
| + | ## 练习2 | ||
| + | Reporting> | ||
| + | ## Security Center | ||
| + | - Security best practice | ||
| + | - Analytics | ||
| + | - Actionable insights | ||
| + | |||
| + | 还可以查看各类设置的状态,比如 | ||
| + | - Automatic email forwarding | ||
| + | - Device encryption | ||
| + | - Drive sharing settings | ||
| + | |||
| + | 查看各类报警,比如 | ||
| + | - External file share activity | ||
| + | - Authenticated messages | ||
| + | - Suspicious device activities | ||
| + | - Failed password attempts | ||
| + | |||
| + | Dashboard里则有各种图表,另外,还可以查看Log | ||
| + | - Access device-log data | ||
| + | - Access data about Gmail messages | ||
| + | - Access Gmail log data | ||
| + | - Access Drive log data | ||
| + | 举例来说,我们可以通过Query来确认,是否有如下行为 | ||
| + | - Delete specific messages | ||
| + | - Mark messages as spam or phishing | ||
| + | - Send message to quarantine | ||
| + | - Send message to users' inboxes | ||
| + | |||
| + | < | ||
| + | ## 测试4 | ||
| + | < | ||
| + | - **The alert center consolidates all admin created email alerts into one place** | ||
| + | - The alert center enables you to view alerts and alert details directly in the admin console | ||
| + | - The alert center includes additional in-depth details that enable you to take action to resolve numerous issues that might affect your organization | ||
| + | |||
| + | < | ||
| + | - **Delete message** | ||
| + | - **Mark message as spam** | ||
| + | - Forward tot self | ||
| + | - **View header** | ||
| + | |||
| + | < | ||
| + | - Access Transparency Audit log | ||
| + | - Users Security log | ||
| + | - The Admin Audit log | ||
| + | - **Users Account Activity Report** | ||
| + | |||
resources/courses/gws_c3.1737616555.txt.gz · 最后更改: 2025/01/23 16:15 由 jackiez