resources:tools:gws_baseline
差别
这里会显示出您选择的修订版和当前版本之间的差别。
| resources:tools:gws_baseline [2024/12/06 23:17] – 创建 jackiez | resources:tools:gws_baseline [2024/12/06 23:24] (当前版本) – jackiez | ||
|---|---|---|---|
| 行 23: | 行 23: | ||
| - Verify that there are no users in both the Super admin and Delegated admin roles | - Verify that there are no users in both the Super admin and Delegated admin roles | ||
| For every Super admin that is also a Delegated admin account, either create a Delegated admin account for the user of elevate or their existing non-admin account to a Delegated admin account. | For every Super admin that is also a Delegated admin account, either create a Delegated admin account for the user of elevate or their existing non-admin account to a Delegated admin account. | ||
| - | + | ## 1.2 Directory Settings | |
| - | + | ### 1.2.1 Sharing Settings | |
| + | #### 1.2.1.1 Ensure directory data access is externally restricted | ||
| + | <q>If your organization uses third-party apps that integrate with your Google services, you control how much Directory information the external apps can access.\\ | ||
| + | If you allow directory access, your users have a better experience with external apps. For example, when they use a third-party mail app, they want to find domain contacts and have email addresses automatically complete. The app needs access to Directory data to make this happen. However, this has the ability to share ALL domain AND public data with the connected third-party app.\\ | ||
| + | Public data and authenticated user basic profile fields — Share publicly visible domain profile data with external apps and APIs. Also share the authenticated user's name, photo, and email address to enable Google Sign-In if the appropriate scopes are granted. Other non-public profile fields for the authenticated user aren't shared. All the non-public profile information of other users in the domain aren't shared. | ||
| + | Domain and public data — (Default) Share all Directory information that’s shared with your domain and public data. This information includes profile information for users in your domain, shared external contacts, and Google+ profile names and photos.</ | ||
| + | To verify this setting via the Google Workspace Admin Console: | ||
| + | - Log in to https:// | ||
| + | - Open the collapsed menu via " | ||
| + | - Under Directory, select Directory settings | ||
| + | - Under Sharing settings, select External Directory sharing | ||
| + | - Ensure Domain and public data is not selected | ||
| + | - Select Save | ||
| + | # 2.Devices | ||
| + | NA | ||
| + | # 3.Apps | ||
| + | ## 3.1 Google workspace | ||
| + | ### 3.1.1 Calendar | ||
| + | ### 3.1.2 Drive and Docs | ||
| + | ### 3.1.3 Gmail | ||
| + | ### 3.1.4 Google Chat | ||
| + | ### 3.1.5 Google Meet | ||
| + | NA | ||
| + | ### 3.1.6 Groups for Business | ||
| + | ### 3.1.7 Sites | ||
| + | ### 3.1.8 Additional Google services | ||
| + | ### 3.1.9 Google Workspace Marketplace | ||
| + | # 4.Security | ||
| + | ## 4.1 Authentications | ||
| + | ### 4.1.1 2-Step Verfication | ||
| + | ### 4.1.2 Account Recovery | ||
| + | ### 4.1.3 Advanced Protection Program | ||
| + | ### 4.1.4 Login Challenges | ||
| + | ### 4.1.5 Password Management | ||
| + | ## 4.2 Access and Data Control | ||
| + | ### 4.2.1 API Controls | ||
| + | ### 4.2.2 Context-Aware Access | ||
| + | ### 4.2.3 Data Protection | ||
| + | ### 4.2.4 Google Session Control | ||
| + | ### 4.2.5 Google Cloud Session Control | ||
| + | ### 4.2.6 Less Secure Apps | ||
| + | ## 4.3 Security Center | ||
| + | # 5.Reporting | ||
| + | ## 5.1 Reports | ||
| + | ### 5.1.1 User Reports | ||
| + | # 6.Rules | ||
| + | ## 6.1 | ||
| + | ## 6.2 | ||
| + | ## 6.3 | ||
| + | ## 6.4 | ||
| + | ## 6.5 | ||
| + | ## 6.6 | ||
| + | ## 6.7 | ||
| + | ## 6.8 | ||
resources/tools/gws_baseline.1733494637.txt.gz · 最后更改: 2024/12/06 23:17 由 jackiez