Notification

Duet AI is now Gemini for Google Workspace. Learn more

Control access to apps based on user & device context

Apply recommended access levels

Context Aware Access insights notify you when risky devices or users access Google Workspace data. For example, you’ll get an insight if corporate data is being accessed from an unusual location or how many users are logging in with an outdated OS.

The included recommendations allow you to easily apply predefined access level policies to mitigate the risks. These insights and recommendations are specific to your organization.

Before you begin

  • Recommended access levels are applied in monitor mode so you can test the impact before activating changes. This prevents users from being inadvertently denied access. For details, see Deploy Context-Aware Access.

Apply recommended access levels

 This is the most efficient way to remove deleted access levels and unblock apps.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Securityand thenAccess and data controland thenContext-Aware Access.
  3. Verify Context-Aware Access is ON. If not, click Turn On.
  4. To review the Insights & Recommendations for your organization, click View recommendations under Try recommended access levels with monitor mode.
  5. Find the insight you want to address and click Review recommended access level
  6. Review the access level details and click Assign.
    The access level will be assigned to the root organizational unit and to all Google Workspace apps except the Google Admin Console app.
  7. Review the access level assignments that are in monitor mode. You can: 
    • View the monitor mode report that specifies the users who will lose access to Google Workspace if the recommended access level is assigned in Active mode.
    • Edit the recommended policy, if necessary. For details, see Create Context-Aware access levels.

Activate recommended access levels

Recommended access levels are set to Monitor mode by default. This ensures you won’t inadvertently block users when you turn on an access level.  To start applying it, change the access level to Active mode.

Before you begin

Desktop devices that don’t have EV installed may not be recognized by Google Workspace. As an admin, ensure that desktop users install Endpoint Verification (EV) on the Chrome browser to avoid inadvertent blocked access. For details, see Set up endpoint verification.

Change the access level to Active mode

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Securityand thenAccess and data controland thenContext-Aware Access.
  3. Under Assign Access Levels, click View all assignments in Monitor mode.
  4. Locate the access level in the list and select Actions
  5. Change the access level status from Monitor to Active and then click Continue to optionally change the policy settings.

For details on using Monitor mode, see Assign Context-Aware access levels to apps

 

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
11224418677126755898
true
Search Help Center
true
true
true
true
true
73010
false
false