If a user loses their device, you can block unauthorized access to their account.
When a device is at risk
An unauthorized user could potentially access the data for your Google service on a lost or stolen device if:
- The device has an open connection to the user’s managed Google account (for example, their G Suite or Cloud Identity account).
- The device stores cookies that allow connecting without entering a username and password.
- The user installed a third-party service on the device and gave it access to their Google data.
Reset a user’s sign-in cookies
Here’s how to sign the user out of all current HTTP sessions and reset their sign-in cookies. Doing so requires them to enter their username and password to sign back in to their account.
Note: If you suspended a user, you don't need to do this. Suspending a user resets their sign-in cookies.
- From the Admin console Home page, go to Users.
- In the Users list, find the user. If you need help, see Find a user account.
- Click the user's name to open the user's account page.
- Click Security to open the settings.
- Click Sign-in cookies Reset.
- (Optional) To return to the user’s account page, at the top right, click the Up arrow .
It can take up to an hour to sign the user out of current Gmail HTTP sessions. The time for other applications can vary.
Wipe a mobile device
If the mobile device is managed by Google endpoint management and synchronization is turned on, you can remotely remove data from the device. You can choose to remove all data or only data for your Google service. The user’s Google data will still be available through a web browser and other authorized mobile devices.
Revoke authorized access
Users can allow third-party services to access their managed Google account. For example, a user might install a diagramming app that needs access to their Google Drive files so it can create diagrams or flowcharts. When the app is installed, it will ask the user to grant access to the data for their Google service.
If a device is lost or stolen, you can revoke this access so the app can’t access the user’s data anymore. For details, see View user security settings and revoke access.