As an administrator, you can set up company-owned and personal Microsoft Windows devices to use Google’s single-sign on (SSO) access security, push Windows settings, and wipe device data remotely.
Enhanced desktop security for Windows has two complementary features that can be set up together or individually:
- Google Credential Provider for Windows (GCPW)—Use Google Account authentication on Windows 10 devices.
- Windows device management—Manage Windows settings on enrolled devices.
- GCPW is available with all G Suite and Cloud Identity editions. However, to deploy GCPW and Windows device management together, you must have G Suite Enterprise, G Suite Enterprise for Education, G Suite Enterprise Essentials, or Cloud Identity Premium.
- Windows device management is available with G Suite Enterprise, G Suite Enterprise for Education, G Suite Enterprise Essentials, or Cloud Identity Premium.
- Windows 10 Pro, Pro for Workstations, Enterprise, or Education, version 1803 or later
- For GCPW, Chrome Browser 81 or later
This feature is available with all G Suite and Cloud Identity editions.
You can let users sign in to a Windows 10 device using the Google Account your organization provides. You can configure GCPW so that a user’s Google Account syncs with their Active Directory or local Windows profiles. GCPW also provides the following benefits:
- Additional security—Users get all the security benefits of their Google Account on their Windows 10 device. These features include anti-hijacking features such as 2-step verification (2SV) and login challenges.
- SSO experience—Users can access G Suite services and SSO apps in Chrome Browser without the need to re-enter their Google credentials.
- Password synchronization—Keep users’ Google passwords in sync with their Windows passwords in the Admin console or with G Suite Password Sync.
- Automatic enrollment in Windows device management—If you use GCPW and Windows device management, devices are automatically enrolled in Windows device management when the user signs in and activates GCPW.
- Perform admin actions:
To use GCPW, you need to install it on each Windows device. Learn how to set up and install GCPW.
This feature is available with G Suite Enterprise, G Suite Enterprise for Education, G Suite Enterprise Essentials, and Cloud Identity Premium editions.
With Windows device management, you can configure and manage enrolled devices from the Admin console.
|Setting management||Device management|
Learn how to set up Windows device management.
You can set up GCPW and Windows device management together or only the one you want to use.
Note: For company owned devices, we recommend you also add them to the company owned inventory.Set up both (recommended)
When you enable Windows device management and install GCPW on a device, the device is automatically enrolled in Windows device management. We recommend you configure any Windows settings before you enable Windows device management so that all the settings are synchronized to enrolled devices at once.
Use this set up when you have a third-party EMM to manage devices and only want the Google sign-on experience.
- Sign in to Windows with your managed Google Account
- Manage Google work passwords on a Windows 10 device
Google, G Suite, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.