Overview: Enhanced desktop security for Windows

As an administrator, you can set up company-owned and personal Microsoft Windows devices to use Google’s single-sign on (SSO) access security, push Windows settings, and wipe device data remotely. Enhanced desktop security for Windows has two complementary features that can be set up together or individually.

Contents

Requirements

License

  • GCPW is available with all G Suite and Cloud Identity editions. However, to deploy GCPW and Windows device management together, you must have G Suite Enterprise, G Suite Enterprise for Education, or Cloud Identity Premium.
  • Windows device management is available with G Suite Enterprise, G Suite Enterprise for Education, or Cloud Identity Premium. 

System

  • Windows 10 Pro, Pro for Workstations, Enterprise, or Education, version 1803 or later
  • For GCPW, Chrome Browser 81 or later

Google Credential Provider for Windows (GCPW)

This feature is available with all G Suite and Cloud Identity editions.

You can let users sign in to a Windows 10 device using the Google Account your organization provides. You can configure GCPW so that a user’s Google Account syncs with their Active Directory or local Windows profiles. GCPW also provides the following benefits:

  • Additional security—Users get all the security benefits of their Google Account on their Windows 10 device. These features include anti-hijacking features such as 2-step verification (2SV) and login challenges.
  • SSO experience—Users can access G Suite services and SSO apps in Chrome Browser without the need to re-enter their Google credentials.
  • Password synchronization—Keep users’ Google passwords in sync with their Windows passwords in the Admin console or with G Suite Password Sync.
  • Automatic enrollment in Windows device management—If you use GCPW and Windows device management, devices are automatically enrolled in Windows device management when the user signs in and activates GCPW.
  • Perform admin actions:

To use GCPW, you need to install it on each Windows device. Learn how to set up and install GCPW.

Windows device management

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium editions.

With Windows device management, you can configure and manage enrolled devices from the Admin console.

Setting management Device management

Learn how to set up Windows device management.

Set up GCPW and Windows device management

You can set up GCPW and Windows device management together or only the one you want to use.

Note: For company owned devices, we recommend you also add them to the company owned inventory.

Set up both (recommended)

When you enable Windows device management and install GCPW on a device, the device is automatically enrolled in Windows device management. 

For instructions, see Set up GCPW and Windows device management together.

Set up GCPW only

Use this set up when you have a third-party EMM to manage devices and only want the Google sign-on experience.

  1. Prepare to install GCPW
  2. (Optional) Associate Google Accounts with existing Windows profiles
  3. Install GCPW
  4. (Optional) Set automatic error reporting for GCPW
  5. Share GCPW training resources with your users
Set up Windows device management only

Use this set up when you use AD sign-in and only want to manage Windows devices. 

  1. Apply Windows settings 
  2. Enable Windows device management
  3. Enroll devices

More resources for admins

Help for GCPW users

Google, G Suite, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?