Controlling access to sensitive content stored in Google Drive is a critical component for any company’s security posture. One way admins can do this is with Data Loss Prevention (DLP) rules that enable Information Rights Management (IRM) on specific files. This allows admins to disable actions that can lead to accidental or deliberate data exfiltration, such as downloading, copying, and printing.
Today, we’re expanding on these protections by enabling admins to combine DLP rules with Context-Aware Access conditions. When combined, admins can configure if IRM should be enforced based on context conditions, like a user’s location or IP address, are met. This gives admins the ability to configure context-aware-access conditions in a more granular fashion — previously, context-aware-access could only be used to restrict full access to an entire application. This is an important step forward in applying administrator controls at the document level.
Getting started
- Admins: This feature will be OFF by default and can be enabled per-file by creating DLP rules with a CAA access level attached. See this help center article for more information on how to configure these rules.
- End users: Depending on your admin configuration, you may be restricted from taking certain actions on Drive files.
Rollout pace
- Rapid and Scheduled Release domains: Full rollout (1–3 days for feature visibility) beginning on July 31, 2024
Availability
Available for Google Workspace:
- Enterprise Standard and Plus
- Education Fundamentals, Standard, Plus, and the Teaching and Learning upgrade
- Frontline Standard
- Essentials: Enterprise, Enterprise Plus