Enable Cloud Malware Protection for Google Drive Tenants
Table of Contents
Prerequisites
- The person performing the authentication must be a Google Super Admin and have an active Google user license.
- Chrome or Firefox is recommended with pop-up blockers/ad blockers disabled (only for the duration of authorization).
- Umbrella DLP Connector (also known as the SaaS API Connector) must be installed in the tenant by a Google Admin User. We recommend using a service account for the installation.
Limitation
- A tenant that fails to authenticate cannot be deleted.
Authorize a Tenant
- In the Umbrella dashboard, navigate to Admin > Authentication.
- In the Platforms section, click to expand Google.
- In the Cloud Malware section, click Authorize New Tenant to add a Google tenant to your Umbrella environment.
- In the Google Authorization dialog box, check the checkbox to verify you meet the prerequisite, then click Next.
Note: The link to the SaaS API Connector brings you to the Umbrella DLP Connector site in the Google Workspace Marketplace. This is correct, despite the nomenclature difference.
- Add a Tenant Name and then click Next.
- Select a Response Action for Umbrella to apply to Google files found with malware and then click Next.
- Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
- Choose Quarantine to:
- Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
- Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
- Add a gmail Email Address and then click Done.
The new tenant appears in the Cloud Malware section.
Edit a Tenant
You can change the Response Action you have selected for a tenant.
- Navigate to Admin > Authentication.
- In the Platforms section, click Google.
- In the Cloud Malware section, from the Edit column click Edit.
- Select a Response Action for Umbrella to apply to Google files found with malware and then click Next.
- Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
- Choose Quarantine to:
- Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Google admin.
- Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
- Click Done.
The new Response Action is displayed.
Revoke Authorization
You can revoke any authorized tenant.
- From the Action column, click Revoke.
- Click Revoke. The selected tenant is no longer authorized.
Enable Cloud Malware Protection for Dropbox Tenants< Enable Cloud Malware Protection for Google Drive Tenants > Enable Cloud Access Security Broker Features for Microsoft 365 Tenants
Updated about 1 month ago