Get extra visibility and control over how Drive File Stream is used in your organization

What’s changing

Google is giving admins more control over their corporate data by integrating controls for Drive File Stream into Google’s device management interface. Drive File Stream streams data between devices and the cloud to ensure users can access the files they need safely and efficiently whether they’re online or offline. Device management helps you easily manage and protect corporate data on devices.
This integration will allow admins to:

  • Control which devices can use Drive File Stream by restricting use to company-owned devices only.
  • See the status of Drive File Stream on a device (size of the offline content cache, software version, time of last sync etc.).
  • Remotely block the device and wipe the account specific offline content cache from a machine should it become lost or they no longer want Drive File Stream to be used on the device.

Who’s impacted

Admins only

Why you’d use it

Drive File Stream is a simple and efficient way for users to access Drive data on Windows and Mac devices. This integration provides tools for administrators to gain extra visibility into how it’s used in their organization, and ensure corporate data is protected by controlling which devices can be used to access Drive File Stream. With the ability to block or wipe drive cache with a few clicks, admins have more control on over remediation activities.

How to get started

  • Admins: 
    • To see the Drive File Stream information for specific devices in the Admin console at Admin console > Device Management > Devices.
    • To restrict Drive File Stream to company owned devices, go to Admin console > Apps > G Suite > Drive and Docs > Features and Applications > Drive File Stream > Only allow Drive File Stream on authorized devices.
    • To manually approve new Drive File Stream installations, go to Admin console > Device management > Setup > Device Approvals > Requires Admin approval 
  • End users: No action needed. Notifications are sent to the user when a device is blocked, account is wiped, or if a device is pending approval.

Additional details

Control which devices can use Drive File Stream 
If you do not choose to manually approve devices before they can use Drive File Stream (see above), there will be no change to how your users set up Drive File Stream today unless the device also has a pending admin approval for Endpoint Verification. However, you will still be able to block and wipe Drive File Stream data from the devices. If you activate the “Requires Admin approval” setting, devices with Drive File Stream already installed will be grandfathered to continue working, unless the device also has a pending admin approval for endpoint verification.

See the status of Drive File Stream on devices 
With the new integration, you can see and manage the Drive File Stream information for specific devices in the Admin console at Admin console > Device Management > Devices. You’ll be able to see information such as the Drive File Stream offline content cache size, when Drive File Stream last synced, the device model, OS and more.

Remotely block the device and wipe the Drive File Stream data 
If a device is lost or you don’t want Drive File Stream to be used on a device, you can block the device. If you do this, all Drive File Stream data will be wiped, and the device will not be able to re-login and access Drive File Stream again.

You can see and manage Drive File Stream information in the Devices section of the Admin console.
New admin policies to control the use of Drive File Stream

Helpful links

Availability

Rollout details

  • Rapid Release domains: Extended rollout (potentially more than 15 days for feature visibility) starting on April 10, 2019.
  • Scheduled Release domains: Extended rollout (potentially more than 15 days for feature visibility) starting on April 10, 2019.

G Suite editions 

  • Available to all G Suite editions.

On/off by default? 

  • By default, devices will be able to use Drive File Stream without specific approval. You can require manual approval by adjusting the endpoint verification setting as described here.
  • Devices already using Drive File Stream will be grandfathered to continue working with Drive File Stream, unless the device also has a pending admin approval for Endpoint Verification.
  • The setting to only allow Drive File Stream on company-owned devices will be OFF by default.