Google Workspace is deceptively simple to set up – create accounts, share a Drive, start using Gmail. But “set up” and “properly administered” are very different things. The security settings, organizational controls, and policies that protect your business data don’t configure themselves.
Here’s what proper Google Workspace administration looks like.
Security Settings Most Businesses Don’t Configure
2-Step Verification (MFA) Enforcement
Not just “available” – enforced for all users with no grace period. Admin accounts should require hardware security keys. Regular users should use Google Authenticator or phone-based verification at minimum.
Advanced Protection Program
For high-risk accounts (admins, executives, finance), Google’s Advanced Protection adds extra layers including hardware key requirements and restricted third-party app access.
OAuth App Control
By default, users can grant third-party apps access to their Google data. Without app controls, random apps from the internet can read your team’s email, access Drive files, and send messages on their behalf. Whitelist trusted apps, block everything else.
Drive Sharing Controls
- Who can share files externally (and who can’t)
- Link sharing defaults (restricted vs. anyone with link)
- External sharing warnings
- Shared drive access controls
- File ownership transfer policies
Email Security
- SPF, DKIM, DMARC records configured (prevents spoofing)
- Enhanced pre-delivery scanning
- Attachment security settings
- External recipient warnings
- Email routing and compliance rules
Organizational Structure
- Organizational Units (OUs) – Group users by department or role. Apply different policies to different groups (sales team gets different app access than engineering).
- Groups for permissions – Shared Drives, calendar access, and app permissions managed through groups, not individual assignments.
- Admin roles – Delegate specific admin tasks without giving full super admin access. Your office manager can reset passwords without seeing billing.
Google Vault and Retention
If you’re subject to data retention requirements (legal, compliance, industry), Google Vault lets you set retention policies, place legal holds, and search/export data for investigations. Most businesses don’t know this exists in their subscription.
What We Handle
As your Google Workspace admin, we configure security settings, manage user accounts, optimize your organizational structure, handle third-party app policies, and maintain your email security posture. When Google releases new admin features or security recommendations, we implement them. When a user is locked out at 7am, we fix it in minutes.
Need IT help? Seashore IT provides managed IT for businesses with 5-250 computers across the Western US. Flat monthly rate, 30-60 minute response, 24x7x365. Call (833) 997-6886 or email info@seashoreit.com.
Seashore IT – Your transparent IT partner, aligned to your goals, embedded in your success.