The Google for Education Community Platform

jasoncrcsd · ‎03-19-2024

I know this can be done at the OU level but our system automatically places users in their school and grade OUs so if I move a user to a different OU the system just moves them back so I cannot make a sub OU and use that method to an OU with the service turned off. I know some things can be managed by group but when I try this the only option is ON. it doesn't have an off.

NielsBrockmeier · ‎03-19-2024

Groups can indeed only be used to turn services ON not OFF. One possibility would be to use Context Aware Access, add the CAA rule to a group and the Gmail service and add the user to the group. One option could be to use location-based and set them to only allow access if they are in some random country they aren't in for sure. Or a specific IP Address or anything that prevents them from accessing it.

It's not the nicest solution but it works for now. I am sure there is a better solution to it but this was my first thought process.

Kim_Nilsson · ‎03-19-2024

CAA is very powerful, indeed, but requires (AFAIK) Standard/Plus licences.

--
https://wheretofind.me/@NoSubstitute

Kim_Nilsson · ‎03-19-2024

You could "flip it".

Deny access to the OU, and add everyone but those individuals to an Allow/ON group.

--
https://wheretofind.me/@NoSubstitute

mgonzalezvt · ‎03-19-2024

This new hub needs a feature request voting option. I'd plug for a feature to tag individual accounts with policies instead of only OUs.

jdsok · ‎03-19-2024

We created sub-OUs in active directory for 'restricted' modes, and certain kids get automatically moved there. That syncs up to Google and ta-da: no email for you!

The Google for Education Community Platform

Is there any way of blocking Gmail App use for 1 or a few users?