I’ve compiled a checklist of configurations that G Suite administrators should implement after deployment.

G Suite Security-Related

Make Two-Factor Authentication Mandatory

Please refer to the article on this site: G Suite 2段階認証を必須にする設定.

Google Vault

• Google Vault ヘルプ

G Suite End User Access-Related

Switch POP and IMAP Access to Disabled

Reference: 管理アカウントで POP と IMAP の有効、無効を設定する - G Suite 管理者 ヘルプ

1. Access [Apps] > [G Suite] > [Gmail Settings] > [End User Access].
2. In [Organization], select the organizational unit where the settings should apply.
3. In [POP and IMAP Access], check the [Disable POP and IMAP access for all users] checkbox.

Disable Auto-Forwarding

Reference: 自動転送を無効にする - G Suite 管理者 ヘルプ

1. Access [Apps] > [G Suite] > [Gmail Settings] > [End User Access].
2. In [Organization], select the domain or organizational unit where the settings should apply (for details, see adjusting Gmail settings for your organization).
3. In the [Auto-forwarding] section, uncheck the [Allow users to automatically forward incoming emails to another email address] checkbox.

Google Drive Sharing Permission Settings

• ドライブ ユーザーの共有権限を設定する - G Suite 管理者 ヘルプ

Restrict Sharing with Domains Not on Whitelist

In Google Drive’s global settings, configure to allow external sharing only to domains included in the whitelist.

From [Sharing Settings] - [Sharing Options], select Whitelisted Domains and enable the following two settings:

• ✅ Warn when [Organization Name] users share files owned by them with users from whitelisted domains
• ✅ Allow [Organization Name] users to receive files from users outside of whitelisted domains

Management of Files Stored in Shared Drives

From [Content Distribution Outside [Organization]], I selected Don’t allow anyone.

Shared Drive Restrictions

• 共有ドライブの制限 - G Suite 管理者 ヘルプ

Shared Drive and Folder Structure

Please refer to the article on this site: Google Drive 共有ドライブ・フォルダ おすすめ構造 [法人向け] .

Allowing Sharing with External Accounts in Shared Drives

• G Suite の特定のチームドライブのみ社外アカウントとの共有を許可したい｜スミニヤシ｜note

Google Groups

Please refer to Wataru Yoshida’s article:

Googleグループの設定と管理｜吉田航｜note

Email Security Enhancement

Following the G Suite Administrator Help, configure all of DKIM, SPF records, DMARC, MTA-STS, etc.

• メールのセキュリティを強化する - G Suite 管理者 ヘルプ

That’s all about wanting to cover the points that G Suite administrators should configure from the Gemba.