GAT Shield is a chrome extension deployed to domain users. This extension allows the Google Workspace Super Admins to view and audit the browsing activity of the entire domain users.
It is a DLP solution for a Google Workspace domain, allowing Google Admin to set up and use the tool as a Web Filter for the users and enabling Alerts to be generated based on the user browsing behavior while using GAT Shield in the Chrome browser. Admin can define what data will be monitored on the deployed extension.
Admins can choose to monitor users by Network, Users, and Chrome Device Monitored.
Navigate to GAT Shield > Configuration > Monitoring Ranges
Network monitored #
Admin can select Network Monitored – Allowlist.
Network monitored list
- If blank GAT Shield will collect data and sync configuration for all networks, else only for specified network/hosts.
- Use a single host address (eg. 184.108.40.206) or network address (eg. 220.127.116.11/8).
- For network addresses (that must end with a CIDR) Shield will collect data for all hosts inside this network. Use a semicolon to separate addresses.
- For a device with multiple IP addresses (on different interfaces) if just one address matches the allow list then the device will be considered to be allowed.
Network not monitored list
- Shield UUID(s) exclusions from the allow list. Overrides above rule.
Users monitored #
Fill in the details for Users monitored.
Users monitored list:
- If blank GAT Shield will collect data and sync configuration for all users, else only specified. Start typing for suggestions.
Users not monitored list:
- If set GAT Shield will NOT collect data and sync configuration for users specified. Overrides above rule. Start typing for suggestions.
Chrome Devices monitored #
Admins can select to monitor by Chrome Device, based on device serial number. Select all registered Chrome devices at once.
This is particularly useful for schools as it allows Admins only to monitor activity on school-owned Chromebooks.
Device monitored list:
- If blank GAT Shield will collect data and sync configuration for all devices, else only specified.
Devices not monitored list:
- If set GAT Shield will NOT collect data and sync configuration for devices specified. Overrides above rule.
Enrolled devices only:
- Monitor ONLY enrolled ChromeOS Devices with known serial numbers. Devices that are NOT enrolled ChromeOS devices will NOT be monitored.
IP Mapping #
An admin can perform IP Mapping – which allows them to add an IP address and set it up to a specific name.
The IP can be added to a meaningful name for convenience and visibility in other sections of the tool, where the IP is visible.
IPs Exclusion #
Set up Private IPs to be excluded from the User/Device Geo Reporting.
Private IP exclusions
- List of private IPs, semicolon-separated (max .8192 characters / 512 IP enries)
- Private IPs specified here will be ignored in the User/Device Geo Reporting module. CIDR notation (eg. 192.168.0.15/24) is not supported.