25 Handling untrusted files at rendering distance
A working habit rather than a setting: untrusted files are opened at a distance — previewed in the browser, converted to Google format, or opened in a disposable quarantine account — so macros, embedded exploits and vulnerable local renderers never execute on a machine that holds credentials. No single Admin Console screen implements it; the adjacent technical enforcement lives in Gmail Safety (23 Gmail Security Sandbox + safety-toggle verification), Apps Script governance (65 Apps Script / add-on / AI-agent governance) and DLP (26 DLP rules (Drive/Gmail/Chat)), and the habit itself is carried by training.
Caveats
This is a process control — it is carried out offline, so there is no Admin Console walkthrough to show.
Ongoing maintenance
- requires a human Annually: repeat the drill and refresh the procedure for new file types.
How to verify
Run the drill: hand a staff member a plausible untrusted attachment and watch whether the documented rendering-distance procedure is followed.
v0.0.1Prevent policy #7 · #42, #9 ↗