How to view video closed captions and transcripts

Transcript

0:06 
Hello. Let's look at a sample of a recommended higher education OU structure for Google Workspace. The first thing we like to do immediately from the root of the OU structure is to break things down into two OUs.

0:20 
One for faculty and staff and one for students. This separation allows us to take any of the core apps or additional services, turn them on or off for faculty and staff or students very easily in one place, in one click, and get a large portion of our Google Workspace environment set up very quickly.

0:42
Once we have that done, we'll go deeper into the faculty and staff OU structure. We're creating containers to hold users, groups, and computers enabling us to apply admin console settings to those OU.

0:57
Anytime we want to apply different settings or applications to a different group of staff users, we will create an OU.

1:05
We can have an OU for the various staff roles, including department, staff, and our faculty. Under the staff rules ou, we'll create subu for HIPAA sensitive data and another for non HIPPA or non-sensitive data.

1:22
These sub-OUs inherit their parents' OU settings. Then we can change settings to be more specific or granular for these sub-OU.

1:31
For instance, campus health center employees would need access to HIPAA protected data, putting those users in a HIPAA sensitive data.

1:40
OU let us wrap security controls around that OU. We can also have a staff OU for our IT department, which includes our super admins.

1:50
With this structure, we can apply different settings and applications for faculty and staff roles versus IT and super admin staff.

2:00
Next, we will move to the student OU structure. What we want to do under the student OU structure first is create our divisions.

2:08
We'll make an active OU and an alumni OU. This lets us apply settings and set up absent extensions appropriate for current students.

2:18
Separate from those who have graduated some other lifecycle management OU, we recommend under the root includes suspended service accounts and shared drives.

2:31
A suspended OU for long-term suspended accounts is a great idea. And of course, having a data removed sub OU under suspended is a great way to distinguish between newly suspended accounts that contain data and those suspended accounts where data was removed.

2:49
A service accounts OU can be used for admin roles you've assigned to those accounts rather than assigning to a user.

2:58
One last thing we'll create is a shared drives OU from managing settings for shared drives, including the default OU for new shared drives.

3:08
It is important to note you can't control settings of shared drives by moving them to an OU.