Details
Google Chrome offers to sign-in with your Google account and use account related services like Chrome sync. It is possible to sign-in to Google Chrome with a Google account to use services like synchronization and can also be used for configuration and management of the browser.
Disable browser sign-in (0)
Enable browser sign-in (1)
Force users to sign-in to use the browser (2)
The recommended state for this setting is: Enabled with a value of Disable browser sign-in (0)
NOTE: If an organization is a Google Workspace Enterprise customer they will want to leave this setting enabled so that users can sign in with Google accounts.
Rationale:
Since external accounts are unmanaged and potentially used to access several private computer systems and many different websites, connecting accounts via sign-in poses a security risk for the company. It interferes with the corporate management mechanisms, as well as permits an unwanted leak of corporate information and possible mixture with private, non-company data.
Impact:
If this setting is configured the user can not sign in to the browser and use google account based services like Chrome sync.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Enabled: Disable browser sign-in
Computer ConfigurationAdministrative TemplatesGoogleGoogle ChromeBrowser sign in settings
Default Value:
Unset (Same as Enabled: Enable browser sign-in, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.