Before a custom security policy can be used, it needs to be assigned to a particular domain. The organisation’s domain usually appears in their user’s email addresses. For example, for Access it would be theaccessgroup.com.
Before you can assign the custom security policy to a domain, you will need to prove ownership over that domain; essentially proving that you/the organisation owns and controls that domain.
The process we use to prove ownership over the domain is quite a known industry standard for domain ownership verification. It will require the owner of the domain to put a particular verification code we provide on their DNS (Domain Name Server) record.
We can then look up that verification code and thus verify that they must have the control over that domain.
Click your name at the top right-hand corner.
Click My Account.
Click Domains in the left hand panel.
Click Add Domain.
Provide the domain name for the organisation (i.e. the part after the @ in an email address).
Add any owners that should be able to own or control that domain.
Click Save changes.
Copy the verification Code into your domain name's DNS zone file.
Use the following information to create your TXT record:
Host: @
Type: TXT
Value: The entire verification code we gave you
Once the domain has been verified the owners will be able to assign a security policy to it.
Once the domain and owners have been setup, owners will then see the domain appearing in the list of unverified domains. Once the domain has been verified, it will move from the unverified domain list to the verified domain list. From this screen, the owner will be able to look at any security policies currently assigned to the domain or even remove the domain if required.
When a domain is initially verified, it will have the default security policy assigned to it.
If an owner clicks to edit the domain, they will then be able to change the owners and assign a particular security policy, for example the custom security policy they created in the last step. They will also be able to set whether the domain/security policy is enabled or not.
Once a security policy has been assigned to a verified domain and set to enabled, it will then cause all users signing in with that domain in their email address to have the security policy settings applied to their account.