CNCS - Google Classroom and Meet

In this document

Google Classroom and Google Meet are part of a suite of Google applications that make up G Suite⁽²⁾, and most aspects of the Google Classroom application configuration are defined by the System Administration teams.

About the options at G Suite administration level

The configuration of these applications should follow a set of good practices established in this domain such as, for instance, the creation of user accounts(3) adapted to the degree of permissions strictly needed, with strong passwords(4) or the removal of unnecessary accounts and permissions. Another aspect that the Systems Administration teams should take into consideration is the activation of features in accordance with the teaching methodologies adopted by educators. At this point, and according to a previous risk assessment, there are two aspects that should be checked:

regarding the privacy of the participants, you should consider whether or not to grant permissions for the recording of Meet sessions scheduled and integrated into the Classroom;
regarding the relationship between students, it should be considered whether or not to give permissions to students to create videoconference sessions (configuration option called "video call"), knowing that a student who has permission to create these sessions, by entering before the session organiser will thus take control of the session. If this is not available to students, under no circumstances does the session organiser lose control of the Meet sessions they use in the Classroom.

About the options for the organiser of videoconference sessions

From the educator's (teacher's) point of view, the options concerning security in the creation of classrooms(5) are reduced, and are limited to the creation of "classrooms" with a code and the addition of pupils into these "classrooms". There are, however, some good practices to be considered regarding the preparation of synchronous classes (through videoconferencing sessions). When you want to schedule a videoconference session through Classroom,it is recommended that the link be posted in the "classroom" with the least possible advance notice, by disabling the option "visible to students" in the "class settings" (Figure 1). The omission of this link (Figure 2) is intended to:

prevent guests from being able to enter the videoconference session before the organiser (if this happens, and if students are allowed to create videoconference sessions, the first guest belonging to the class will take control of the videoconference);
minimise the possibility of improper access being attempted and/or achieved as a result of sharing the link, if visible (Figure 3), with third parties in advance.

Figure 1

Figure 2

Figure 3

Also to avoid any of the situations mentioned above, it is recommended that for each videoconference a new link should be created (the same session should not be used every time). When managing videoconference sessions, there are some aspects that the organiser should take into consideration:

Guests with an account from the same domain as the organiser (e.g.: teacherA1@ElemSchool.com, studentA1@ElemSchool.com, studentA2@ElemSchool.com,etc.) may access the videoconference session without prior authorisation by the organiser - the same applies for accounts with @gmail.com domain;
Users with an account from the same domain as the organiser who have not been invited, but know the access code to the videoconference session, will be able to access the videoconference session without prior authorisation from the organiser;
Guests with an account different from the organiser's domain may access the videoconference session, but their entry must always be previously authorised by the organiser;
The participants in the videoconference session will always have access to the videoconference information and can even copy that information and share it (Figure 4).

Figure 4

⁽¹⁾ These recommendations are based on available information and knowledge of the Portuguese NCSC at the time of their production. Therefore, they reflect recommendations aimed only at reducing the known security and confidentiality risks in the use of the applications, not excluding special additional precautions, including external precautions to the use of the platforms regarding security and protection of users' privacy. These recommendations were produced with the collaboration of Teacher Pedro Alberto, from the Figueira Mar School Cluster, to whom we are very grateful.

⁽²⁾ https://www.dge.mec.pt/sites/default/files/roteiro_google_-_g_suite_for_education.pdf http://services.google.com/fh/files/misc/google_edu_g_suite_for_education.pdf

⁽³⁾ https://support.google.com/a/answer/9193374

⁽⁴⁾ Good practices in the use of passwords and Password: Protecting personal and corporate information

⁽⁵⁾ https://teachercenter.withgoogle.com/first-day-trainings/welcome-to-classroom

⁽⁶⁾ A guest is a user to whom the organiser has sent, via e-mail or calendar, an invitation/link to participate in the videoconference.

Last updated on 19-07-2022