Category Archives: Apps Feed Blog

The feed from the Google Apps team

Greater protection and control with three Gmail security tools

What’s changing

We’re making three Gmail security features generally available (GA). The features were previously in beta. Check out the linked announcements for more information on each:

  • Security sandbox, which detects the presence of previously unknown malware in attachments by virtually "executing" them in a private, secure sandbox environment. Learn more.
  • Advanced phishing and malware protection, which provides new controls to place emails into a quarantine, protect against anomalous attachment types, and protect your Google Groups from inbound spoofing emails. Learn more.
  • Gmail confidential mode, which provides built-in information rights management controls in your emails by allowing senders to create expiration dates and revoke previously sent messages. Learn more.

Who’s impacted

Admins and end users

Why you’d use it

When you deploy and manage security tools at scale, you can more effectively protect your users from threats. With these features now in GA, everyone in your organization—from admins to end users—is more secure.

How to get started


  • Admins:
    • Security sandbox: Note: available to G Suite Enterprise and G Suite Enterprise for Education editions only. Find and turn on the beta security sandbox feature at Admin console > Menu > Apps > G Suite > Gmail > Advanced settings. Use our Help Center to find more information on how to detect harmful attachments.
    • Advanced phishing and malware protection: Find and control these features at Admin console > Menu > Apps > G Suite > Gmail > Safety. You’ll find new options for anomalous attachment and groups spoofing protections, and see the quarantine option available for all controls. Use our Help Center to learn more about how to enhance phishing and malware protection.
    • Gmail confidential mode: This feature is on by default so no action is required to get started. To disable the feature, navigate to Admin console > Apps > G Suite > Settings for Gmail > User settings.
  • End users:
    • Security sandbox: No action needed.
    • Advanced phishing and malware protection: No action needed.
    • Gmail confidential mode: Follow the steps in this Help Center article to send and open confidential emails.

Helpful links



Availability

Rollout details

  • Security Sandbox
  • Advanced phishing and malware protection
    • Rapid Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on June 25, 2019.
    • Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on June 25, 2019.
  • Gmail confidential mode

G Suite editions

  • Security Sandbox
    • Available to G Suite Enterprise and G Suite Enterprise for Education.
    • Not available to G Suite Basic, G Suite Business, G Suite for Education, and G Suite for Nonprofits.
  • Advanced phishing and malware protection
    • Controls are available to all G Suite editions.
    • Chart to view affected emails available is part of the security center and so is available to G Suite Enterprise edition only.
  • Gmail confidential mode:
    • Available to all G Suite editions.

On/off by default?

  • Security sandbox: This feature will be OFF by default and can be enabled at the OU level.
  • Advanced phishing and malware protection: This feature will be ON by default.
  • Gmail confidential mode: This feature will be ON by default.

Stay up to date with G Suite launches

Use security codes to log in where security keys won’t work directly

What’s changing 

We’re adding an option for G Suite users to log in using security codes. A security code is a one-time use code, generated using a security key, that can be used to log in on legacy platforms where security keys aren’t supported directly.

Security codes will be available by default for some users:

  • Users subject to “Any” or “Any except verification codes via text, phone call” 2-Step Verification policies 
  • Users which are not subject to a specific 2-Step Verification policy, but that have chosen to use a security key. 


If you currently use an “only security key” policy and wish to allow security codes, an admin can choose turn security codes on for specific users (see more below).

Find out more about how to select a 2-Step Verification method to enforce here.

Who’s impacted 

Admins and end users

Why you’d use it 

Security keys increase account security significantly. While most modern systems support the use of security keys, some do not. For example, security keys often don’t work with Internet Explorer and Safari, iOS apps, remote desktops, and legacy applications that don’t support FIDO protocols. With this launch, users can now generate a security code with their security key, which can then be used to authenticate their login attempt where the security key itself won’t work.

For example, a user may need to access a web application that federates their Google identity, but only works on Internet Explorer 11. While the browser can’t communicate with a security key directly, the user can open a Chrome browser and generate a security code, which can then be entered in Internet Explorer to gain access to the application.

Security considerations 
Before enabling this new policy, carefully evaluate if your organization needs security codes. Using security keys without security codes helps to provide maximum protection against phishing. However if your organization has important workflows where security keys can’t be used directly, enabling security codes for those situations may help improve your security posture overall. 

How to get started 

Admins:

  • Domains that currently enforce an “only security key” policy can turn on security codes by going to Admin Console > Security > Advanced security settings and selecting “Users may utilize security code”. Use our Help Center to find out more about security codes. Domains that currently enforce other 2-step verification policies will have the feature turned on by default. 

End users:

  • For users in domains which enforce “Any” or “Any except verification codes via text, phone call” 2-Step Verification policies the feature will be enabled by default. 
  • For users in domains which enforce an “only security key” policy, no action is needed until an admin turns the feature on. 
  • Once enabled, when a user who can use security codes navigates to a page which requires a security key, they will see “Having trouble” or “Try another way.” Once they click on one of those options, they will be able to “Get a one-time security code”. This will link to a page that prompts them to enter their security code, and also tells them where to go (https://g.co/sc) to generate a security code if they don’t have one yet. 



Helpful links 

Help Center: Deploy two-step verification and allow security codes 
Help Center: Security controls and two-step verification

Availability 

Rollout details 

  • Rapid Release domains
    • For domains which currently enforce an “Any” or “Any except verification codes via text, phone call” policy, the feature will be enabled for users in a gradual rollout (up to 15 days for feature visibility) starting on June 24, 2019 
    • For domains which enforce an “only security key” policy, the admin console setting to allow users to utilize security codes will appear in the admin console in a gradual rollout (up to 15 days for feature visibility) starting on July 8, 2019. 
  • Scheduled Release domains
    • For domains which currently enforce an “Any” or “Any except verification codes via text, phone call” policy, the feature will be enabled for users in a gradual rollout (up to 15 days for feature visibility) starting on June 24, 2019 
    • For domains which enforce an “only security key” policy, the admin console setting to allow users to utilize security codes will appear in the admin console in a gradual rollout (up to 15 days for feature visibility) starting on July 8, 2019. 


G Suite editions 
Available to all G Suite editions

On/off by default? 

  • Security codes will be ON by default for domains which currently enforce “Any” or “Any except verification codes via text, phone call” 2-Step Verification policies. 
  • Security codes will be OFF by default for domains which currently enforce an “only security key” policy, security codes will be off by default and admins enable them at the domain, OU, or group level.


Stay up to date with G Suite launches

Mark PDFs, images, and Microsoft Office files as offline in Drive, launching to beta

What’s changing 

You can already make Google Docs, Sheets, and Slides files available offline. Now, as part of a new beta, you can mark also PDF, image, Microsoft Office, and other non-Google files for offline access using Google Drive on Chrome.

To learn more about the beta and to apply, see here.

Who’s impacted 

Admins and end users


Why you’d use it 

This feature helps complete the offline experience for Google Drive. Now, users can access their important non-Google files in an offline setting, like when they’re traveling or when there’s poor internet connectivity.

How to get started 




  • End users
    • First, enable offline from within the Drive or Docs settings
    • Next, sign into Chrome with the account associated with the whitelisted Google Group and access Drive File Stream. 
    • To mark the non-Google files as available offline, right click on a file and select “Make available offline.” You can use the offline preview feature as well. 


Additional details 

Note that while this feature is not currently supported in ChromeOS, we’re working on bringing these offline capabilities to ChromeOS in the future.

Additionally, users can also right click and open any non-Google files using native applications. By doing so, you can make an Office file available offline and—while offline—open that file using the native Microsoft Office application.

Helpful links 



Availability 

G Suite editions 

  • Available to all G Suite editions 

On/off by default? 

  • Once accepted into the beta, this feature is ON by default when: 
    • Offline is enabled for the domain. 
    • Users have Drive File Stream installed and offline is enabled in Google Drive or Google Docs settings.

Stay up to date with G Suite launches

Five new third-party applications added to G Suite pre-integrated SAML apps catalog

What’s changing 

We’re adding SAML integration for five additional applications:
  • Firstbird
  • Foodee
  • Hive
  • LaunchDarkly
  • RECOG
Use our Help Center to see the full list of SAML apps and find out how to configure SAML applications.

Who’s impacted 

Admins only

Why you’d use it 

With Single-Sign-On (SSO), users can access all of their enterprise cloud applications—including the Admin console for admins—after signing in just one time. Google supports the two most popular enterprise SSO standards, OpenID Connect and SAML, and there are already many applications with pre-integrated SSO support in our third-party apps catalog.

How to get started 

  • Admins: You can find our full list of pre-integrated applications, as well as instructions for installing them, in the Help Center.
  • End users: No action needed.

Additional details 

Note that apart from the pre-integrated SAML applications, G Suite also supports installing “Custom SAML Applications,” which means that admins can install any third-party application that supports SAML. The advantage of a pre-integrated app is that the installation is much easier. Use out Help Center to learn more about installing Custom SAML Applications.

Helpful links 

Help Center: Using SAML to set up federated SSO 
Help Center: Set up your own custom SAML applicationAvailability 

Rollout details 

G Suite editions 
Available to all G Suite editions.

On/off by default? 
This feature will be OFF by default and can be enabled at the OU level.

Stay up to date with G Suite launches

Create rubrics in Classroom with a new beta

What’s changing 

You can now create rubrics in Classroom as part of a new beta. Classroom instructors and admins can request to be whitelisted for this beta by filling out this form.

Who’s impacted 

Admins and end users

Why you’d use it 

Rubrics are commonly used with complex assignments that require multiple steps and criteria. Now, educators can create and attach a rubric to an assignment as a guideline for students and to refer back to when understanding their grades.

For business users, rubrics can be used to assess strategies in marketing plans or to evaluate performance in key areas of the business.

With this beta, users can create rubrics that meet their specific needs, making it faster and easier to deliver rich feedback to key stakeholders.

How to get started 

  • Admins and Classroom instructors: Apply for the beta here

Additional details 

This beta is covered by Classroom’s terms of service and privacy policy. This means teachers and instructors can request to be individually whitelisted for this beta. Admins can request access for their domain or a specific group of users.

Helpful links 

Availability 

G Suite editions 
  • Available to all G Suite editions

On/off by default? 

  • This feature will be OFF by default. Once accepted into the beta, it can be enabled at the domain and group level.

Stay up to date with G Suite launches

Gradebook in Classroom now generally available

What’s changing 

Last year, we announced a beta for Gradebook in Classroom. Gradebook makes grading easier, allowing teachers to keep their assignments and grades in a single place in Classroom. This feature is now generally available.

Gradebook for Google Classroom

Who’s impacted 

End users

Why you’d use it 

Better grading in Classroom 
One of the top requests from educators is an improved grading workflow. Gradebook allows teachers to easily input and view grades across their classes and students. With the ability to view all assignments and grades in one place, teachers can stay organized and holistically follow the performance of an entire class over time. To learn more about our grading improvements for Classroom, see our post on the Keyword.

How to get started 

  • Admins: No action required. 
  • End users: To get started with Gradebook, log in to Classroom and click on the Grades tab at the top of the page. 

Helpful links 

Availability 

Rollout details 
G Suite editions 
  • Available to all G Suite editions 
On/off by default? 
  • This feature will be ON by default.

Stay up to date with G Suite launches

New features for Slides Present mode

What’s changing 

We’re adding new features in Slides Present mode to make navigating a presentation easier while you’re presenting. With these new features, you’ll be able to:

  • Resize speaker notes and slide thumbnails in the presenter view 
  • Navigate to any specific slide with a keyboard shortcut 
  • Control video playback with keyboard shortcuts 
  • View all available Present mode keyboard shortcuts by clicking the new “tips” button in the presentation control bar. 

Who’s impacted 

End users

Why you’d use it 

On a small screen, it's sometimes tough to see your upcoming slides and read your speaker notes. Now, you can easily resize these components and confidently present, regardless of the device you’re using.

Additionally, our new keyboard shortcuts make moving through slides while presenting easy. Whether you need to quickly pause a video to answer a question, or jump to a specific slide to revisit a talking point, you can now quickly navigate and control the presentation with your keyboard.

How to get started 


  • Admins: No action required. 
  • End users: 
  • To resize speaker notes, in the toolbar select Present > Presenter View and drag the separator line between the slide preview and speaker notes accordingly. 



  • To view a list of new keyboard shortcuts press Present > Tips: 



Helpful links 



Availability 

Rollout details 



G Suite editions 
Available to all G Suite editions

On/off by default? 
This feature will be ON by default.


Stay up to date with G Suite launches

Use an Android phone for 2-step verification on iOS devices

Quick launch summary 

Earlier this year we announced the ability to use your Android phone’s built-in security key for two-factor authentication in G Suite.

Now, you can use devices with Android 7.0+ (Nougat) to verify your sign-in to Google and Google Cloud services on Apple iPads and iPhones.
To learn more about using your Android phone’s built-in security key to verify sign-in on iOS devices, see our Security Blog


Availability 

Rollout details 
G Suite editions 
  • Available to all G Suite editions 
On/off by default? 
  • If 2-Step Verification or Security Key Enforcement is turned on for an organization, Android phone will be available as an option for security keys by default. 

Use an Android phone for 2-step verification on iOS devices

Quick launch summary 

Earlier this year we announced the ability to use your Android phone’s built-in security key for two-factor authentication in G Suite.

Now, you can use devices with Android 7.0+ (Nougat) to verify your sign-in to Google and Google Cloud services on Apple iPads and iPhones.
To learn more about using your Android phone’s built-in security key to verify sign-in on iOS devices, see our Security Blog


Availability 

Rollout details 
G Suite editions 
  • Available to all G Suite editions 
On/off by default? 
  • If 2-Step Verification or Security Key Enforcement is turned on for an organization, Android phone will be available as an option for security keys by default.