What’s changing 

Consolidated Google Groups audit logs are now available in the G Suite AdminSDK Reports API and GCP Cloud Audit Logs. Specifically you’ll notice:

• Changes in the G Suite AdminSDK Reports API: We’re introducing a new consolidated log named groups_enterprise, which includes changes to groups and group memberships across all products and APIs. These were previously split across the groups and admin audit logs. 
• Changes in GCP Cloud Audit Logging: We’re adding Google Groups information to Cloud Audit Logs (CAL) in Stackdriver. See our Cloud Blog post for more details on how this could help GCP customers. Note that this will not change visibility of these logs in the G Suite Admin console - it just adds them to Cloud Audit Logs (CAL) in Stackdriver as well. 

Who’s impacted 

G Suite and GCP Admins only

Why you’d use it 

These changes will help improve the security and usability of Groups as an IAM tool by streamlining administration, transparency, and access monitoring.

How to get started 

• Admins: 
• Changes in the G Suite AdminSDK Reports API: Get started with the AdminSDK Reports API. 
• Changes in GCP Cloud Audit Logging: This is an opt-in feature that can be enabled at G Suite Admin console > Company profile > Legal & Compliance > Sharing options. 
• End users: No action needed. 

Additional details 

Changes in the G Suite AdminSDK Reports API 
Changes to groups have historically been logged in either the groups or admin audit logs. Changes made in the Google Groups product are logged in the groups log while changes made through admin tools like the Admin console, AdminSDK, and GCDS are logged in the admin log. As part of our efforts to streamline administration and increase transparency, we’re introducing a new consolidated log named groups_enterprise, which includes changes to groups and group memberships across all products and APIs. This new log is now available through the AdminSDK Reports API and will be available in the Admin console in the future.

Changes in GCP Cloud Audit Logging 
Google Groups are the recommended way to grant access to GCP resources when using IAM policies. GCP customers have told us that having group audit logs available in Google Cloud Audit Logs would help streamline security and access monitoring. With that in mind, we’re adding Google Groups information to Cloud Audit Logs (CAL) in Stackdriver. See our Cloud Blog post for more details on how this can help GCP customers.

Helpful links 

Cloud Blog: Integrated Google Groups Audit Transparency from G Suite to GCP Cloud Audit Logs 
Get started with the G Suite AdminSDK Reports API 

Availability 

Rollout details 

• Rapid Release domains: Full rollout (1-3 days for feature visibility) starting on May 1, 2019 
• Scheduled Release domains: Full rollout (1-3 days for feature visibility) starting on May 1, 2019 

G Suite editions 

• Google Groups are available to all G Suite editions. 

On/off by default? 

• G Suite AdminSDK Reporting API for consolidate group events will be ON by default. 
• GCP Cloud Audit Logging for groups will be OFF by default and can be enabled at the domain level.

Stay up to date with G Suite launches

• Get G Suite product update alerts by email
• See the G Suite launch release calendar
• Subscribe to the RSS feed of these updates

Source: G Suite Updates Blog