Tag Archives: Admin Console

Google Workspace Updates Weekly Recap – April 12, 2024

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


Address access permissions for Google Drive embeds in Google Sites 
When adding embedded content from Google Drive into a Google Site, such as a PDF, document or presentation, site editors will now be prompted to address potential access permissions. The notification will also appear when site editors are publishing the site or sharing it with other site collaborators and viewers. This will ensure other site collaborators or viewers have permission to edit or view embedded Drive content when collaborating on a site. | Rolling out to Rapid Release domains now; launch to Scheduled Release domains planned for April 25, 2024. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Learn more about adding Google files, videos, website content, & more.
Address access permissions for Google Drive embeds in Google Sites

Track usage for Gemini for Workspace users in the Admin console
We recently announced the Gemini Business add-on which provides a subset of generative AI features, subject to monthly usage limits. Gemini Business customers can now check a user’s Gemini limit status in the admin console. For Gemini Enterprise and Gemini Business customers, admins can check their user’s last Gemini usage date as well. | Gemini usage and limit status reports are now available. | Learn more about Usage limits in Gemini for Google Workspace.




Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Introducing the AI Meetings and Messaging for Google Workspace add-on 
As we continue to expand our Gemini for Google Workspace offerings, we're excited to introduce the AI Meetings and Messaging add-on, which will help you have richer meetings and foster more meaningful collaboration. | Learn more about the AI Meetings and Messaging add-on

Introducing a new AI Security add-on for Google Workspace  
The AI Security add-on will give customers access to the AI Classification capability in Google Drive. AI Classification allows IT teams to automatically and continuously identify, classify, and label sensitive files across the organization. | Learn more about the AI Security add-on

Control your users’ access to new Gemini for Google Workspace features before general availability
We’re introducing a new setting in the Admin console which will give Gemini customers the ability to test Gemini for Google Workspace alpha features before they become generally available. Specifically, admins will be able to turn on alpha features for all Gemini provisioned Workspace users or for a subset of Gemini users in a particular Organizational Unit (OU) or Group. | Learn more about accessing Gemini for Google Workspace features

Protect sensitive admin actions with multi-party approvals 
To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. | Learn more about multi-party approvals.

Changes to displaying the “deprovisioned” status for Google Meet hardware devices 
We are removing the “deprovisioned” state from the Admin console. You’ll no longer see devices in this state from the device status page (Devices > Google Meet Hardware > Devices), nor will you be able to filter for those labels. | Learn more about statuses for Google Meet hardware devices.



For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).   




Changes to displaying the “deprovisioned” status for Google Meet hardware devices

What’s changing 

Back in 2021, we introduced the “enrollment privilege”, which restricts who in your organization can enroll or re-enroll Google Meet hardware devices. Prior to introducing this privilege, Admins had to put devices in a “deprovisioned” state to prevent end users from re-enrolling devices until they were moved to a “pending” state. 



Since the enrollment privilege makes those labels obsolete, we are removing the “deprovisioned” state from the Admin console. You’ll no longer see devices in this state from the device status page (Devices > Google Meet Hardware > Devices), nor will you be able to filter for those labels.


Getting started

  • Admins: 
    • Visit the Help Center to learn more about enrolling and re-enrolling  Google Meet hardware devices into your organization, as well as licensing FAQs.
    • To prevent unauthorized users from re-enrolling devices, opt in to Enrollment Privilege Enforcement: Menu > Google Meet hardware > Settings > Service Settings and toggle ‘Require enrollment privilege’ to ON.
  • End users: There is no end user impact or action required.

Rollout pace

  • Available now.

Availability


Protect sensitive admin actions with multi-party approvals

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing

To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. Multi-party approvals will be required for the following settings:
  • 2-Step verification
  • Account recovery
  • Advanced Protection 
  • Google session control
  • Login Challenges
  • Passwordless (beta)
This feature is available for eligible Workspace customers with multiple super admin accounts — see the “Getting started” section below for more information.


Who’s impacted

Admins


Why it’s important

Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action. Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions.


Outlined below is an example of the feature in action, in this case there is an attempt to make a change to 2-step verification policies:

When 2-step verification changes are attempted, admins will be required to submit the change to a super admin for approval.

Super admins can review and take action on these requests in the Admin console by navigating to Security > Multi-party approval. Super admins will also receive email alerts when a 2-step verification change is requested or any other protected action is attempted.

Admins can open a specific approval request to view more information including who is impacted by the change, what the configuration was before the change and what it will be after the change.

Getting started

  • Admins: 
    • This feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approvals are OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approvals for sensitive actions.


Rollout pace


Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers


Control your users’ access to new Gemini for Google Workspace features before general availability

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing

We’re introducing a new setting in the Admin console which will give Gemini customers the ability to test Gemini for Google Workspace alpha features before they become generally available. Specifically, admins will be able to turn on alpha features for all Gemini provisioned Workspace users or for a subset of Gemini users in a particular Organizational Unit (OU) or Group.

To configure Gemini access features, go to Account settings > Gemini for Google Workspace



Who’s impacted

Admins and end users


Why it matters

As our Gemini for Workspace offerings continue to evolve, you may consider allowing your users to test Gemini features in alpha. This will give your users a head start on leveraging our latest AI features and provide Google with helpful feedback to improve Gemini features before they’re generally available. Alpha features get the same robust data protection standards that come with all Google Workspace services.

Getting started

        Please consider the following before configuring alpha access for your users:
    • Your users will receive all Gemini for Workspace alpha features — it is not possible to enable a subset of features or opt-out of specific features. 
    • Features will appear in alpha as soon as they are available — there is no advanced notice of these features appearing for Gemini  for Workspace alpha provisioned users.
    • As these features are not yet generally available, we will not offer full support for these features. Alpha features get the same robust data protection standards that come with all Google Workspace services.
    • You can also help us improve Gemini for Workspace by allowing users at your organization to provide feedback via research studies and surveys
Additionally, we strongly recommend that you and your users sign up for the Google Workspace alpha community page. Subscribing to this page will help users stay on top of the latest Gemini for Workspace alpha features. You can also ask questions about the features on this page.

Rollout pace


Availability

Google Workspace Updates Weekly Recap – April 5, 2024

1 New update

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


Simplified troubleshooting of user issues in the Admin console
When viewing a user’s detail page in the Admin console, you’ll notice new “Investigate”, “Security”, and “Groups” tabs. Within these tabs, you can find all user-related information from security alerts to audit logs, group memberships, and security policies applied to the user. You can click out to the relevant sections of the Admin console where you can find more information on the event and take action if needed. Centralizing this information should reduce the time and effort required by admins to assess and take action on user issues. | This is available now to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade and Frontline customers. | Learn more about investigating user problems with log events.
Simplified troubleshooting of user issues in the Admin console



Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Assign the audit and investigation privilege on a per-application basis 
When delegating admin privileges for the Audit and Investigation Tool, you can now restrict access levels to audit data on a per application basis (eg: Admin, Drive logs etc.). This change ensures that access isn’t too broadly provisioned and delegated admins only have access to the apps relevant to their scope. | Learn more about assigning privileges.



Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).  

Assign the audit and investigation privilege on a per-application basis

What’s changing

When delegating admin privileges for the Audit and Investigation Tool, you can now restrict access levels to audit data on a per application basis (eg: Admin, Drive logs etc.). This change ensures that access isn’t too broadly provisioned and delegated admins only have access to the apps relevant to their scope.

Assigning access levels for audit data on a per application basis



Getting started


Rollout pace



Select App Access Controls can now be applied at the organizational unit

What’s changing 

Google Workspace Admins can now configure a number of App Access Control (AAC) policies at the Organizational Unit (OU) level. Previously, this was only possible at the domain level. Specifically, this applies to: 


Who’s impacted

Admins


Why it’s important

We know that users rely on a variety of tools to do their best work, including third-party apps. However, not every third-party app aligns exactly with every organization’s security policies. App access controls give customers and partners the ability to control access to third-party apps and how those apps access Google Workspace data. This update gives admins added flexibility, allowing them to set App Access Controls as they see fit at the OU level, rather than across their entire domain.


Additional details

For Google Workspace education editions, the “User requests to access unconfigured apps setting” can now be configured at the OU level. Visit the Help Center to learn more about managing access to unconfigured third-party apps for users designated under the age of 18.

Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers

Resources


Application load failures are now captured for the Google Meet hardware devices

What’s changing

In November 2023, we announced a series of improvements for managing Google Meet hardware devices, which included surfacing additional information about device issues, such as a description of the issue, when the issue was detected, and more. Today, we’re adding an additional data point: admins can now see when the Google Meet app fails to load for a device.


“Application load failures” will now be displayed in the “Device status” column.


When you click on the alert, you’ll see more detailed information on the error.






Getting started

  • Admins: 
    • To filter for devices that are in the “Application load failure” state specifically, navigate to Admin Console > Google Meet hardware > Devices > Filter by ‘Device Status’ and select ‘Application load failure’.
    • Visit the Help Center to learn more about understanding device usage in your organization.
  • End users: There is no end user impact or action required.

Rollout pace



Availability

  • Available to all Google Workspace customers with Google Meet hardware devices

Resources


User enrollment for managed iOS devices is now generally available

What’s changing 

In late 2023, we introduced user enrollment in beta, an additional option for iOS mobile management. User enrollment separates work and personal data on iOS devices, giving admins control over Workspace data on the device while users retain privacy over their personal data. Beginning today, user enrollment is now generally available. For more information, use our Help Center or reference our original announcement.


Getting started



Rollout pace


Availability

  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Enterprise Essentials, Enterprise Essentials Plus, Frontline Standard, Frontline Starter, Business Plus, Cloud Identity Premium, Education Standard, Education Plus and Nonprofits customers.


Migrate email data from one Google Workspace account to another, available in open beta

What’s changing

Beginning today, a new data migration experience is available: you can migrate your users’ email data from one Google Workspace account to another in a more reliable and efficient manner. You can configure your data migration for up to 100 users at a time and also run delta migrations, which smartly brings over any newly generated data from the source without duplicating previously migrated content.

This feature is available as an open beta, which means admins can use it without enrolling in a specific beta program.


Additional details

You can find more information in our Help Center about migrating other forms of data from different types of source accounts.

Getting started

  • Admins: Visit The Help Center to learn more about the new data migration service and migrating email.
  • End users: There is no end user action required


Rollout pace

  • This feature is available now in open beta.

    Availability

    • Available to Google Workspace Business Starter, Business Standard, and Business Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Essentials Starter, Essentials, Enterprise Essentials, and Enterprise Essentials Plus, and Nonprofits customers

      Resources