Tag Archives: Admin Console

Secure corporate data on employee iOS devices with managed apps

To better protect the G Suite data stored on your employees’ personal iOS devices, you can now specify that certain iOS apps be “managed” if your domain has advanced mobile device management enabled.

If an app is managed, you can:
  • Prevent the app’s data from being backed up to iCloud.
  • Block unmanaged apps from opening managed app files.


Note that these actions will impact both personal and corporate data on managed apps. Visit the Help Center for more information on how to manage apps on iOS devices.

Designate an app as managed
When you whitelist a new app for iOS devices, you can now choose to “Make this a managed app.” Once you make the app managed, you can also select to have it automatically removed from a device if that device’s MDM profile is removed.

When you whitelist a new app for iOS devices, you can now make it “managed.”


If you previously whitelisted an app, you can make it managed by changing that app’s settings in the Admin console.
You can make an app you’ve already whitelisted managed by editing the app’s configuration in the Admin console.


User notifications and required actions
If you designate an app as managed, any users with that app downloaded will be prompted to update it in their Google Device Policy app.

Users will be prompted to update apps that are marked as managed by their admins. 

Users need to accept management of their apps or they’ll lose access to all corporate data on their phone.


If a user doesn’t take action within 12 hours of receiving the notification, they’ll receive another notification prompting them to make the required apps managed.


If a user doesn’t take action within 24 hours of receiving the notification, they’ll no longer be able to access corporate data anywhere on their device.


Note that if you make a previously managed app “unmanaged,” users will need to remove the Google Apps Device Policy Payload Profile before the app becomes unmanaged.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Extended rollout (potentially longer than 15 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action suggested/FYI

More Information
Help Center: Recommend and manage iOS apps


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

New insights into user account security with G Suite admin reports

We’re adding new tools to help admins identify suspicious activity and see the impact of security policy changes. G Suite admins have an important role in protecting their users’ accounts and ensuring their organization’s security. To succeed, they need visibility into user account actions. That’s why we’re adding reports in the G Suite Admin console that surface more information on user account activity.

Monitor suspicious account behavior 

G Suite admins can use the reports to audit and set alerts for critical user actions including:


  • Password changes 
  • Two-step verification enabling or disabling 
  • Account recovery info changes (phone number, security questions, and recovery email) 


Filter actions taken by a specific user account 

Visibility into these actions will help admins identify suspicious account behavior and detect when user accounts may have been compromised. For example, an admin might see that a user has recently changed both their password and their password recovery info. This can be a sign of a hijacker taking over the account. Using these reports an admin could track time and IP address of the changes to see if it seems suspicious. Depending on their investigation, they could then take appropriate action (eg: password reset, disable 2-step verification) to restore the user account.

Visit the Help Center to find out how to monitor user account activity and set alerts for suspicious actions.

See the impact of security policy changes 

The new reports can also be used to provide visibility into an organization's security initiatives. For example, an admin could monitor the progress of a domain-wide initiative to increase the adoption of two-step verification.

To see this report, go to the Admin console > Reports > Audit > Users Accounts.


Filter actions by date and type 

Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to all G Suite editions

Rollout pace: 
Gradual rollout (up to 15 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information 
Help Center: User Accounts audit log



Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Programmatically manage exports with the Google Vault API

We launched the Google Vault API in 2017 so that customers could integrate Vault with the other tools and processes critical to their business. We’re now improving the API by making it possible to programmatically create and manage exports, in addition to legal matters and holds.

With this launch, you can use the Google Vault API to:
  • create an export—send a request to export messages and files that match your criteria.
  • list exports—retrieve the status of all exports associated with a matter.
  • get an export—retrieve the status of an export anytime, and if the export is completed, download that export using the standard Cloud Storage API.
  • delete an export—remove an export from a matter when it’s no longer needed.
For more information, check out the Google Vault API Developers Guide.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to G Suite Business, Education, Enterprise, and Enterprise for Education editions, as well as any G Suite users with the Vault add-on license

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Google Vault API Developers Guide


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

More control over which Apps Script projects can run in your organization

You can already control the Apps Script projects that run in your organization using the G Suite API permissions settings located in the Admin console (at Security > API Permissions). Using these settings, you can block applications that request access to certain APIs—unless you’ve specifically whitelisted them. App Maker apps, add-ons, and scripts that request certain OAuth scopes (like Gmail, Calendar, Drive, etc.) are just some of the Apps Scripts projects that these settings control.

Now you can also control access to projects that request the following scopes:
  • Apps Script Runtime - Control access to projects that request certain high-risk scopes specific to Apps Script projects (e.g. UrlFetch, Container UI).
  • Apps Script API - Control access to any project (e.g. Apps Script, GCP, AWS, etc.) that requests scopes for Apps Script API (e.g. Manage Projects, Manage Deployments).


New G Suite API permissions in Admin console: Apps Script Runtime and Apps Script API

See the Help Center for instructions on whitelisting connected apps.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Whitelisting connected apps

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Manage meeting rooms efficiently with automatic room release and room insights

We want to help organizations make the best use of their space. To do that, we’re consolidating all features related to managing buildings and resources in a single dedicated place in the Admin console. We’re also introducing two new tools, room release and room insights, to help you understand your organization’s resource utilization and optimize occupancy.

A single destination for building and resource management
All features related to managing buildings and rooms are now united in a new and more prominent entry point in the Admin console called “Buildings and resources.” You can access this directly from the home screen or via Directory > Buildings and Resources in the navigation menu.



Room release based on event declines
According to an internal study, up to 40% of rooms are booked but go unused. To help your users reclaim those unused rooms, we’ll now automatically free up meeting rooms when all but one of the guests has declined the Google Calendar invitation. When the room is released, the event organizer will receive an email informing them of the change and suggesting that they reschedule or delete the meeting.



You can enable this feature for structured rooms in the Admin console by navigating to your resources and selecting the rooms you wish to enable for room releases. You then need to click "EDIT" and turn Calendar-based room releases on for your selection.



Please note, room release is only available for G Suite Business, Enterprise, Enterprise for Education, and Education editions and can only be enabled for structured rooms that are categorized as “CONFERENCE_ROOM.”

Room insights dashboard
We’re also adding a new dashboard in the Admin console for room insights. Here, you can see data such as:

  • The most and least frequently booked rooms
  • The usage and bookage rates of rooms across time zones and various room sizes
  • How many rooms could be freed up automatically with Calendar’s room release feature
You can filter this data by building, floor, room, room capacity, room features, or time period for more granularity.



With these reports, you can make better decisions about improvements to your workspace. They provide signals on where to investigate further. Some examples of insights include:

  • What are your most popular rooms?
  • Are your rooms under-utilized or over-utilized?
  • Which room sizes are most popular?
  • Which equipments drive room usage? Which A/V equipment should you invest more into?
  • When are the best times to schedule repairs and maintenance work?
  • At which times are rooms most booked, and can you educate members of your organization to shift the times when they schedule meetings?
You can access this dashboard in the Admin console in the “Buildings & resources” section.

With this launch, we’re also adding a new admin privilege, “room insights,” to grant other admins or your dedicated facilities managers the right to only view this dashboard and other resources.

Please note, this data is only available for structured resources.

Launch Details
Release track:
Both features launching to both Rapid Release and Scheduled Release

Editions:

  • Room insights: available to all G Suite editions
  • Room release: available to G Suite Business, Enterprise, Enterprise for Education, and Education editions only
Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action suggested/FYI

More Information
Structuring resources

Room release

Room insights


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Control government-backed attack alerts in G Suite

We’re adding a feature in the Admin console that can alert admins if we believe a user’s account has been targeted by a government-backed attack. If an admin chooses to turn the feature on, an email alert (to admins) is triggered when we believe a government-backed attacker has likely attempted to access a user’s account or computer through phishing, malware, or another method. It does not necessarily mean that the account has been compromised or that there was a widespread attack on an organization.

Admins can turn the feature on and off, choose to share information about the alert with others, and help secure the user’s account. Specifically admins can:


  • Turn alerts on or off. 
    • By default, no alerts will be sent. Admins can choose to turn these on in the Admin Console > Reports > Manage Alerts > Government backed attack
  • Set up default notifications for these alerts. 
    •  Admins can decide who gets notified when attacks are suspected. When the feature is first turned on, the default setting is for alerts to be sent by email to super admins of the G Suite domain. To change this, go to the Admin console > Reports > Manage Alerts > Government backed attack
  • Choose actions to take on individual alerts. 
    • Secure the account: Admins may want to take actions to secure the account
    • Alert the user: Admins may want to let the user know about the alert and any actions they have taken.      


Admin console settings for Government-backed attack warnings


Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information 
Google Security blog: Reassuring our users about government-backed attack warnings
Help Center: Fix or stop government-backed attack alerts
Help Center: Administrator email alerts


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

More customized and scalable G Suite reporting with BigQuery integration

We’re making it easy for G Suite Enterprise customers to move G Suite reporting and audit data from the Admin console to Google BigQuery. This can help you create highly customizable, comprehensive, and scalable reports to audit and analyze G Suite usage and adoption.

A new G Suite reporting option 

The Admin console already includes robust reporting to deliver insights from G Suite apps and their usage. This includes information in the Admin console’s “Reports” section, as well as the Reports API. However, some users need a more scalable solution to extract and analyze their information, which is why we’re adding the connection to BigQuery. You may want to use it to:

  • Create highly customized reports. BigQuery enables more customizable reports than those available in existing pre-defined reports in the Admin console. 
  • Keep and analyze a longer data history. BigQuery enables indefinite data storage (existing Admin console reports cover 180 days) to help long-term trend analysis. 
  • Join Google apps data with other data sets. BigQuery enables users to join other data sets, for example Payroll or Finance, to create comprehensive reports. 


Specific capabilities of the new BigQuery reports 

This integration can help you get more insight into specific areas of your organization. For example, you can:

  • Analyze individual activity behavior information for Admin, Calendar, Devices, Drive, Login, Groups, oAuth Tokens, and SAML Audit logs, as well as any forthcoming updates to the Reports API. 
  • Report aggregated usage metrics for Accounts, Google Drive, Chrome OS, Classroom, Calendar, Google+, Hangouts, Device Management, and Gmail, as well as any forthcoming updates to the Reports API. 
  • Perform advanced analysis using the BigQuery web UI, command line, or third party tools. 
  • Create custom reporting and dashboards using analytics tools like Google Data Studio and other visualization tools supported by BigQuery. 


A fast and customizable solution for analytics at scale 

BigQuery is a powerful and scalable reporting solution. Its advantages for reporting include:

  • Scalability: Customers don’t have to worry about storage limits and can store hundreds of terabytes of Google apps usage and audit data. 
  • Simple querying interface: BigQuery allows SQL-like queries to build highly customized reports without writing any code. 
  • Out-of-the-box reporting: BigQuery’s integration with various data visualization applications allows enterprise firms to generate engaging reports without custom development. 
  • Pay only if you use: BigQuery bills customers based on the number of queries that they make against their data, so billing is closely linked to actual usage. See more about BigQuery costs


See our Help Center to find out how to get connect your G Suite data to BigQuery.



Launch Details 
Release track:
Launching to both Rapid Release and Scheduled Release

Editions: 
Available to G Suite Enterprise and G Suite Enterprise for Education editions only

Rollout pace: 
Extended rollout (potentially longer than 15 days for feature visibility)

Impact: 
Admins only

Action: 
Admin action suggested/FYI

More Information
Help Center: Enable Activity and Usage logs in BigQuery


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Choose the regions where your data is stored

Our globally distributed data centers reduce latency for multinational organizations and protect their data with geo redundancy. Some organizations, however, have requirements around where their data is stored, and we’re committed to meeting their needs. As a first step toward that commitment, we’re making it possible for G Suite Business, Enterprise, and Enterprise for Education customers to designate the region in which primary data for select G Suite apps is stored when at rest—globally, in the US, or in Europe.



Set up G Suite data regions

Setting up data regions is quick and easy. There are no minimum seat requirements, you can change your covered data’s location at any time, and all data moves are completed within months. In addition, you can assign as many organizational units (OUs) to a single data region as you want, and you can have multiple regions set for the same domain.

Visit the Help Center for instructions on how to set up G Suite data regions.

Manage your data regions

We make it easy to manage your data regions on an ongoing basis. For example, when a file’s owner changes or moves to another OU, we automatically move the corresponding data accordingly—with no impact on the file’s availability to collaborators (e.g. no downtime, no read-only access restrictions, etc.). Similarly, if a new user joins your organization, their data is automatically located based on their specific OU’s policies. Finally, as an added benefit, we give admins up-to-date insight into the status of their data moves, so they can stay on top of any changes they’ve made.


G Suite data covered by data regions

At launch, you’ll be able to designate data regions for primary data in the following G Suite services: Gmail, Calendar, Drive, Hangouts Chat, Docs, Sheets, Slides, and Vault. Over time, we’ll add support for additional content and services.

Visit the Help Center for more info on how G Suite data regions can give you greater control over your data.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to G Suite Business, Enterprise, and Enterprise for Education editions only

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Choose a geographic location for your data
The Keyword: Work reimagined: new ways to collaborate safer, smarter and simpler with G Suite


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Triage and remediate threats with new investigation tool in G Suite security center Early Adopter Program

We’re launching an Early Adopter Program (EAP) for a new “investigation tool” in the G Suite security center. It will help G Suite admins and security analysts identify, triage, and remediate security threats within their organization. This tool builds on the existing capabilities in the security center to help admins: 


  • Identify security issues within the domain using advanced search capability. 
  • Triage threats targeting users, devices, or data. 
  • Take bulk actions to limit the propagation and impact of threats. 


A new pillar in the G Suite security center 

IT admins and analysts who operate in the cloud seek tools, visibility, and assistive insights to stop threats or gaps in operations before they become security incidents. This is why we introduced the security center for G Suite earlier this year. The security center brings together security analytics, actionable insights, and best practice recommendations from Google to help you protect your organization, data, and users.

The investigation tool adds to the security center with powerful incident investigation and integrated remediation capability. Using it admins can:
  1. Use comprehensive queries - Conduct organization-wide searches across multiple data sources, such as Gmail, Google Drive and device logs. 
  2. Delete malicious email - Identify and delete malicious emails from user inboxes. 
  3. Monitor file sharing - Examine Drive files being shared externally, and take action to stop potential misuse. 
  4. Identify correlation - Pivot across searches to connect results. 
  5. Perform device analysis - Suspend accounts or wipe devices that are compromised or running a vulnerable OS version. 
  6. Audit Drive files - Execute domain-wide access changes, and set IRM controls on Drive files. 

Early Adopter Program for the investigation tool now open 

We’ve been previewing the investigation tool with a small set of testers and customers. We’re excited to extend this capability to more customers through our investigation tool EAP. The EAP is available to G Suite Enterprise and G Suite Enterprise for Education domains. G Suite admins may apply with their primary domain on behalf of their organizations. Apply to join the EAP here.

More Information 
Early Adopter Program sign-up form
The Keyword: Work reimagined: new ways to collaborate safer, smarter and simpler with G Suite


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

View additional activities for managed devices in the devices audit log

The devices audit log in the Admin console provides a report on the activities of managed mobile and desktop devices in your organization. Previously, this report was limited to domains with advanced mobile management enabled. To make it even more useful, we’re now showing some of the events in this report to G Suite Business, Enterprise, and Enterprise for Education customers with basic mobile management and endpoint verification enabled as well.

These customers can now use this report to:
  • Find out when a G Suite account has been added to a device.
  • Learn when device screen locks have been enabled and disabled. 

In addition, the devices audit log will now contain admin activities, like when an account wipe has been requested or executed. Knowledge of these activities can help you keep your users’ devices, and the data contained on them, safe. You can find this report in the Admin console at Reports > Audit > Devices.


At launch, for basic mobile management and endpoint verification customers, this report will only show events on managed Android and endpoint verification devices. We’re working on expanding coverage to more devices in the future.

Visit the Help Center to learn more about the devices audit log and how to access it. If you haven’t done so yet, check out this article for information on how to set up mobile management in your domain.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to G Suite Business, Enterprise, and Enterprise for Education editions, as well as Cloud Identity Premium

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Manage your organization's mobile devices
Help Center: Devices audit log


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates