Tag Archives: Admin Console

Deploy and manage Google Credential Provider for Windows via the Admin console

What’s changing 

You can now deploy and manage Google Credential Provider for Windows (GCPW) in the Admin console. Previously, you had to edit registry entries to manage GCPW. The new, organization-specific installation file and setting management in the Admin console makes it easier to deploy and manage GCPW in your organization. 


Who’s impacted 

Admins 


Why you’d use it 

GCPW is an aspect of Enhanced desktop security for Windows that makes using Windows 10 devices with Google Workspace easier and more secure. Once set up, users can: 
  • Sign in to a Microsoft Windows 10 device using their Google Workspace Account. 
  • Take advantage of security protections on Windows 10 devices, including 2-step verification (2SV) and login challenges. 
  • Access Google Workspace and other single sign-on (SSO) apps without the need to re-enter their credentials. 
With this launch, you can configure and manage GCPW in the Admin console instead of in each device’s registry settings. This can make setting up and updating GCPW deployments less manual and time-consuming for if you don’t have standard software deployment tools. 


Additional details 

Device setup and management: To set up GCPW on a new device, download a GCPW installation file customized for your company from the Admin console. After GCPW is installed, you can manage GCPW settings in the Admin console. When a user signs in to a device managed with GCPW, GCPW fetches and applies the settings from in the Admin console. GCPW settings in the Admin console may take up to one hour to be implemented on the device. If you already installed GCPW on a device, you can set a token to manage GCPW from the Admin console

Settings available in the Admin console: You can manage most of the settings in the Admin console that you can in registry settings, including offline access, multiple account management, and more. 

Working with existing registry settings: Admin console settings supersede registry settings. To continue to use registry settings instead of Admin console settings, leave GCPW settings in the Admin console as “not configured.” 



Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers. 

Resources 

Adding more data sources and new OU controls to the security investigation tool

Quick launch summary 

The security investigation tool is a resource in the Google Workspace security center that can help you identify, triage, and take action on security and privacy issues in your domain. We’re now enhancing the tool with: 
  • New Google Chat, Google Meet, Google Groups, Google Voice, and Google Calendar logs. 
  • Organizational unit (OU) filters so queries can be limited to specific OUs. 
We hope that this will help you understand important activity in your domain and take action from within the investigation tool. 


Getting started 

  • Admins: These enhancements will be available by default. Visit the Help Center to learn more about the security investigation tool
  • End users: No end user impact. 
You can now use Chat, Meet, Groups, Voice, and Calendar logs as data sources in the security investigation tool. 

You can now filter by OU in the security investigation tool 


Rollout pace 

  • Available now 

Availability 

  • Available to Google Workspace Enterprise Plus and G Suite Enterprise for Education customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, and Enterprise Standard, as well as G Suite Basic, Business, Education, and Nonprofits customers 

Resources 

Adding more data sources and new OU controls to the security investigation tool

Quick launch summary 

The security investigation tool is a resource in the Google Workspace security center that can help you identify, triage, and take action on security and privacy issues in your domain. We’re now enhancing the tool with: 
  • New Google Chat, Google Meet, Google Groups, Google Voice, and Google Calendar logs. 
  • Organizational unit (OU) filters so queries can be limited to specific OUs. 
We hope that this will help you understand important activity in your domain and take action from within the investigation tool. 


Getting started 

  • Admins: These enhancements will be available by default. Visit the Help Center to learn more about the security investigation tool
  • End users: No end user impact. 
You can now use Chat, Meet, Groups, Voice, and Calendar logs as data sources in the security investigation tool. 

You can now filter by OU in the security investigation tool 


Rollout pace 

  • Available now 

Availability 

  • Available to Google Workspace Enterprise Plus and G Suite Enterprise for Education customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, and Enterprise Standard, as well as G Suite Basic, Business, Education, and Nonprofits customers 

Resources 

New endpoint details view in Meet Quality Tool

What’s changing

We’ve added a new drill-down view in Meet Quality Tool that shows additional details on connection endpoint level. By clicking an endpoint in the meeting timeline, admins can now also view:
  • User video mute/unmute activity
  • Network protocol changes (UDP, TCP)
  • Network connection type (wired, Wi-Fi, cellular connections)
  • For participants admitted after knocking, who admitted them
  • For participants who were ejected from the meeting, who ejected them
  • End-of-call quality rating (when submitted)

For still ongoing meetings, the timeline and drill-down are loaded with near-real-time values.

Who’s impacted

Admins

Why it’s important

A combination of many technical factors and activities affect the perceived quality of a meeting. This additional level of information about meetings helps admins become more effective in improving the meeting quality for their users.

Getting started

Admins: These new details are available by default when viewing any meeting in the Meet Quality Tool. You can click any connection endpoint in the timeline to bring up the endpoint details view.


Hovering over an event shows additional details and a timestamp for the event.





End users: This feature doesn’t impact end users.

Rollout pace

  • This feature is available now for all users.

Availability

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers

Resources

 

Use Secure LDAP to log into MacOS with Google credentials

Quick launch summary 

You can now use Secure LDAP on MacOS devices. Once enabled, users can log in to MacOS devices with their Google Workspace or Cloud Identity login credentials. 

This can help simplify access management by using a single directory—the Workspace identity and access management (IAM) platform—to manage access to MacOS devices. In turn, this can help improve security by providing a single place to set up identity and access policies, and reduce your dependency on legacy identity infrastructure. 


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Business Plus, Enterprise Standard, and Enterprise Plus, G Suite Education and Enterprise for Education, and Cloud Identity premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Enterprise Essentials, as well as G Suite Basic, Business, and Nonprofits customers 

Resources 

Increasing shared external contact limit to 200,000 contacts

Quick launch summary 

Shared external contacts are users outside of your domain who you add to your company directory. Previously, there was a limit of 50,000 external contacts. Now that limit is 200,000. Additionally, the total storage limit has been increased from 20MB to 40MB. 

Shared external contacts help enable collaboration between users in your organization and any external users who they may need to communicate with frequently, such as consultants and partners. When a user is added as a shared external contact, users in your organization can find the profile information for them in many Google services, such as when they enter addresses in Gmail. 


Getting started 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 

Resources Google Workspace 

Improving multiple domain setup in the Admin console

Quick launch summary 

We’ve improved the interface you use when you set up multiple domains via the Admin console. Multiple domains can be set up as secondary domains or domain aliases, and can help you manage multiple businesses or brands, each with their own domain. With this launch, we’ve redesigned the interface and setup flow to make it easier and quicker to verify multiple domains. 

An example of the new interface 

Getting started 

  • Admins: You’ll see the new interface when you go to Admin console > Domains and add a domain/domain alias. Visit our Help Center to learn more about how to add multiple domains or domain aliases
  • End users: No end user impact. 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 

Resources 

Improving multiple domain setup in the Admin console

Quick launch summary 

We’ve improved the interface you use when you set up multiple domains via the Admin console. Multiple domains can be set up as secondary domains or domain aliases, and can help you manage multiple businesses or brands, each with their own domain. With this launch, we’ve redesigned the interface and setup flow to make it easier and quicker to verify multiple domains. 

An example of the new interface 

Getting started 

  • Admins: You’ll see the new interface when you go to Admin console > Domains and add a domain/domain alias. Visit our Help Center to learn more about how to add multiple domains or domain aliases
  • End users: No end user impact. 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 

Resources 

Control access to AppSheet with a new Admin console setting

What’s changing 

On December 14, 2020, Google Workspace admins will begin seeing a new control for AppSheet in the Additional Google services section of the Admin console. 

AppSheet is available to all Google Workspace customers; this new setting simply gives admins the ability to enable or disable user access to AppSheet at the domain, organizational unit (OU), group, or level. 

Who’s impacted 

Admins 

Why you’d use it 

AppSheet allows users to maximize the power of Google Workspace by building custom applications on top of Workspace applications and other services and applications in their environment, all without writing any code. 


Additional Details 

Disabling AppSheet 
If your users are already using AppSheet, turning the additional service off will disable access for all app creators and users, and will stop applications from running. 

To find out who in your organization is using AppSheet, use the Token Audit Log in the Admin console at Reports > Audit Log > Token. Select “+ Add a filter” and choose “Application name,” then enter “AppSheet”. You’ll then see a list of users in your organization who have used AppSheet. 


Getting started 


  • Admins: In the Admin console, go to Apps > Additional Google services > Settings for AppSheet. There, you can enable or disable AppSheet for your entire organization or specific OUs, groups, or users. Visit the Help Center to learn more about turning AppSheet on or off for your organization

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits customers 

Resources 



Make specific applications exempt from session length policy

What’s changing 

Last year, we launched an open beta that enabled Cloud Identity admins to configure a session length (a.k.a. “reauth”) for Google Console and Cloud SDK. Now, we’re enhancing session length controls by allowing you to exempt specific applications from the reauth policy. We hope this will make it easier to roll out this feature in your domain. 


Who’s impacted 

Admins 


Why you’d use it 

The Google Cloud session control feature applies a session length to Google’s own GCP admin tools, as well as customer-owned and third-party applications that use the cloud-platform scope. When the configured session length expires, the application will require the user to reauthenticate to continue operating, analogous to what would happen if an admin revoked the refresh tokens for that application. The reauthentication requirement can help reduce unauthorized access to sensitive data. 

We heard your feedback that there are some scenarios that make it difficult to roll this out. For example, some applications do not gracefully handle the reauth scenario, causing confusing application crashes or stack traces. Some other applications are deployed for server-to-server use cases with user credentials instead of the recommended service account credential, in which case there is no user to periodically reauthenticate. Customers impacted by these scenarios are unable to roll out session controls to any applications as it will cause these apps to work improperly. 

This update allows you to add these apps to a trusted list, temporarily exempting the apps from session length constraints, while implementing session controls for all other GCP admin surfaces. 
The previous session control settings page in the Admin console 

The new session control settings page in the Admin console. Note the new “Exempt trusted apps” checkbox. 

Getting started 

  • Admins: This feature will be OFF by default and can be enabled manually using the “Exempt Trusted apps” setting. For more information on how to review the apps currently requiring cloud-platform scopes, and how to add those apps to the Trusted list, visit our Help Center
  • End users: There is no end user setting for this feature. 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus, as well as G Suite Basic, Business, Education, Enterprise for Education, and Nonprofits, and Cloud Identity customers

Resources