Tag Archives: Admin Console

Additional iOS data exfiltration enhancement: account level data sharing between Google Workspace apps and non-Google Workspace apps on or off

What’s changing 

Admins can now enable content sharing on personal Workspace accounts while preventing data sharing from corporate Workspace accounts on iOS devices.




Additionally, admins can now prevent data sharing from unknown sources (typically non-Google Workspace apps) to personal Workspace accounts on Gmail, Drive, Docs, Sheets, Chat, and more, by setting a managed configuration

The {customer_id} is a unique customer ID that’s assigned to your account. You can find it in your Admin console at Account > Account settings > Profile.



Getting started

  • Admins: Blocking sending of work data to personal apps, including all non-Google Workspace apps on the iOS share sheet, will be OFF by default and can be enabled at the OU level. These settings can be configured in the Admin console under Devices > Mobile and endpoints > iOS settings > Data Sharing. Visit the Help Center to learn more about data protection on iOS devices. Use this article in our Help Center to learn more about how to set up the managed configuration, go to set up iOS apps with managed configurations.

  • End users: Sharing of data between Google Workspace apps and non-Google Workspace apps depends on your admin configuration. If you’re unable to share data between apps, you may see a warning message. Visit the Help Center to learn more about how your iOS device is managed.


Rollout pace


Availability

Available for Google Workspace:
  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Enterprise Essentials Plus
  • Frontline Standard
  • Cloud Identity Premium

Resources



Admin features for space management via the Chat API are now generally available

What’s changing

Earlier this year, we introduced a series of space management capabilities for Workspace admins in the Google Chat API via the Google Workspace Developer Preview Program. These API features are now generally available for all Google Workspace customers and developers.

Using these features, admins can easily perform a variety of space management related tasks at scale. This includes membership management, like adding and removing members, onboarding and offboarding users from spaces, cleaning up inactive spaces, and more. 

These features are also available when using the Google Apps Manager (GAM), an open source command-line tool that helps administrators to perform bulk operations associated with various aspects of their Google Workspace. The tool can be used to automate space management tasks with command-line scripts, helping to reduce admin overhead and potential errors when using APIs. See this article in our Help Center for more information on using a third-party tool for mass provisioning.

Who’s impacted

Admins and developers

Why you’d use it

In 2023, we launched the Space Management tool, which allowed admins to view all the spaces within their organization, understand the activity within those spaces, and perform essential actions like deleting a space or assigning space managers. While finding the tool helpful to perform one-off tasks, admins expressed a desire for tools to perform these tasks at scale, for example, with the help of APIs. Admins can now use the Chat API to find information and manage spaces in their organization in bulk or programmatically. Specifically they can:

  • Find and delete inactive spaces: Using spaces.search, you can find spaces that haven’t been used since a specified date and time and then delete them.
  • Onboard and offboard users: Automatically add new users to relevant spaces and remove them from spaces when they leave or change roles.
  • Audit external members: Monitor and control access to your organization's data by identifying and removing external members from sensitive conversations.
  • Lookup and update space details: Easily manage space information like names, descriptions, and guidelines.
  • Verify user membership and upgrade roles: Manage user access and roles within spaces.
  • And more — please refer to our developer guidance for even more information.

Getting started

Google Cloud Directory Sync now complies with your conflicting accounts management settings

What’s changing 

When Google Cloud Directory Sync (GCDS) attempts to create new users, it may encounter unmanaged accounts that conflict with the accounts it’s attempting to create. In these instances, GCDS will now comply with the conflicting accounts management settings specified in the Admin console. This update helps reduce the time spent migrating user accounts to business accounts, helping to accelerate the adoption of Google Workspace and Google Cloud. Visit the Help Center for specific information on how GCDS will handle conflicting accounts based on your configured settings

Getting started 

  • Admins: Google Cloud Directory Sync will automatically respect your existing Admin console settings for handling conflicting unmanaged accounts. We do not recommend turning this feature off in GCDS, rather you should configure these settings as you see fit in the Admin console. Visit the Help Center to learn more about handling conflicting unmanaged accounts with Google Cloud Directory Sync, as well as unmanaged accounts in general. 
  • End users: Depending on your admin configuration: 
    • You’ll be invited to transfer your account — if accepted, your admin will have the ability to manage your account. 
    • If you do not accept the request, your admin may replace your unmanaged account with a managed one. In that case, you’ll receive a new @gmail.com address and retain your content in this unmanaged, personal Google account. 

Rollout pace


Availability

  • Available for all Google Workspace customers 

 Resources 

Empowering Google Workspace customers to take control of their emissions with Electricity Maps

What’s changing

To help our customers continue to understand and measure the carbon intensity of their cloud computing, we have partnered with Electricity Maps to provide hourly emissions data within the Carbon Footprint report. Since we launched the Google Workspace Carbon Footprint report at Cloud Next 2023, we have continued our collaboration with Electricity Maps to further help users understand their emissions. Directly within the Admin console, admins can track the carbon footprint and emissions of using Google Workspace, down to specific tools such as Google Meet, Gmail, Google Docs, and more. 

We’ve also added a new admin role for accessing Carbon Footprint reports. Previously, only Workspace admins with reporting privileges had access to the carbon footprint dashboard. However, we know our customers have specialists, such as a dedicated Sustainability team, who rely on this information to inform their work. Now, admins can grant access to the Workspace Carbon Footprint report to select users by creating a custom role

Who’s impacted

Admins

Why it’s important

Cloud computing has immense significance for powering global business operations and innovation. But, in a world facing the accelerating impacts of climate change, it is increasingly important to keep an eye on its environmental impact. The dynamic and global nature of cloud computing creates challenges for precisely measuring its emissions and requires granular data that captures the carbon emissions of electricity at every hour in locations around the world. Partnering with Electricity Maps gives our customers a way to monitor their cloud emissions over time by product — giving IT teams and developers the high quality metrics they need to monitor, improve, and reduce their carbon emissions.

Electricity Maps gathers real-time and historical power generation and power exchange data from multiple sources around the globe, calculating the hourly consumption mix available on the grid and its carbon intensity. Electricity Maps follows a highly granular approach, combined with a transparent and scientific methodology and a strict collective vetting process of their open-source community. This guarantees high-quality and trustworthy data that aligns with Google’s ambition for a realistic and science-backed perspective on climate impact. For maximum transparency, emissions can be viewed on either location-based or market-based Scope 2 accounting standards. Location-based emissions show the emissions linked to the actual electricity used for the operations, whereas the market-based emissions represent emissions from the purchased electricity, including Google’s annual renewable energy purchases.  More information about the methodology behind Google’s Workspace and Cloud Carbon Footprints can be found here

Additional details

More about Google's sustainability commitments
In 2020, we set a goal to run on 24/7 carbon-free energy—every hour of every day on every grid where we operate—by 2030. We continue to make product and operational improvements to reduce environmental impact and we're sharing technology, methods, and funding to enable organizations around the world to transition to more carbon-free and sustainable systems — see here for more information about our sustainability commitments.


Google uses the Greenhouse Gas Protocol, the global standard for carbon accounting to generate the Workspace Carbon Footprint reports. We recommend that admins familiarize themselves with the GHG terminology — you can find more information in our Help Center or the video below.


Getting started

  • Admins: You can find your Carbon Footprint report in the Admin console under Reporting > Carbon footprint. Visit the Help Center to learn more about the Workspace Carbon Footprint.

Rollout pace


Availability



Expanding multi-party-approvals to domain-wide-delegation actions

What’s changing

Earlier this year, we announced multi-party approvals for sensitive actions taken in the admin console, specifically requiring one admin to approve actions taken by another. At launch, these protections applied to several settings, including 2-step verification, account recovery, and more. 


Today, we’re expanding multi-party approvals to include domain-wide-delegation. Domain-wide-delegation is a powerful feature which allows admins to grant third-party applications permission to access your Workspace users’ data. Bringing this feature under the umbrella of multi-party-approvals helps mitigate the risk of data exfiltration by internal bad actors or if admin credentials have been compromised. 


Overall, multi-party-approvals help ensure no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. For more information, see our original announcement.

When domain-wide-delegation changes are attempted, admins will be required to submit the change to a super admin for approval.

 Super admins can review and take action on these requests in the Admin console by navigating to Security > Multi-party approval. Super admins will also receive email alerts when a change is requested or any other protected action is attempted.



Getting started

  • Admins: The multi-party approvals feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approvals are OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approvals for sensitive actions.

Rollout pace


Availability

  • Available for all Google Workspace customers

Resources


Save time managing your Meet Hardware fleet with new device filters

What’s changing 

As we continue to make improvements for managing Meet Hardware fleets, we’re pleased to announce eighteen additional filters in the Admin console, which include:

  • Alert silence expiration time
  • Boot mode
  • Camera
  • Chrome version
  • Content camera (i.e., whiteboard cameras)
  • Controller (i.e., MIMO, Logitech Tap, Juno Remote, etc.)
  • Device ID
  • Display
  • Enrollment date
  • Has user
  • Camera home position mode
  • Microphone
  • Noise cancellation (denoising state)
  • Notes
  • Operating system version
  • Primary framing strategy
  • Speaker
  • Software audio processing mode
The new filters can be added as chips to filter the device table:

From Menu > Devices > Google Meet hardware > Devices, select “Add a filter”. Any filters you select will be added to the URL so you can save the link or share it with others.





New data columns have been added that enable you to view additional device info at a glance, which include:
  • Boot mode
  • Camera
  • Camera home position
  • Chrome version
  • Content camera
  • Controller
  • Device ID
  • Display
  • End of Meet support
  • Enrollment date
  • Microphone
  • Noise cancellation
  • Notes
  • Operating system version
  • Primary framing strategy
  • Volume
  • Speaker
From Menu > Devices > Google Meet hardware > Devices, select the gear icon to add columns. Any columns you select will be added to the URL so you can save the link or share it with others.





Increasing the number of searchable fields makes it easier and faster to find specific groups of devices, which is particularly helpful when managing a large fleet of devices. Quickly finding groups of devices allows you to save time and resources managing and troubleshooting your devices. 


Getting started

Rollout pace

Availability

  • Available to all Google Workspace customers with Google Meet hardware devices

Resources


Chat safer with new settings for students in Google Chat

What’s changing 

We're introducing a new setting that enables education admins to restrict which users can create and manage members in Google Chat conversations. 


This can be useful for admins who want to prevent groups of students from initiating or adding users to a conversation. 

Chat restrictions for Education domains



Who’s impacted 

Admins and end users 


Why it’s important

This is a highly-requested feature that restricts the creation of unsupervised activity among K-12 students and helps provide a safer and easier way for teachers to communicate with students. 


Getting started 

  • Admins: 
    • To restrict users from accessing features in Chat, go to the Admin console > Apps > Google Workspace > Google Chat > click the Chat and Space restrictions setting > Inside the Google Chat box, search for the group of users you'd like to apply Chat restrictions to > check the box for Restrict creating direct messages, group messages, and spaces > hit Save. 
      • Note: groups can be restricted at the group level only.
    • We recommend admins enable the "automatically accept chat invitations" setting for their OU. This will ensure teachers can easily initiate messages to students that instantly deliver without the need to accept an invitation. We also recommend turning OFF Chat with external users.
    • Visit the Help Center to learn more about setting up Chat restrictions for Education accounts.
  • End users: There is no end user setting for this feature.

Rollout pace 

Admin setting: 
Chat UI: 

Availability 

Available for Google Workspace: 
  • Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade 

Resources 

Google Meet hardware event logs are now available in the security investigation tool and BigQuery

What’s changing 

We’re pleased to announce a new set of features to help you conduct deeper analysis and more flexible issue detection within your Google Meet hardware fleet:
 
First, Meet hardware log events are now captured in the security investigation tool. Within the tool, you’ll be able to view historical events for your devices and create customized alerts. You can also click out to Meet hardware log events from individual device pages (Devices > Google Meet Devices > [Device Name]), allowing you to find information on specific devices even faster.

Meet hardware logs in the security and investigation tool




Secondly, through integration with BigQuery, Meet hardware logs can be imported from the security investigation tool to be analyzed at scale. This is a powerful new tool that can be used to build customized views of your historical data across your entire hardware fleet. For example, you can use this data to identify which devices are the most used across your organization, which devices are experiencing the most issues within a specific timeframe, and more.




Specifically, you’ll be able to filter by the following details: 



Getting started

Rollout pace


Availability

The security investigation tool is available for Google Workspace:
  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Enterprise Essentials Plus
  • Frontline Standard
  • Cloud Identity Premium
Reporting logs in BigQuery is available for Google Workspace:
  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Enterprise Essentials Plus
  • Frontline Standard

Manage all Calendar interop settings from the Admin console

What’s changing

Previously, the interoperability settings that allow Calendar users to see availability of colleagues using Outlook and vice-versa were split between two separate locations: in the Admin console and from https://calendar.google.com/Exchange/tools. Going forward, all interoperability settings will be housed in the Admin console at Apps > Google Workspace > Settings for Calendar > Calendar Interop management. This will make it easier for admins to view and manage their interop setups.



Getting started


Rollout pace

Availability

  • Available for Google Workspace customers except Google Workspace Essentials and Workspace Individual Subscribers 

“Take notes for me” in Google Meet is rolling out soon; pre-configure access with a new admin setting

What’s changing 

“Take notes for me,” an AI-powered feature in Google Meet that automatically takes notes during your meetings, will be rolling out soon. Prior to end user availability, admins can now configure whether their users can use this Google AI note-taking feature with a new Admin console setting. This setting can be configured in the Admin console by going to Apps > Google Workspace > Google Meet > Gemini Settings


Apps > Google Workspace > Google Meet > Gemini Settings > Google AI note-taking


Similar to Meet transcripts Admin settings, this control gives admins more flexibility to test the feature within specific Organizational units (OUs) or Groups before deploying the feature more broadly within their organization.


“Take notes for me” is available for customers who have a Gemini Enterprise, Gemini Education Premium, or AI Meetings and Messaging add-on. Only users who are assigned one of these licenses will be able to use the note-taking feature. 


We’ll provide more information and timing on end user availability about “Take notes for me” in the coming weeks here on the Workspace Updates blog.


Additional details

Notes documents will be stored in the meeting owner’s drive folder and will follow the Meet retention policy that your organization has configured. If you are currently testing this feature in Workspace Labs and Alpha, your experience will change from respecting the Drive retention policy to respecting the Meet retention policy. 


Getting started

  • Admins: Take notes for me will be ON by default and can be configured at the OU and Group level in the Admin console by going to Apps > Google Workspace > Google Meet > Gemini Settings > Google AI note-taking. If you want all of your users to receive the feature at once, you may want to consider turning this setting OFF and then after rollout switching it to ON.


Rollout pace

  • Rapid and Scheduled Release domains: Gradual rollout of the admin setting (up to 15 days for feature visibility) starting on August 13, 2024 with expected completion on August 21, 2024

Availability

Available for Google Workspace customers with the:
  • Gemini Enterprise add-on
  • Gemini Education Premium add-on
  • AI Meetings & Messaging Add-on