Tag Archives: Admin Console

View more insights on Keep activity with a new API and audit logs

What’s changing 

To help Workspace admins monitor and analyze their organizations’ Keep activity, starting today, admins will see audit logs for user activity in Google Keep in the Admin console under Reports > Audit log > Keep. Here, admins can monitor when domain users: 
  • Take action on a note, 
  • Add or remove a collaborator, 
  • Upload or delete an attachment. 

Admins who have enabled Keep for their users will see Keep audit events from May 1, 2021 onward. These audit logs are also available in the Reports API, where admins can expand their automated reporting to include Keep. The event log and Reports API do not include information about the content of notes or attachments, only that an internal user has taken a particular action on a note. 


Next, in the coming days, the rollout of a new API for Keep will begin. The API will allow admins and admin-enabled apps to manage Keep access controls for an organization, enabling support for cases such as enterprise data protection. For example, an admin could use the API to create Keep notes, or use an app to monitor Keep usage and help ensure that notes with sensitive information are not shared too widely. 

Note: These features are only available for Google Workspace customers, and are not available for users with personal Google accounts.


Who’s impacted

Admins and developers

Why it matters

Audit events for Keep allow administrators to better understand domain activity on Keep and monitor compliance with organizational guidelines. The Keep API gives admins more ways to manage how Keep data is accessed.

Together, we hope these features make it easier for admins to add a layer of security and compliance around Keep data in their organization.


Getting started

  • Admins: 
    • Keep audit logs will appear automatically for organizations who allow their users to use Keep. Visit the Help Center to learn more about Google Keep Audit logs.
    • The Reports API can be configured by Admins for Google Keep or specific users defined by an admin. Use this guide to learn more about the Reports API
    • Once the Keep API begins to roll out, API documentation will be published, and we will update this blog post to include links to that documentation.
  • End users: No action required.

Rollout pace


Availability


  • Available to all Google Workspace customers, as well as G Suite Basic and Business customers
  • Not available to users with personal Google accounts.

Resources


New iOS Data Protection setting protects data sharing between Google Workspace and personal Google accounts

What’s changing 

We’re adding a new admin setting which restricts data and content sharing between Google Workspace accounts and personal Google accounts in Gmail, Drive, Docs, Sheets, and Slides on iOS. 

When the data protection setting is enabled, users can only share or save content–such as files, emails, or copied & pasted content—within Workspace accounts. This will protect users from sharing a file with their personal Google accounts or saving a file to their personal Google Drive. 



Who’s impacted 

Admins and end users 


Why it’s important 

Google applications on iOS support multi-user logins, allowing users to access Gmail, Google Drive, Docs, Sheets, and Slides with their personal and Google Workspace accounts. Giving admins the ability to control how data is shared across user accounts helps minimize accidental data sharing. Together with the previously released copy and paste and drag and drop restrictions, these security measures help increase the security of your corporate data on iOS. 


Getting started 

  • Admins: This feature will be OFF by default and can be enabled at the OU and domain level. Visit the Help Center to learn more about applying settings for iOS devices

  • End users: There is no end user setting for this feature. When enabled by your admin, you will be able to securely share enterprise Google Workspace content between your Google Workspace apps. 

Rollout pace 

  • Rapid Release and Scheduled Release domains: This feature is available now for all users. 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Plus, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Additional tools for managing the transition from classic to new Google Sites

What’s changing 

In 2017, we announced that we would replace classic Sites with new Sites, and in 2019 we announced that domains will have until the end of 2021 to complete the transition. Important note: Starting May 15, 2021, website creation in classic Google Sites will no longer be available. Visit the Help Center for more details on the Classic Sites migration. 


To help Admins and end users manage the transition to new Sites, we introduced the Classic Sites Manager in 2020. Recently, we’ve added several new options to the Classic Sites Manager to help you and your users manage the transition from classic Sites: 
  • Super Admins can now delegate admin-level Classic Sites Manager access to other users in their organization via a new assignable privilege, allowing them to do things like assign site owners or convert websites to the new Google Sites experience on behalf of their end users 
  • Admins and site owners can now bulk delete and restore sites within the Classic Sites Manager 
  • Admins can now bulk update ownership of sites from within the Classic Sites Manager 


See below for more information. 


Who’s impacted 

Admins and end users 


Why it’s important 

We hope these new options help admins and their end users navigate the transition from classic Sites to new Sites. 


Admins can delegate admin-level access to the Classic Sites Manager to the right people within their organization, allowing them to view all classic Sites and determine which migration actions need to be taken (convert, delete, assign site owners, etc.). 


With the addition of the delete bulk action in the Classic Sites Manager, admins (or delegated admins) can quickly remove any sites that are no longer relevant within their domain. End users will be able to remove any sites they own. Once a site is deleted, a user or admin has 30 days to restore it before it is permanently deleted. 


For sites that have no owners, admins (or delegated admins) can now use the update owners action to assign ownership of sites to a point of contact in your organization who can best advise on whether the site should be deleted or converted to new Sites. 


Additionally, sites can be converted to the new Sites experience using the Classic Sites Manager, with the option to export a filtered view from the Classic Sites Manager to Google Sheets for record keeping or further analysis. 

The Classic Sites Manager can be used to convert, delete, restore, and assign ownership of sites within your domain.




Getting started 



Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, and Nonprofits, as well as G Suite Basic and Business customers 
  • Not available to Google Workspace Frontline customers 


Resources 

Google Docs will now use canvas based rendering: this may impact some Chrome extensions

What’s changing 

We’re updating the way Google Docs renders documents. Over the course of the next several months, we’ll be migrating the underlying technical implementation of Docs from the current HTML-based rendering approach to a canvas-based approach to improve performance and improve consistency in how content appears across different platforms. 


We don’t expect this change to impact the functionality of the features in Docs. However, this may impact some Chrome extensions, where they may no longer work as intended. 


Who’s impacted 

Admins and developers 


Why it’s important 

Some Chrome extensions rely on the way the backend of a Google Doc is structured or specific bits of HTML to function properly. By moving away from HTML-based rendering to a canvas-based rendering, some Chrome extensions may not function as intended on docs.google.com and may need to be updated. 


Admins should review the current extensions deployed in their organization. See this file for an example of a Google Doc using canvas-based rendering and to test out your extensions.


If you are building your own integrations with Google Docs, we recommend using Google Workspace Add-ons framework, which uses the supported Workspace APIs and integration points. This will help ensure there will be less work in the future to support periodic UI implementation changes to Docs. 


If your company has developed a private Chrome Extension that you believe will be impacted and you are unable to migrate to the Google Workspace Add-ons framework, you can submit this form to provide feedback and notify our team


Getting started 

  • Admins and developers: 
    • To see an example of a Google Doc using canvas-based rendering, please see this example file. We strongly recommend reviewing the current extensions used in Google Docs that are deployed within your organization.
    • To ensure any Chrome extensions you build in-house continue to work as intended, we recommend migrating them to the Google Workspace Add-ons framework
  • End users: No action required. 


Rollout pace 

  • Google Docs will be migrating slowly from HTML to canvas based rendering over the course of the next several months. 


Resources 

Specify which attributes are available for the Secure LDAP client

What’s changing 

The Secure LDAP service provides a simple and secure way to connect your LDAP-based applications and services to Cloud Identity or Google Workspace. Admins can now specify which attributes they’d like to make available for the LDAP Client:
  • System attributes: Default user attributes that are available for all user accounts—for example, Email, Phone, and Address. Note that you can't disable this option.
  • Public custom attributes: Custom user attributes that are marked as visible to the organization.
  • Private custom attributes: Custom user attributes that are marked as visible only to the user and administrators. Use caution when using private custom attributes, as you're exposing private information to the LDAP client.


Who’s impacted


Admins and end users



Why it’s important


LDAP clients are in the secure LDAP service, which enables users to access traditional LDAP-based apps and IT infrastructure using their Google Workspace credentials. This new feature gives admins more control over the connections your LDAP-based applications and services interact with Google Workspace and Cloud Identity services. 


Additional details

Custom attribute naming requirements and guidelines:
  • Names for custom attributes can contain only alphanumeric text and hyphens.
  • There should be no duplicate attribute names across all custom schemas.
  • If the custom attribute name matches with an existing system attribute, we will return the system attribute value.
Important: If attribute names don't adhere to the above guidelines, the attribute values in question are excluded from the LDAP response.


Getting started



Rollout pace



Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, and Education Plus, G Suite Enterprise, and Cloud Identity Premium customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, as well as G Suite Basic and Business customers


Resources


Specify which attributes are available for the Secure LDAP client

What’s changing 

The Secure LDAP service provides a simple and secure way to connect your LDAP-based applications and services to Cloud Identity or Google Workspace. Admins can now specify which attributes they’d like to make available for the LDAP Client:
  • System attributes: Default user attributes that are available for all user accounts—for example, Email, Phone, and Address. Note that you can't disable this option.
  • Public custom attributes: Custom user attributes that are marked as visible to the organization.
  • Private custom attributes: Custom user attributes that are marked as visible only to the user and administrators. Use caution when using private custom attributes, as you're exposing private information to the LDAP client.


Who’s impacted


Admins and end users



Why it’s important


LDAP clients are in the secure LDAP service, which enables users to access traditional LDAP-based apps and IT infrastructure using their Google Workspace credentials. This new feature gives admins more control over the connections your LDAP-based applications and services interact with Google Workspace and Cloud Identity services. 


Additional details

Custom attribute naming requirements and guidelines:
  • Names for custom attributes can contain only alphanumeric text and hyphens.
  • There should be no duplicate attribute names across all custom schemas.
  • If the custom attribute name matches with an existing system attribute, we will return the system attribute value.
Important: If attribute names don't adhere to the above guidelines, the attribute values in question are excluded from the LDAP response.


Getting started



Rollout pace



Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, and Education Plus, G Suite Enterprise, and Cloud Identity Premium customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, as well as G Suite Basic and Business customers


Resources


Apply context-aware access policies to mobile and desktop applications

What’s changing 

Admins can now assign existing or new context-aware access levels to Google desktop and mobile applications. 

Applying context-aware access levels to mobile and desktop applications


Who’s impacted 

Admins and end users 



Why it’s important 

With context-aware access, you can set up different access levels based on a user’s identity and the context of the request (location, device security status, IP address). Expanding these policies to other Google Workspace entry points—such as the Google Drive for desktop app or using Gmail on a mobile browser—gives admins greater control over how, when, and where users can access Workspace resources. 



Getting started 


Rollout pace 


Resources 

Admins will now be alerted when there is an issue with their Google Voice auto attendants or ring groups

Quick launch summary 

Admins will now receive an alert in the Admin console’s Alert Center when an issue is detected with their auto attendant or ring group configuration along with instructions on how to quickly resolve the issue. These issues include: 
  • No valid members in a ring group, 
  • No valid auto attendants or ring groups to forward the call to, 
  • No voicemail recipients. 


Getting started 

Rollout pace 


Availability 

  • Available to all Google Workspace and G Suite customers with Google Voice standard and premier licenses 

Resources 

New Rules homepage in the Admin console make security simpler

What’s changing

We're making some updates to how you create, view, and manage rules in the Admin console. Specifically we're:

  • Making the Rules homepage available to all Google Workspace customers.
  • Consolidating the rules and security rules pages to make rule discovery and management easier.
  • Introducing a rule templates page, available to Enterprise Standard and Enterprise Plus customers, which helps quickly set up rules for common use cases.
  • Adding one-click rule analysis via the Investigation Tool, available to Enterprise Plus customers.
The new Rules homepage in the Admin console

See below for more information.



Who’s impacted

Admins



Why you’d use it

We hope this information makes it easier for admins to decide which rules to proactively implement, easier to maintain with centralized management, and easier to investigate with direct Investigation tool integration.


Additional details


On the new Rules homepage, admins can find information about:
  • The benefits of enabling rules with use-case based guidance for managing alerts and email notifications for Google-provided rules. 
  • The benefits of creating custom rules for other use cases including defining alerts for specific audit log events, protecting sensitive content, automating actions on specific activities, and securing devices. 
For Enterprise Standard and Enterprise Plus admins:
We’re introducing a new Rules Templates page. You can customize these pre-made templates to quickly set up rules for common use cases based on best practices. This includes scenarios such as preventing the sharing of sensitive personal, financial, or health information.

For Enterprise Plus customers, we’ve enabled one-click rule analysis of activity and data protection rules with investigation tool integration directly from the list view.



Rollout pace


Availability

New Rules homepage 
  • Available to all Google Workspace customers, as well as G Suite Basic and Business customers

Data protection
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, and Education Plus customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits customers
Device management rules
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits customers

Activity Rules
  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers
Investigation tool integration
  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers

New Google Meet Hardware Admin console features: peripheral status, default volume, and static URLs

Quick launch summary 

We’re adding three new features to the Google Meet Hardware section of the Admin console: 

Peripheral status: 
In addition to the “Device status” column on the Device list page, we’ve added columns for connection status and peripheral status. These new columns will help you filter your device list in order to easily discover and troubleshoot issues, and identify devices with missing peripherals. 

Additionally, there is a new column management widget which you can use to quickly create customized views and sort through your devices faster. 



Default Volume: 
There are two new options for setting the default volume behavior on Meet Hardware devices: 
  • Preset volume mode: You can set a numerical value between 0 and 100 that devices will automatically use at the beginning of every call. 
  • Smart volume mode: This mode will automatically determine the best volume for the room by averaging the volume set by users in the five most recent calls. 
The default volume behavior for a single device can be set on its Device detail page. For a group of devices, use the bulk action option from the Device list page. 

Note that end users can still modify the volume on a device according to their preference regardless of the default volume selection. 



Static Device list URLs: 
Device list filters will now be uniquely encoded into the page’s URL. This makes it easy for admins who are responsible for specific organizational units or devices to bookmark a customized view or share it among team members. 

Getting started 

  • Admins: You’ll see these updates in the Admin console under Devices > Google Meet Hardware
  • End users: No action required 

Rollout pace 

Peripheral status and Default volume 
Static Device list URLs 

Availability 

  • Available to all Google Workspace customers in organizations with Google Meet Hardware