Tag Archives: Admin Console

Set client-side encryption as the default mode for new emails, events, and files on mobile

What’s changing 

Admins can now set client-side encryption (CSE) to be on by default on Android and iOS for: 
  • Newly drafted Gmail messages and replies 
  • Newly created Google Calendar events 
  • Newly uploaded Google Drive files

Client-side encryption in Gmail


Admins can now set client-side encryption as the default mode for users on both web and mobile that regularly handle sensitive data. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Each new email, event and uploaded file on mobile is automatically client-side encrypted with customer managed keys meaning the user is compliant with their org’s policy from the outset. For organizations with strict regulatory or sovereignty requirements, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data while on the go. 

For more information, check out our original announcement.

Getting started


Rollout pace


Availability

  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.

Resources


Conduct direct 1:1 calls with people outside your video calling network on Google Meet mobile

What’s changing

Earlier this year, we introduced cloud-encrypted 1:1 video calls between users in the same domain using the Meet mobile app. In the coming weeks, users from outside of your domain will be able to initiate 1:1 video calls with your users and vice versa. Admins will be able to pre-configure this functionality as on or off for their users with a new admin control. The timeline for this update is as follows:

  • Admin control for restricting external calls placed directly to a user via their email: Admins will begin seeing the new control beginning today. 
  • End user availability: The external calling feature will begin rolling out to end users beginning in April.

Who’s impacted

Admins and end users



Why it matters

1:1 cloud-encrypted video calling in the Meet mobile app makes it easier to connect with others by significantly reducing the need to create meeting links ahead of time. We’re expanding these 1:1 cloud-encrypted calls to allow users outside of your domain to initiate 1:1 calls, making it easier to connect with your external partners and stakeholders. However, to ensure external contact is appropriate, admins can turn this functionality on or off for their users.


Getting started

    • By default, users can receive calls only from contacts and other users in the organization. You can use the new admin switch to enable calls from outside your domain at the OU level. Visit the Help Center to learn more about restricting who can call users in your organization with Google Meet.
      • Note: This setting affects only Google Meet calling, not legacy services (formerly known as Duo) or calling in Google Chat. This also does not affect the ability to join meetings. Visit the Help Center to learn more about turning Meet legacy calling on or off for your users. Note that If you have legacy calling enabled for your users, they will have access to features previously found in Duo (group calls, messages, moments, family mode, etc.) if they have not upgraded to the new Meet app. 

  • End users: 



Rollout pace


Availability

  • Available to all Google Workspace customers

Available in open beta: the Groups Admin role can now be provisioned for specific group types

What’s changing

The Groups Admin role can now be assigned for security groups or non-security groups. Previously, those with the Groups Admin role had access to all groups within an organization. This change gives administrators more granular delegation of group admin responsibilities, helping limit access to the most sensitive groups to only those who absolutely need it. 

This feature is available in open beta, which means no additional sign-up is required to use the feature.

Getting started

Assign mobile device management admin privileges based on organizational unit

What’s changing

We’re giving admins more granular control over how mobile device management privileges are delegated. Specifically, admins can be assigned privileges for specific organizational units (OUs). This adds yet another layer of security by ensuring that access is scoped to the necessary OUs only. This feature is available as an open beta, which means you can use it without enrolling in a specific beta program.


Creating a custom role, which is assignable at the OU level.

Assigning permissions at the OU level




Example experience for an admin with OU level permissions





Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers

Resources


Assign mobile device management admin privileges based on organizational unit

What’s changing

We’re giving admins more granular control over how mobile device management privileges are delegated. Specifically, admins can be assigned privileges for specific organizational units (OUs). This adds yet another layer of security by ensuring that access is scoped to the necessary OUs only. This feature is available as an open beta, which means you can use it without enrolling in a specific beta program.


Creating a custom role, which is assignable at the OU level.

Assigning permissions at the OU level




Example experience for an admin with OU level permissions





Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers

Resources


Local data storage exports your organization’s Workspace data into the geographic location of your choice, launching in beta

What’s changing 

Today, we’re introducing Google Workspace’s new feature, local data storage. This feature allows admins to export their organization’s Workspace data into the geographic location or locations of their choice. These are the available options for this feature: 
  • User data: Specify users, groups, organizational units or your entire organization 
  • Export frequency: Opt for continuous or one-time exports 
  • Storage settings: Specify the geographic location of the Google Cloud storage bucket that the data is exported to, who can access the data, and more settings within the Google Cloud storage bucket.

When creating a new export, you can choose to export your data continuously into your own storage bucket



Who’s impacted

Admins


Why you’d use it

This update allows admins to export their organization's Workspace data into their own Google Cloud Storage (GCS) bucket located in a geographic location of their choice to meet their data sovereignty, compliance, and data archival needs. 

Getting started


Rollout pace


Availability

  • Available to Google Workspace Enterprise Plus customers with Assured Controls add-on
    • If you don’t currently have the Assured Controls add-on, please contact us or reach out to your sales rep for more information.

Resources


For Google Meet Hardware, ‘Auto-Update Expiration (AUE)’ will now be referred to as ‘end of Meet support’

What’s changing

We’re making changes to the terminology that refers to  when a Meet hardware device is no longer supported:

  • ‘End of Meet support date’ replaces Auto-Update Expiration (AUE) in the Meet hardware Help Center.
  • The Admin console will show ‘end of Meet support’ instead of ‘EOL (end of life)’ in both device information and fleet overview pages.
  • The field name for “end of life” in Admin console’s CSV downloads will change from “eolDate” to “endOfMeetSupportDate”
End of Meet support as indicated in the device information page


End of Meet support as indicated in the Google Meet hardware fleet overview


Additional details

The end of Meet support date for Intel 10th generation devices have been extended from June 2028 to June 2029 to reflect their continued availability.


Getting started


Rollout pace


Availability

  • This update impacts all Google Workspace customers with Meet hardware devices. 


Resources


Manage reported Google Chat content from the new moderation tool in the Admin console

What’s changing

We’re introducing a centralized location for reviewing and taking action on reported Google Chat content in the Admin console under Apps > Google Workspace > Moderation, alongside the email quarantine tool for Gmail. Here can be found an overarching view of active and resolved reports, as well as additional information and context about reported messages, allowing for more informed decisions to be made.

Super admins will have access to the moderation tool and can also assign users the new “Moderate Chat content report” privilege. The new privilege can be assigned to users in your organization who are best suited to review Chat content, helping to reduce the burden on super admins.


Who’s impacted

Admins and designated moderators 


Why it’s important

Google Chat is key to accelerating productivity and collaboration — content reporting and moderation helps ensure that information exchanged across Chat is safe and appropriate.  When a report is submitted by users, the moderation tool can be used to:

  • See all reports associated with the message (including those resolved in the past).
    • Note that resolved reports will be removed from the Moderation tool after 180 days.
  • Review the edit history of a message and conversation transcript, including up to five messages posted before the reported message.
  • Conversation details provide information about the type of conversation (direct messages, group direct messages, or Spaces) with number of participants, space managers, guidelines, etc.


Using this information, combined with organization policies, admins and moderators can choose the best course of action, whether that be deleting a specific message or deleting an entire space before resolving the report. Additionally, moderators can add comments to the report for prosperity should the content require further auditing in the future.

The moderation tool can be accessed in the Admin console by selecting Apps > Google Workspace > Moderation.

Upon selecting a reported message, you’ll see a variety of information including conversation details and other reports for the message.

You can select “Show more” from the “Reported message” section to view up to five messages sent prior to the reported message.



Additional details

As part of this change, the moderation tool will also include a tab for managing quarantined Gmail messages. Visit our Help Center for more information regarding setting up email quarantine and the admin privileges required to manage quarantined messages. The Gmail tab is available to all Google Workspace customers.


Getting started



Rollout pace


Availability

  • Google Chat content reporting and moderation is available to Google Workspace Enterprise, Enterprise Plus, Education Standard and Education Plus customers

Resources

Updates for managed iOS devices with the release of Chrome 120

What’s changing

In the coming weeks, we’ll be introducing several improvements to Chrome-on-iOS that will help admins more seamlessly apply policies and preferences across their users’ managed devices. This launch will align with the planned release of Chrome 120. Specifically, these improvements are: 
  • Cross-device policy application: Whether it’s a company-owned or personal device, Chrome User Policies can be applied when a user signs into the Chrome browser with their managed account. This ensures a consistent and secure browsing experience across all devices.
  • Management notice for end-users: Managed end-users will begin seeing a management notice, informing them that their organization manages the account they are signing into. This transparency not only fosters trust but also keeps users informed about the security measures in place to protect their data. 
  • Admin console integration: Admins can easily activate this functionality through the Admin console under the "Chrome on iOS" Browser setting. This centralized control allows admins to tailor policies to meet the specific needs of their organization, ensuring a customized and secure browsing environment for all users.

Getting started

 
We’ll remind you that your account is managed upon login and when you’re logged in.


Rollout pace

End user notifications

Admin console integration

Availability

  • Available to all Chrome Browser Cloud Management and Google Workspace customers

Resources


Google Workspace Updates Weekly Recap – December 15, 2023

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


We have begun enforcing 2-step verification for all admin accounts 
Two-step verification (2SV) is a critical security measure that has been proven to reduce password-based hijacking by more than 50%. We are committed to protecting the security of our users and are taking additional steps to help customers guard against data compromise and prevent account takeovers.

We have begun enforcing 2SV for all admin accounts and will continue this enforcement on an ongoing basis. As of December 2023, this change is already in effect for some customers. When this goes into effect for your organization, you will receive the following notifications:
  • 30 days prior to enforcement in your domain: Super admins will receive various email and in-app notifications informing them of the forthcoming enforcement, encouraging them to verify their admins’ 2SV status. 
  • Once enforcement goes into effect in your domain: All admins will receive email and in-app notifications upon signing into their accounts for the next thirty days. If they do not enable 2SV within this time period, they will be locked out and will need to follow these steps to recover an administrator account.
We highly encourage all administrators to turn on 2SV as soon as possible. Visit the Help Center for more details and further guidance.



Dynamic groups limit increased to 500 
We’re increasing the number of dynamic groups a customer can have from 100 to 500. Dynamic groups are defined as groups whose membership is managed automatically based on specific criteria, such as a user’s department or location. This increase gives admins more flexibility to create dynamic groups as needed and cuts down on manual group management tasks that would otherwise be required. | Rolling out now to Rapid Release and Scheduled Release domains at a gradual pace (up to 15 days for feature visibility). | Available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers only. | Learn more about dynamic groups.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Meet Add-ons SDK available in Developer Preview 
The Google Meet Web Add-ons SDK is available through our Developer Preview Program. Developers can use the SDK to bring their app experience right into Meet. End users can install, open, and collaborate in apps right inside a meeting, either as the meeting focal point, or in the sidebar — all without ever leaving Meet. | Learn more about Meet Add-ons SDK .

Huddly cameras bring continuous framing to Google Meet Series One room kits 
As part of our initiative to bring adaptive framing to Google Meet meeting rooms, we’re proud to announce that you can now access Huddly’s continuous framing capability available as part of the Series One room kit hardware devices. | Available to all Google Workspace customers using Google Meet Series One room kits only. | Learn more about Google Meet Series One.

Record and share your name pronunciation across Google Workspace products 
From your Google account settings, you can now record your name and share its pronunciation with other users. The pronunciation can be played from your profile card across various Google Workspace tools such as Gmail or Google Docs on web or mobile devices. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Frontline Starter, Frontline Standard, and Nonprofits customers only. | Learn more about name pronunciation. 

Easy access to people, documents, building blocks and more in Google Docs 
When moving to a blank line within your Doc, you will see an “@” button with the option to select, search and insert smart chips, such as people, dates, timers, or files, building blocks, calendar events, groups and more. | Learn more about bringing smart canvas features to the forefront of your workflow

Excuse assignments in Google Classroom 
Teachers can mark an assignment for a particular student as “Excused” instead of giving it a 0-100 score. This will exclude that particular assignment from the student’s overall grade. | Learn more about excusing assignments. 

Introducing interactive questions for YouTube videos in Google Classroom 
Educators can now turn any YouTube video into an interactive lesson by adding questions for their students to answer throughout the video. | Available to Education Plus and the Teaching and Learning Upgrade only. | Learn more about interactive videos. 

Introducing the Bitbucket app for Google Chat 
We’re adding Bitbucket for Google Chat. Bitbucket is a Git-based code and CI/CD tool optimized for teams using Atlassian’s Jira. | Learn more about Bitbucket app for Google Chat. 

Use “Profile Discovery” to display basic information only in search results, available in open beta 
Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. | Learn more about Profile Discovery.


Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).