Tag Archives: Admin Console

Manage reported Google Chat content from the new moderation tool in the Admin console

What’s changing

We’re introducing a centralized location for reviewing and taking action on reported Google Chat content in the Admin console under Apps > Google Workspace > Moderation, alongside the email quarantine tool for Gmail. Here can be found an overarching view of active and resolved reports, as well as additional information and context about reported messages, allowing for more informed decisions to be made.

Super admins will have access to the moderation tool and can also assign users the new “Moderate Chat content report” privilege. The new privilege can be assigned to users in your organization who are best suited to review Chat content, helping to reduce the burden on super admins.


Who’s impacted

Admins and designated moderators 


Why it’s important

Google Chat is key to accelerating productivity and collaboration — content reporting and moderation helps ensure that information exchanged across Chat is safe and appropriate.  When a report is submitted by users, the moderation tool can be used to:

  • See all reports associated with the message (including those resolved in the past).
    • Note that resolved reports will be removed from the Moderation tool after 180 days.
  • Review the edit history of a message and conversation transcript, including up to five messages posted before the reported message.
  • Conversation details provide information about the type of conversation (direct messages, group direct messages, or Spaces) with number of participants, space managers, guidelines, etc.


Using this information, combined with organization policies, admins and moderators can choose the best course of action, whether that be deleting a specific message or deleting an entire space before resolving the report. Additionally, moderators can add comments to the report for prosperity should the content require further auditing in the future.

The moderation tool can be accessed in the Admin console by selecting Apps > Google Workspace > Moderation.

Upon selecting a reported message, you’ll see a variety of information including conversation details and other reports for the message.

You can select “Show more” from the “Reported message” section to view up to five messages sent prior to the reported message.



Additional details

As part of this change, the moderation tool will also include a tab for managing quarantined Gmail messages. Visit our Help Center for more information regarding setting up email quarantine and the admin privileges required to manage quarantined messages. The Gmail tab is available to all Google Workspace customers.


Getting started



Rollout pace


Availability

  • Google Chat content reporting and moderation is available to Google Workspace Enterprise, Enterprise Plus, Education Standard and Education Plus customers

Resources

Updates for managed iOS devices with the release of Chrome 120

What’s changing

In the coming weeks, we’ll be introducing several improvements to Chrome-on-iOS that will help admins more seamlessly apply policies and preferences across their users’ managed devices. This launch will align with the planned release of Chrome 120. Specifically, these improvements are: 
  • Cross-device policy application: Whether it’s a company-owned or personal device, Chrome User Policies can be applied when a user signs into the Chrome browser with their managed account. This ensures a consistent and secure browsing experience across all devices.
  • Management notice for end-users: Managed end-users will begin seeing a management notice, informing them that their organization manages the account they are signing into. This transparency not only fosters trust but also keeps users informed about the security measures in place to protect their data. 
  • Admin console integration: Admins can easily activate this functionality through the Admin console under the "Chrome on iOS" Browser setting. This centralized control allows admins to tailor policies to meet the specific needs of their organization, ensuring a customized and secure browsing environment for all users.

Getting started

 
We’ll remind you that your account is managed upon login and when you’re logged in.


Rollout pace

End user notifications

Admin console integration

Availability

  • Available to all Chrome Browser Cloud Management and Google Workspace customers

Resources


Google Workspace Updates Weekly Recap – December 15, 2023

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


We have begun enforcing 2-step verification for all admin accounts 
Two-step verification (2SV) is a critical security measure that has been proven to reduce password-based hijacking by more than 50%. We are committed to protecting the security of our users and are taking additional steps to help customers guard against data compromise and prevent account takeovers.

We have begun enforcing 2SV for all admin accounts and will continue this enforcement on an ongoing basis. As of December 2023, this change is already in effect for some customers. When this goes into effect for your organization, you will receive the following notifications:
  • 30 days prior to enforcement in your domain: Super admins will receive various email and in-app notifications informing them of the forthcoming enforcement, encouraging them to verify their admins’ 2SV status. 
  • Once enforcement goes into effect in your domain: All admins will receive email and in-app notifications upon signing into their accounts for the next thirty days. If they do not enable 2SV within this time period, they will be locked out and will need to follow these steps to recover an administrator account.
We highly encourage all administrators to turn on 2SV as soon as possible. Visit the Help Center for more details and further guidance.



Dynamic groups limit increased to 500 
We’re increasing the number of dynamic groups a customer can have from 100 to 500. Dynamic groups are defined as groups whose membership is managed automatically based on specific criteria, such as a user’s department or location. This increase gives admins more flexibility to create dynamic groups as needed and cuts down on manual group management tasks that would otherwise be required. | Rolling out now to Rapid Release and Scheduled Release domains at a gradual pace (up to 15 days for feature visibility). | Available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers only. | Learn more about dynamic groups.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Meet Add-ons SDK available in Developer Preview 
The Google Meet Web Add-ons SDK is available through our Developer Preview Program. Developers can use the SDK to bring their app experience right into Meet. End users can install, open, and collaborate in apps right inside a meeting, either as the meeting focal point, or in the sidebar — all without ever leaving Meet. | Learn more about Meet Add-ons SDK .

Huddly cameras bring continuous framing to Google Meet Series One room kits 
As part of our initiative to bring adaptive framing to Google Meet meeting rooms, we’re proud to announce that you can now access Huddly’s continuous framing capability available as part of the Series One room kit hardware devices. | Available to all Google Workspace customers using Google Meet Series One room kits only. | Learn more about Google Meet Series One.

Record and share your name pronunciation across Google Workspace products 
From your Google account settings, you can now record your name and share its pronunciation with other users. The pronunciation can be played from your profile card across various Google Workspace tools such as Gmail or Google Docs on web or mobile devices. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Frontline Starter, Frontline Standard, and Nonprofits customers only. | Learn more about name pronunciation. 

Easy access to people, documents, building blocks and more in Google Docs 
When moving to a blank line within your Doc, you will see an “@” button with the option to select, search and insert smart chips, such as people, dates, timers, or files, building blocks, calendar events, groups and more. | Learn more about bringing smart canvas features to the forefront of your workflow

Excuse assignments in Google Classroom 
Teachers can mark an assignment for a particular student as “Excused” instead of giving it a 0-100 score. This will exclude that particular assignment from the student’s overall grade. | Learn more about excusing assignments. 

Introducing interactive questions for YouTube videos in Google Classroom 
Educators can now turn any YouTube video into an interactive lesson by adding questions for their students to answer throughout the video. | Available to Education Plus and the Teaching and Learning Upgrade only. | Learn more about interactive videos. 

Introducing the Bitbucket app for Google Chat 
We’re adding Bitbucket for Google Chat. Bitbucket is a Git-based code and CI/CD tool optimized for teams using Atlassian’s Jira. | Learn more about Bitbucket app for Google Chat. 

Use “Profile Discovery” to display basic information only in search results, available in open beta 
Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. | Learn more about Profile Discovery.


Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Use “Profile Discovery” to display basic information only in search results, available in open beta

What’s changing

Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. 

This feature is available in open beta, which means no additional sign-up is required to use the feature.








In the Admin console, under Directory Settings > Profile editing, you can turn “Profile discovery” on or off for your users.

To help people recognize you, we’ll share basic information needed to confirm your identity. After you interact with someone, they'll typically see your full name, profile picture, and more from your Google Account.




Getting started

Rollout pace



Availability

  • Available to all Google Workspace customers

Resources

Custom notifications for Google Chat data loss prevention rules are now generally available

What’s changing 

Earlier this year, we announced the beta availability for admins to display custom notifications when a Google Chat message is blocked or intercepted based on data loss prevention rules. Beginning today, this feature will become generally available on web and mobile. 


Custom notifications give admins the opportunity to provide their users with more context about why they were blocked from sending a specific message, what they can do to unblock themselves, and include links to additional resources, such as organization guidelines for sensitive data with actionable recommendations. For more information, please reference our original announcement.

Getting started

  • Admins: 
    • Custom notifications can be set per each data protection rule at the domain, Organizational Unit (OU), or group level. 
    • When creating a rule, in Step 4: Actions, under “User Message”, select “customize message”.  Custom notifications can also be applied to existing DLP rules. If admins do not customize the notification, the generic notification will be shown to users.
    • Visit the Help Center to learn more about preventing data leaks from Chat messages & attachments.


  • End users: There is no end user action required. Depending on your admin settings, you’ll see more detailed information if you’re trying to send a Google Chat message that meets conditions defined in a data loss prevention rule.


Rollout pace


Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, and Frontline Standard customers
  • DLP for Chat is also available to Cloud Identity Premium users who are also licensed for Workspace editions that include Google Chat and Audit and investigation. Visit the Help Center for more information. 

Resources


Updated grace periods for resolving policy violations in managed iOS devices

What’s changing 

Ensuring only managed applications can access sensitive information is vital to security. Currently, when admins make a policy change that results in an app going from unmanaged to managed, if a policy violation is detected, a 24-hour grace period is given to users to comply with the change. After this grace period, users will lose the ability to access their Google Workspace account. 


Moving forward, we’re adjusting a few components to how this grace period operates to boost compliance and prevent inadvertent circumvention. Specifically:

Grace Period 

Situation

Next Steps



None 

-The managed apps policy violation is detected during the device enrollment.

-The managed apps policy violation by an app is detected after 24 hrs from the moment the admin changes the policy.

Users will be prompted to install the app from the Google Device Policy app for IOS or they will lose access to Google Workspace.

Visit the Help Center to learn more.


24 hours

The managed apps policy violation by an app is detected within the 24hrs from the moment the admin changes the policy. 



Who’s impacted

Admins and end users


Why it’s important

Improving these safeguards helps ensure that  only managed applications can access sensitive organization information. If the managed applications do not meet the requirements of the access policies set by admins, managed application access to Workspace data is deactivated until users take the proper steps.


Getting started


Rollout pace

Availability

  • Available to Google Workspace Frontline Starter and Frontline Standard, Business Plus, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus; Enterprise Essentials and Enterprise Essentials Plus and Cloud Identity Premium customers

Resources


Turn on snippets for additional context surrounding data loss prevention rule violations

What’s changing 

Admins can now view “Sensitive Content Snippets” for data loss prevention (DLP) rules. This applies to DLP events for Drive, Chat, and Chrome. When turned on, snippets will log the matched content that triggered a DLP violation in the security investigation tool. Admins can use the information captured in the snippet to better identify actual security risks, determine whether a false positive was returned, and decide on an appropriate course of action.

Getting started

  • Admins: 
    • Make sure any admins who need to review the snippets have the "view sensitive content" privilege. Only super admins have the ability to hide or unhide sensitive data.

    • This feature will be OFF by default and can be turned on in the Admin console by going to Security > Data Protection > Data Protection Settings > Sensitive Content Storage.
      • To view snippets in the security investigation tool, select any row from the “Description column” and scroll down to “Sensitive Content Snippets”. Here you’ll see the matched detector ID, the matched content starting character, and the matched content length.

    • Visit the Help Center to learn more about viewing content snippets that trigger DLP rules, using Workspace DLP to prevent data loss, and the security investigation tool.

  • End users: There is no end user impact or action required.

Rollout pace


Availability

  • Available to Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus, and Enterprise Essentials Plus customers
  • Also available to Cloud Identity Premium and BeyondCorp Enterprise customers

Resources

Set client-side encryption as the default mode for new emails, events, and files

What’s changing

Admins can now set client-side encryption (CSE) to be on by default for:

  • Newly created Gmail messages, Google Calendar events. 
  • Newly created Google Docs, Sheets, and Slides files.
  • Newly uploaded Google Drive files.

Admins can set client-side encryption as default on for users in Organizational Units (OUs) that regularly handle sensitive data requiring additional encryption. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Users are prompted to create a CSE object natively in each app meaning their emails, events and files are encrypted by default with customer-managed keys and are private from Google. For organizations with strict regulatory or sovereignty needs, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data.  

Drive:


Gmail:

This is available on the web initially, with support coming for mobile apps in the future. 

Who’s impacted

Admins and end users


Why it matters

This feature is important for Google Workspace admins as it improves users compliance behavior without sacrificing productivity and increases control for admins implementing data control policies. It also includes improved audit logs, providing more detail for admins compiling regulatory compliance reports.

Workspace already uses the latest cryptographic standards to encrypt data by default, at rest and in transit between our facilities. Client-side encryption goes beyond this, giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. It gives organizations higher confidence that any third party, including Google and foreign governments, cannot access their confidential data. Users can continue to collaborate across their preferred apps in Workspace while IT and compliance teams can ensure that sensitive data stays compliant with regulations. 


Getting started

Rollout pace


Availability

  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.

Resources


Access Google Vault audit logs alongside other Workspace audit logs

What’s changing

We’re excited to announce the general availability of an improved Google Vault audit log experience. As a result of this change, you can now find Vault audit logs in the Admin console alongside other Google Workspace apps like Gmail, Google Drive, and more. Beginning in January, Vault audit logs can be accessed by the Reports API, which you can use to actively monitor your domain’s Vault usage. We’ll share more information here on the Workspace Updates blog when this functionality becomes available.

Aligning the location and functionality of Vault audit logs with other Workspace apps creates a consistent experience for admins and reduces the need to search for information in various locations. It also enables audit logs in the admin console to be compliant with our new regionalized data processing capabilities.

Additional details

The duration, access and visibility of Vault audit logs will remain the same and will continue to require the “manage audits” permission. The Vault audit logs can be accessed through the Vault reports and matter audits links as well as from the Admin Console. Visit the Help Center to learn more about setting up Vault privileges.


Getting started

  • Admins: Visit the Help Center to learn more about Vault log events.
  • End users: There is no end user impact or action required.


Rollout pace



Availability


  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus customers or customers with the Vault add-on license

Resources


Monitor insider risk of Google Workspace data with Chronicle

What’s changing 

Admins can now more seamlessly integrate their Google Workspace data with Chronicle (Google’s cloud-native Security Operations platform), to quickly detect, investigate and take action on risky activity and threats. Admins can now leverage reduced time spent syncing data from Workspace to Chronicle, as well as Chronicle’s curated preconfigured out-of-the-box detections.




Who’s impacted

Admins

Why it matters 

As an admin, you can already use the Alert Center to view notifications and take action on potentially issues within your domain. Now you can take this a step further by using Chronicle, leveraging its rich risk management capabilities and recommendations:
  • Chronicle can help detect and investigate potential threats at every level of sophistication by monitoring your data in real time. 
  • Data insights are available at your fingertips, with rich context and visualization alongside industry best recommendations, helping you make better decisions faster. 
  • Further, you can deploy Chronicle’s out-of-the-box use cases, helping to cut down on time spent building rules and playbooks. 
  • You can also build and automate repeatable playbooks with full-fledged security orchestration, automation and response capabilities (SOAR).

Getting started


Rollout pace

  • This feature is available now.

Availability

  • Available to Google Workspace Enterprise Standard and Enterprise Plus customers 

Resources