Tag Archives: Admin Console

Admins can now specify how individual Android apps update within the Admin console

What’s changing 

Google Workspace admins can now specify how Android apps update, giving them greater control over how Android apps are deployed within their fleet. Specifically, admins can specify whether apps are updated right away or postponed. Further, admins can set these policies on a group level within their organization. See below for more information. 



Who’s impacted 

Admins 

Why it’s important 

Previously, the default behavior for app updates in managed Google Play was contingent on the device being connected to a Wi-Fi network, to be charging, and not being actively used. This behavior is not always suited to the needs of our customers and admins need more granular control over how apps are updated. 

With this update, Admins can now set specific criteria for when Managed Play apps update: 
  • High priority mode: the app is updated immediately after the developer publishes a new version. Note that for high priority, app updates will also still be issued when the default update criteria is met. 
  • Postponed mode: the app will not be automatically updated during the 90 days after a new version is released. After this 90-day period, the newly available version of the app is automatically installed when a device is connected to Wi-Fi, charging, and the app is not in use. Note: users can still manually update the app via the Play Store. 

Additionally, Admins can apply these configurations on a Group level within their organization, giving admins even greater granular control. 

Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, Frontline, legacy G Suite Business and Basic, and Cloud Identity premium customers.
  • Not available to Google Workspace Business Starter, Business Standard, Essentials, Nonprofits customers, and Cloud Identity Premium customers 

Resources 

Create dynamic groups by querying custom user attributes

Quick summary 

Dynamic groups can now be defined by querying custom user attributes, allowing for more definitive group definitions based on user directory information. Admins can define memberships using a variety of conditions, such as a users: 
  • Country 
  • Domain 
  • Department 
  • Language and more

Getting started 

Rollout pace 

  • This feature is available now for all users. 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources 

Additional one-click recommended actions in the Alert Center

Quick summary 

In the Alert Center, Admins will see new, additional one-click recommended actions for certain events: 

  • Device wipeout: for “device compromised” and “suspicious device activity” alerts. If the admin feels blocking the device is not sufficient to protect the data at risk, they can can remotely wipe out the data of the device.

  • Quarantine email: for alerts such as malware detected post delivery, user phishing reported, suspicious message reported, and more. Once in quarantine, admins can take additional actions such as delivering the message to the intended recipient or denying message delivery.

Recommended actions help Admins quickly triage, take action, and remedy various incidents without leaving the Alert Center. To learn more about recommended actions, use this article in our Help Center and see this post on the Google Workspace Updates blog


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Use context-aware access to help protect Admin console access

Quick summary 

You can now apply contextual access rules to the Admin console. This enables you to control access to the Admin console based on user and device context. For example, you can enable restrictions based on IP, minimum device operating system version, and more. This can improve your security posture and reduce the risk of incorrect access to your Admin console. 


Getting started 


Rollout pace 



Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers. 


Resources 

New beta for data loss prevention helps protect sensitive data when users upload files to external Google Forms

What’s changing 

Previously, users in organizational units (OUs) or groups with active Drive Data Loss Prevention (DLP) policies couldn’t respond to external forms with File Upload questions. 


Now, we’re launching a new beta that will allow users to respond to external forms that contain File Upload questions, while also helping to prevent the leak of sensitive and confidential information. This beta will apply your domain’s existing Drive DLP policies to files that your users submit to Google Forms, without creating new rules or updating any existing ones. 


Admins of eligible customers can express interest in the beta using this form




Who’s impacted 

Admins and end users 


Why it’s important 

With this launch, end users will be unblocked from responding to Google Forms with File Upload questions across domains. At the same time, DLP gives admins control over what their users can share, and prevents unintended exposure of sensitive information such as credit card numbers or personal identifiable information. 


Getting started 

  • Admins: 
    • Use this form to express interest in the beta. 
    • Once accepted into the beta, Drive DLP rules defined for your domain will be applied to files submitted to File Upload questions in Google Forms. 
    • If you are not using DLP for Drive, you can create DLP rules at the domain, OU, or group level in the Admin console under Security > Data protection. You can apply block, warn or audit actions, consistent with DLP for Drive.Visit the Help Center to learn more about turning data loss prevention in Google Forms on for your organization
  • End users: 
    • End users can respond to forms as usual, but can now respond to forms outside their domain, including forms that have File Upload questions. 
    • If a form violates Drive DLP rules for their domain, end users may see warnings or be blocked from submitting. 


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 


Resources 

New Google Meet management settings for admins

What’s changing

Through new settings in the Admin console, admins can now control access to the following Google Meet features:

  • Chat
  • Present
  • Q&A
  • Polls

These new settings are available for Google Workspace editions that include admin capabilities. See below for more information.


Who’s impacted

Admins and end users


Why it’s important

Previously, only the meeting hosts and co-hosts could control access to these features on a per meeting basis. Now admins will be able to specify which interactive Meet features users in their domain can access. 


These features give administrators more control over how Google Meet is used in their organization. For example, in a school, these settings allow you to control whether or not students can present or send chat messages during video meetings. In business settings, specifically at large company meetings, giving the event host control over whether or not to conduct polls or Q&As during video meetings is a useful feature.


Additional details

Once an admin turns access to a particular feature off, the setting will be applied to all new and existing meetings for users in the selected organizational unit.


Features that are turned off won’t be accessible to end users — see the Help Center for more information.


Getting started

  • Admins: These features are enabled by default. Access to these features can be controlled at the OU level  in the Admin console under Apps > Google Workspace > Google Meet > Meet safety settings.  Visit the Help Center to learn more about Google Meet admin settings.

  • End users: Your admin will determine access to present, chat, Q&A, and polling features in Google Meet.


Rollout pace


Availability

  • Available to all Google Workspace editions with Admin console access.
  • You’ll see admin toggles for the Google Meet features available to your specific Google Workspace edition.

Resources


Updated and improved audit logs experience in the Admin console

What’s changing 

We’re updating the user interface for audit logs in the Admin console to allow for richer insights and query based reporting capabilities. This will bring the experience inline with the security investigation tool and create a more unified reporting experience across the Admin console. 


Some improvements you’ll notice are: 
  • Enhanced search attribute options: We’ve introduced a new search field that will help admins quickly find and apply search attributes. For larger lists (more than 15 items), admins will be able to pin commonly used attributes. 
  • The ability to perform searches in “filter” or “condition builder” mode: 
    • In filter mode, admins can add simple parameter and value pairs, such as viewing externally shared files with sensitive data or external emails with attachments, to filter for search results. 
    • In condition builder mode, admins can view previously applied filters as conditions with AND/OR operators to further refine search results. 
  • New data sources for the investigation tool: We’re expanding our list of data sources to 31 sources — see here for a complete list of data sources.



Who’s impacted 

Admins 


Why it’s important 

We hope this updated and streamlined experience makes it easier for admins to identify, triage, and act on security issues within their organization without having to switch between multiple tools. Additionally, by providing admins with new ways to set and filter for specific search attributes and establish reporting and activity rules, this will make it easier to stay apprised of what’s happening in their organization. 


Additional details 

Admins will no longer be able to export audit log data to CSV files, they can only be exported to Google Sheets going forward. Additionally, you may notice the renaming and merging of previously existing data sources and other minor UI changes. For a complete list of what’s changing, see this article in our Help Center

Getting started 


Rollout Pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

View more information on email delegate activity in the Security Investigation Tool

What’s changing 

Admins can now surface post-delivery actions taken by delegated users in the Security Investigation Tool. Specifically, you can now see if a delegate: 
  • Opened, replied, or marked a message as unread. 
  • Moved a message to the trash or back to their inbox. 
  • Clicked links or attachments. 
  • Downloaded attachments. 




Who’s impacted 

Admins 


Why it’s important 

It’s important to understand the exact user performing actions related to an investigation or audit — this change will give admins greater insight into actions taken by delegated users versus the account owner. 


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Standard Enterprise Plus, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

View bandwidth availability and usage during meetings via the Meet quality tool

What’s changing 

Admins can now use the Meet quality tool to view inbound and outbound bandwidth information—both used and available—for their users. Surfacing this information helps admins visualize participants bandwidth compared to the quality of a call, making it easier for them to determine where a bandwidth bottleneck could be causing low quality. 


Admins can use the graphs to view sent and received bandwidth, used bandwidth, and the bandwidth availability over time.



Hovering over a data point surfaces numerical readouts and exact timestamps. 


Who’s impacted


Admins


Why it’s important

Knowing which bitrates are available or being used for specific endpoints is critical data when performing troubleshooting or working to improve call quality in your domain. Previously, this data was only available as an average across entire calls, which can make it difficult to narrow down problems during specific points in time. 


We hope by surfacing this detailed information, Admins can easily troubleshoot or improve call quality for their users.


Getting started


  • Admins: This feature will be available by default. From the Admin console, navigate to Apps > Google Workspace > Google Meet > Meet quality tool. Alternatively, you can search for a meeting code, organizer, or participant from the search bar to access the Meet quality tool. Visit the Help Center to learn more about tracking meeting quality and statistics.
  • End users: There is no end user impact.


Rollout pace

  • This feature is currently available

Availability

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers

Resources


Roadmap


Use Directory Sync beta for fast and easy sync of users and groups

What’s changing 

We’re launching a beta for a new Directory Sync solution which can make it quicker and easier to synchronize your Active Directory user and group data with your Google Cloud directory. 


Directory Sync is an alternative to Google Cloud Directory Sync (GCDS). You might want to consider it if you want to sync Microsoft Active Directory LDAP data with your Google cloud directory using a completely cloud-based solution, without the need to manage on-prem hardware and deployments. Please read more about its features and network requirements to learn whether it's right for you. 

Who’s impacted 

Admins 

Why you’d use it 

The new Directory Sync solution is: 
  • Cloud based: The cloud-based sync process is auto-scheduled to run on a continuous basis in a loop, so there’s no need to install a sync client or on-premises software. 
  • Easy to use: A simple and modern UI integrated with the Admin console makes it easy to use for those with no LDAP knowledge. Plus, there’s no need for Google exclusion rules if you would like to sync from multiple Active Directory sources or manage a subset of users or groups within Google without synching from Active Directory. 
  • Integrated reporting: It offers centralized reporting in the Admin console. You can filter, search, and set custom alerts. 
  • Native multi-directory support: You can sync users and groups from more than one Active Directory source. 

The initial scope for the Directory Sync beta supports user and group sync with Active Directory only, and covers a limited range of attributes. In the future, we’ll add other features, including support for additional attributes, OU mapping to automatically place new user accounts in OUs, and more types of data. 


Additional details 

If your Active Directory server is located on-premises or hosted outside a Google Cloud environment, you’ll require a connection between Google Cloud and the LDAP server using Cloud VPN or Cloud Interconnect. Learn more about system requirements for using Directory Sync and supported network connections for Directory Sync


Getting started 

  • Admins: To use the Directory Sync beta, go to Admin console > Home > Directory > Directory Sync. No beta sign up or registration is required. You can delegate the ability to manage Active Directory with the new Directory Sync admin user role. Use our Help Center to learn more about using the new Directory Sync, and see FAQs about Directory Sync. 
  • End users: No end user impact 

Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as G Suite Basic and Business customers and Cloud Identity customers 

Resources