Tag Archives: Admin Console

Use tokens as placeholders for user specific information when configuring managed iOS applications

What’s changing

In May 2024, we launched the ability for admins to remotely configure managed iOS apps on end-user devices via Google Mobile Device Management. 

Beginning today, admins can use tokens in the app configurations for managed iOS apps. Tokens act as placeholders for information specific to a user or device that uses the app, such as a user's email address or their device serial number. Previously, configuration data was static, but this update gives admins the flexibility to configure devices dynamically according to various users and devices.

Creating the app configuration using XML information using a token placeholder


Getting started


Rollout pace


Availability

Available for Google Workspace:
  • Business Plus
  • Enterprise Standard and Plus
  • Enterprise Essentials and Essentials Plus
  • Education Standard and Plus
  • Nonprofits
  • Frontline Starter and Standard
  • Cloud Identity Premium 

Resources


Configure Google Meet hardware devices to trust private certificates

What’s changing

Google Meet hardware devices can now trust HTTPS certificates signed by a private certificate authority (CA). This simplifies the process of setting up and managing third-party user control interfaces (UCIs), especially in high impact meeting spaces with systems like Q-SYS.

Previously, you had to get certificates signed by a public CA to enable Google Meet hardware touch controllers to load third-party UCIs. This process was often time-consuming and expensive, and required frequent renewals.

Now, you can use private CAs to securely connect your Google Meet hardware with a third-party room control system's UCI. This gives you more control over your network security and eliminates the costs and complexities associated with public certificates.

Getting started

Admin console >Menu > Devices > Networks > Certificates


  • End users: There is no end user impact or action required.

Rollout pace


Availability

  • Available to all Google Workspace customers with Google Meet hardware devices
  • Please note that Android devices aren’t supported yet.

Resources

New Chrome Browser Profile Reporting for Workspace users available in the Admin console

What’s changing

For Google Workspace customers with Chrome Enterprise Core, we’re pleased to introduce a new Chrome browser profile list and reporting features for signed-in Google Workspace users. These new capabilities give IT administrators more insight into Chrome user profiles in their organization . The report includes a new managed profiles list and detail pages where IT administrators can find information such as profile details, browser versions, policies applied, extensions installed and more. The list of extensions installed allows you to identify versions of extensions that can potentially be a risk factor for your users.

Overall, this update significantly improves how admins analyze how their users are interacting with Chrome and allows them to take action to keep their users and data secure in Chrome.

Once enabled, you can view reports by going to Admin console > Chrome browser > Managed profiles



Getting started

  • Admins: Admins can simply log in to the Google Admin console and enable the Managed profile reporting policy. Visit the Help Center to learn more about viewing Chrome browser profile details.

To enable reporting, go to Menu > Devices > Chrome > Settings > User & browser settings > Chrome Browser > Browser Reporting > Managed Browser Reporting

  • End users: There is no end user impact or action required.

Prevent the downloading, printing, or copying of files by all users with Enhanced IRM for Google Drive Data-Loss Prevention

What’s changing 

Google Drive’s Information Rights Management (IRM) capability protects documents from data exfiltration actions, specifically downloading, printing, and copying. This is useful for making sure that sensitive content is protected from data leakage. 


Historically, this feature has only been applicable to users with either the “viewer” or “commenter” role, which has left administrators unable to apply the setting to users with either “owner” or “editor” roles. To address this, we’re expanding IRM to be applicable to all users, including file editors and owners, when it is applied by a Data Loss Prevention (DLP) rule.

The new Enhanced IRM action, as seen in the DLP Rule creation flow.



Additional details

When an editor or owner is affected by IRM, they will retain the ability to copy and paste document content, but they may only do so within that document. Attempting to paste content outside of the document will not succeed. For more information, please refer to the help center content.


Getting started

  • Admins: DLP rules and CAA levels are applied per-file based on how these rules are configured.
  • End users: Only administrators can set IRM for all user roles on a file. File owners may still only set IRM for viewers and commenters. If a file has both an administrator-applied IRM setting and a file owner setting on it, the administrator setting takes priority. Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms. Visit the Help Center to learn more about stopping, limiting, or changing how your files are shared.
A view of the file owner’s IRM setting when an overriding administrator setting is present.

Rollout pace


Availability

  • IRM controls are available for all Google Workspace customers
  • Data Loss Prevention Rules and Context-Aware Access conditions are available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
    • Frontline Standard
    • Enterprise Essentials and Enterprise Essentials Plus

Resources


Control whether your users can add account recovery information with two new admin settings


What’s changing

We’re launching two new settings that will allow admins to control whether their users can add recovery email information and phone information to their Google Workspace account. 

By default, the ability to add a recovery email or phone number is ON for most Workspace users and K-12 super admins, but it should be noted that:

  • Adding email and phone recovery information is OFF by default for K-12 users. 
  • Phone number recovery collection is always enabled for super admins regardless of whether it’s disabled in the admin console.

Any changes admins make to these settings will overrule the existing organizational unit (OU) settings, except for super admins as stated above.

Security > Account Recovery > Recovery information


Who’s impacted

Admins and end users


Why it’s important

Adding recovery information to your account is helpful for keeping users’ accounts more secure, recovering users’ accounts as well as evaluating security related events, such as risky logins or re-authentication attempts. However, we know that there are a variety of reasons that customers would want to prevent their users from doing so. For example, turning recovery information off can help customers stay compliant with local privacy regulations, such as GDPR. Or admins can opt to add recovery information themselves. This update gives admins the control to decide which configuration makes the most sense for their users.

Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers.

Resources


Available in open beta: Set up Single-Sign On with custom OpenID Connect profiles

What’s changing 

Beginning today, admins now have the option to set up a custom OpenID Connect (OIDC) profile for single sign-on (SSO) with Google as their Service Provider. OIDC is a popular method for verifying and authenticating the identities - this update gives admins more options for their end users to access cloud applications using a single set of credentials. Previously, only OIDC with pre-configured Microsoft Entra ID profile was supported in addition to SAML.

Custom OIDC profiles can be configured in the Admin console at >Security > Authentication > SSO with third party IdP



Getting started


Rollout pace


Availability

  • Available for all Google Workspace customers except Google Workspace Essentials Starter customers and Workspace Individual Subscribers.
  • Also available for Cloud Identity and Cloud Identity Premium customers

Resources


Available in open beta: migrate messages from Microsoft Teams to Google Chat

What’s changing

Beginning today, we’re expanding our data migration experience to include the ability for Google Workspace admins to migrate conversations  from channels in Microsoft Teams to spaces in Google Chat, making it easier for organizations to onboard and deploy Chat. 

This can be done within the Admin console in a few steps:

  • First, connect to your Microsoft account.
  • Then, upload a CSV of the teams from where you want to migrate the messages. You can specify the source to destination identity mapping by uploading a CSV of the email ID’s from source to target.
  • Next, you’ll enter the starting date for messages to be migrated from Teams. Then you can begin your data migration. 
  • Finally, you’ll complete the migration by making migrated spaces, messages and related conversation data available to Google Workspace users (see our Help Center article for specific details on supported data types).

Starting a chat migration in the admin console

When a migration starts, the UI displays a visual report that breaks down tasks with individual progress bars for tasks that are successfully completed, skipped, failed or have warnings.


The final step to complete the migration is to roll out spaces, making migrated spaces and their content available to users.





Additional details

  • The Chat migration tool doesn’t delete or modify existing Google Chat spaces or messages. 
  • You can also run a delta migration, which will migrate any messages added to Teams channels since the primary migration. Messages that are already successfully migrated are skipped.
  • Once a migration is complete, you can export a report that contains detailed information regarding content that skipped, failed or had warnings during the migration.
  • You can find more information in our Help Center about migrating other forms of data from different types of source accounts.


Getting started

Rollout pace

  • This feature is available now.

Availability

  • Available for all Google Workspace customers

Resources


New Google Chat usage reports provide deeper insights into user engagement

What’s changing

From the introduction of spaces, huddles, voice messages, and more, Google Chat has added major new features and transformed significantly over the past several years. As a result, usage reports for Google Chat are evolving as well. Beginning today, we’re pleased to introduce new, information-rich usage reports to help Workspace administrators understand how their teams are using Google Chat. 


The charts being added are: 
  • User activity: the number of users based on two types (engaged and communicating) in the last 1 day and 28 days over a period of the last 180 days. 
    • “Engaged” users: these users read conversations. These users may, but are not required to, send messages and react to messages.
    • “Communicating” users: these users send or react to messages. The number of communicating users is a subset of engaged users. 
  • Messages sent: the number of messages sent by users of your organization in 1 day, 7 day, and 28 day period over a period of the last 180 days. 
  • Messages sent by conversation type: the number of messages sent in 1 day in direct messages, group and space conversations over a period of the last 180 days. 
  • Messages sent by type: the number of messages sent in 1 day broken out by message type: regular message, voice or video, huddle over a period of the last 180 days. 
  • Messages sent with attachment: the number of messages sent with or without attachments in 1 day over a period of the last 180 days.
  • Messages sent to conversations with external participants: the number of messages sent to conversation that include or may include users external to your organization over a period of the last 180 days.
  • Created spaces*: the number of spaces created by users of your organization in 1 day over a period of the last 180 days 
  • Active spaces*: the number of spaces owned by your organization in 1 day over a period of the last 180 days.

Updated Apps Reports for Google Chat




Admins can view user level data for Google Chat, as you can with Gmail, Drive, and other apps today. Admins can also view how many conversations were read, how many messages were sent, how many attachments* were uploaded, and more. They can also sort this information by specific organizational units or groups to assess adoption or usage within specific parts of organization

User level reporting for Google Chat



*Active Spaces and Created Spaces charts may show different numbers from those in Active Rooms and Active Rooms legacy charts. Active Spaces and Created Spaces charts only count conversations of ‘space’ type; Active Rooms and Created Rooms count conversations of space group conversation types.
*Attachments can be viewed in the security investigation tool.

Who’s impacted

Admins

Why it’s important

The updated reporting aligns trackable metrics with the current Chat experience and provides essential data for analyzing and driving adoption, configuring safety features, and more. 

For instance, admins can gain a deeper understanding of how their users are engaging with chat, differentiating between those who actively participate (send, react) and those who are primarily only reading messages. Organizational leaders  can use these insights to assess the need for further product training to boost adoption. Additionally, monitoring the volume of messages sent to external users can signal to admins that safety measures should be implemented, like establishing data loss prevention (DLP) rules to safeguard sensitive information.

Additionally, Chat is now represented in app usage reports, alongside other products like Google Drive and Gmail. While each set of apps has their own unique set of metrics, admins now have another data set to draw on when analyzing how their users are interacting with Google Workspace apps

Additional details

With the implementation of these new, information rich charts, we’re planning to remove the following charts on July 1, 2025:
  • Active Rooms
  • Created Rooms
  • Active Users
  • Messages Posted

Also note that:
  • Some metrics will take time to populate, such as the 7-day or 28-day views.
  • If you've used the 'Manage Reports' or 'Manage Columns' features to customize the App Reports or User Reports pages, you'll need to adjust your settings to see the new Google Chat charts and columns. These customization features, which allow you to hide, unhide, and rearrange the order of chats or columns, will prevent the new Google Chat data from automatically appearing in your reports. 

Getting started

  • Admins: 
  • End users: There is no end user impact or action required.

Rollout pace


Availability

  • Available to all Google Workspace customers

Resources

Now generally available: the Groups Editor & Groups Reader roles can now be provisioned for specific group types

What’s changing

At the beginning of the year, we launched the ability to assign the Groups Editor and Groups Reader roles for security groups or non-security groups in open beta. Beginning today, this feature is now generally available. Groups Admins have access to all groups. The new roles of Groups Editor and Groups Reader offer delegated admin permissions for groups, and can use conditions to limit access to sensitive groups as needed.

Getting started: 

Gemini for Workspace usage reports now include Gemini usage per app interactions

What’s changing

Starting today, we’re introducing additional usage metrics on the Gemini for Workspace reports in the Admin console. This report will now provide admins additional information about Gemini usage per app by users, specifically:

  • The number of times Gemini content summarization and content generation features were used in Gmail, Docs, Slides, Sheets by users.
  • The number of messages exchanged when chatting with the Gemini App and Gemini in the sidepanel of various apps by users.

Gemini usage reports in the Admin console


Getting started

  • Admins: Admins can access these reports via the admin  console under Menu > Generative AI > Gemini reports. Visit the Help Center to learn more about reviewing Gemini usage in your organization.
  • End users: There is no end user impact or action required.

Rollout pace


Availability

  • Available for Google Workspace customers with the Gemini Business, Gemini Enterprise, Gemini Education and Gemini Education Premium add-ons.

Resources