Tag Archives: Admin Console

Now generally available: configure third-party apps by select API scopes

What’s changing 

Earlier this year, we launched the ability to configure third-party apps by select API scopes to open beta. Beginning today, this feature is now generally available. 


This update gives admins more granular control. They can limit third-party app access to specific OAuth 2.0 scopes for Google APIs, like Drive or Gmail. This prevents apps from gaining additional access without admin consent, even if they request new API scopes in the future. This helps ensure data access is restricted to only what admins deem necessary.



Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers, as well as Cloud Identity Free and Premium customers


Resources


Educators can now request access to third-party apps for their students

What’s changing

We’re introducing a new workflow that allows educators to request access to unconfigured third-party apps on behalf of their students.

Admins can allow educators and users who are over 18 years of age to request access to apps for themselves or on behalf of others (proxy requests). For example, admins may create a group of trusted users who are responsible for vetting third party apps and allow them to make proxy requests on behalf of students.




Educators can view a list of apps they have recently accessed with their Google Workspace account and request access for their students.




Admins can review and take action on these requests in the Admin console by going to Security > API Controls > App Access Control. Requests will be denoted with a “Proxy”  label when the request is made on behalf of another user. 




Once admins have configured access, they can opt to notify users and/or users who made proxy requests via email about the outcome of their request.




Who’s impacted

Admins and end users

Why it’s important

Administrators can now allow a group of trusted users to vet and request third party app access on behalf of other users. This allows admins to better control who requests access and create a more streamlined process for app approvals.

Rollout pace

Availability

  • Available for Google Workspace Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade

Resources


Google Workspace Updates Weekly Recap – November 1, 2024

4 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.

Apply black & white filter to Google Drive scans on Android devices 
In August, we announced that you can now save files scanned in the Google Drive Android app as a .JPEG. This week, we’re excited to introduce an additional scanning option that gives you the ability to apply a black & white filter on your document scans. This new filter helps enhance texts and other important elements, ensuring they are sharply defined when compared to the background region. | Rolling out now to Rapid Release and Scheduled Release domains. | Available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about scanning files with your mobile device.
Apply black & white filter to Google Drive scans on Android devices

AI Classification now supports Field Selection for Model Training 
When AI Classification first launched, Labels eligible for model training needed to have a single field of either a badge or option-list field type, and Labels with multiple fields were ineligible. Now, customers that use AI Classification will be able to select which badge or option list field they would like to train a model for after identifying the target label. Once trained and enabled, the AI model will automatically apply the label and will only populate the selected field. | Roll out to Rapid Release and Scheduled Release domains is complete. | Available to customers with the AI Security add-on, Gemini Enterprise add-on, and Gemini Education Premium. | Visit the Help Center to learn more about Label Google Drive files automatically using AI classification. 


Reducing noise from unfollowed threads in Google Chat
In order to make it easier to identify which unread threads are most relevant to you, we’re reducing the noise by removing visual cues from threads that you do not follow in Google Chat. Starting this week, new activity, such as unread messages from threads you do not follow, will no longer bold and appear at the top of your conversation lists. | Rolling out now to Rapid Release and Scheduled Release domains on web and mobile at an extended rollout pace (potentially longer than 15 days for feature visibility). | Available to all Google Workspace customers. 


Introducing a better filter by condition experience for tables in Google Sheets 
Tables in Google Sheets will now provide users with a smarter filter by condition experience. Sheets offers 21 options for users to filter by condition, such as “Date is” or “Text ends with”. However, we know there are scenarios in which certain filters might not be applicable based on the type of data in a spreadsheet. Based on the set column type, users will now only see relevant filter by condition options. For example, if your column type is set to number, the filter options will be number-based only. | Roll out to Rapid Release and Scheduled Release domains is complete. | Available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about sorting & filtering your data.
Introducing a better filter by condition experience for tables in Google Sheets



Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Refine emails faster with updates to the “Polish” shortcut in Gmail 
We’re expanding the Help me write shortcut to web and introducing a Polish shortcut on web and mobile that helps you refine emails even faster. | Learn more about email shortcuts in Gmail. 

Google Classroom now supports exporting missing and excused grades to select Student Information Systems (SIS)
Teachers can now include missing and excused grades when exporting grades to their Student Information Systems (SIS). | Learn more about exporting missing and excused grades to select Student Information Systems (SIS). 

New density setting in Google Chat 
To give users more control over how they see information in Google Chat, we’re introducing a new setting that allows you to control the visual density of screen elements. Choose between “Comfortable” or “Compact” on chat.google.com. | Learn more about density settings in Chat.

Context Aware Access insights and recommendations are now generally available
We’re making it easier to apply context-aware access (CAA) policies with new insights and recommendations. We’ll proactively surface potential security gaps and suggest pre-built CAA levels which admins can deploy to remediate the security gaps. | Learn more Context Aware Access insights.

FedRAMP High authorization for Gemini for Workspace 
As recently announced, we submitted our package to obtain FedRAMP High authorization for Gemini for Workspace, including the Gemini app. A FedRAMP High certification assures federal agencies in the United States that a cloud service provides the highest level of protection for their most sensitive data, enabling them to confidently leverage cloud technologies for critical operations. | Learn more about FedRAMP High authorization for Gemini.

Gemini in the side panel of Google Chat is now available
We’re expanding Gemini in Chat to help users collaborate more effectively in their spaces, group messages and direct messages. | Learn more about Gemini in the side panel of Chat. 

Data classifications labels for Gmail are now available in open beta
In addition to Google Drive, we’re expanding data classification labels to now include Gmail. Classification labels are used to classify and audit content according to organizational guidelines (“Sensitive”, “Confidential”, etc.) and apply policies, such as data loss prevention (DLP) rules, to protect sensitive information in email messages. Classification labels will be available when using Gmail on the web – support for Gmail on mobile devices will be introduced in the coming months. | Learn more about the beta for data classifications labels for Gmail.


Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 
    For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).       


    Context Aware Access insights and recommendations are now generally available

    What’s changing

    We’re making it easier to apply context-aware access (CAA) policies with new insights and recommendations. We’ll proactively surface potential security gaps and suggest pre-built CAA levels which admins can deploy to remediate the security gaps. These insights will be surfaced to customers, if they have not deployed any CAA policies to their users. When you deploy a recommendation, it will first be placed in Monitor Mode, so you can understand how the policy will block user access over time, and can be reviewed in the CAA audit logs

    With this release, we’ve also added the ability for admins to customize the recommendations as they see fit before they’re applied broadly. Additionally, we’ll send primary admins an email on a quarterly basis with insights and actionable recommendations.




    Who’s impacted

    Admins

    Why it’s important

    Using Context-Aware Access, admins can set up different access levels based on a user’s identity and the context of the request (location, device security status, IP address). This can help provide granular access controls without the need for a VPN, and give users access to Google Workspace resources based on organizational policies. Insights and recommendations help admins improve the cybersecurity posture of their organization by proactively identifying areas that need attention, significantly reducing the need for admins to identify these risks themselves. For example, if we detect devices with outdated operating system versions  accessing corporate Workspace data, we can surface this as an Insight & pair it with a recommendation to block such devices from accessing Workspace data with a few clicks.

    Getting started

    • End users: There is no end user impact or action required.

    Rollout pace

    Availability

    Available to Google Workspace
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Also available to Cloud Identity Premium customers

    Resources

    Google Drive inventory reporting is now generally available

    What’s changing 

    Earlier this year, we launched Google Drive inventory reporting in beta — beginning today, this feature is generally available. Compared to APIs, exporting inventory reports to BigQuery empowers admins to understand their data more deeply, providing insights into how their data is classified, accessed, and used. Understanding these metrics can help admins to identify security risks, ensure compliance with regulatory requirements, and more. For more information, please reference our original announcement


    Alongside general availability, we’re pleased to announce new functionality: 
    • When generated, inventory reports will follow the data regions settings established by admins. 
    • Within reports, you can now view the email address of the file creator, what organizational unit the file owner belongs to, and inherited permissions for shared drive items. 
    • For greater admin visibility into inventory reporting related actions, audit events are now captured for configuration updates, configuration deletion & creation, as well as completed and failed reports.


    Getting started

    • Admins: Visit the Help Center to learn more about Drive inventory reporting.
    • End users: There is no end user impact or action required.

    Rollout pace


    Availability

    Available* for Google Workspace:
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Cloud Identity Premium

    *Note that this availability refers to the ability to generate a report. All end users will be included in the report and are not limited to any specific Google Workspace edition.

    Resources


    Now generally available: Migrate users’ emails from Google Workspace, Gmail and other IMAP enabled mail servers

    What’s changing 

    In March 2024, we launched an open beta for the ability to migrate your users’ email data from Google Workspace, Gmail, or IMAP enabled mail servers to another Google Workspace account. This includes the ability to run delta migrations, to smartly bring over newly generated or modified emails from the source without duplicating previously migrated content. 

    Beginning today, this data migration experience is now generally available, helping admins migrate email data in a more secure, reliable, and efficient manner.

    Admin console > Data > Data Import & Export > Data Migration


    Additional details

    You can find more information in our Help Center about migrating other forms of data from different types of source accounts.

    Getting started


    Rollout pace


    Availability

    • Available to Google Workspace:
      • Business Starter, Standard, and Plus
      • Enterprise Standard and Plus
      • Education Fundamentals, Standard, Plus, and the Teaching and Learning Upgrade
      • Essentials Starter, Essentials, Enterprise Essentials, and Enterprise Essentials Plus
      • Nonprofits

    Resources


    Available in open beta: Easily migrate files from Microsoft OneDrive to Google Drive

    What’s changing

    Under the umbrella of our data migration services, we’re introducing a new file migration service for Admins to transfer files between OneDrive data to Google Drive for up to 100 users at a time. Available directly under the Admin console, super admins can now migrate all your files and folders, as well as their corresponding access permissions with shared members. Starting a migration entails a few simple steps:

    • First, connect to the Microsoft OneDrive account you want to transfer files from
    • Next, set the migration scope by identifying the email addresses of Microsoft OneDrive users that you wish to migrate.
    • Finally, create an identity map to connect users on the source account to users on the target account.


    Admin console > Data > Data import & export > Data migration > Go to data migration > Microsoft OneDrive





    The console will provide reporting on the migration progression and metrics such as how many users have been processed, how many files have been migrated or skipped, and more. You’ll also have the option to export a migration report to further investigate errors and access troubleshooting tips directly from the tool. You can also make delta updates to migrate any new files that were added or updated after a previous migration. 

    Example of a completed migration

    Who’s impacted

    Admins

    Why you’d use it 

    Data migrations play a critical role in ensuring a seamless transition between various tools and Google Workspace for both admins and end users. Workspace now offers a first party solution that allows our customers to migrate their data at scale, and without the need for third-party workarounds or on-premises infrastructure. This will significantly reduce the overall migration process and onboarding time to Google Workspace, saving customers considerable administrative and infrastructural costs. Additionally, it ensures minimal interruption for end users, who will be able to access all of their files and documents within Google Drive.

    Getting started

    • Admins: This feature is available in open beta - no additional sign-up is required to use the feature. This migration can only be performed by super admins. Visit the Help Center to learn more about migrating files from a OneDrive account.
    • End users: There is no end user action required.

    Rollout pace

    Availability

    Available to Google Workspace 
    • Business Starter, Standard, Plus
    • Enterprise Standard, Plus
    • Education Fundamentals, Standard, Plus, the Teaching and Learning Upgrade
    • Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus
    • Nonprofits

    Resources


    Automate meeting recording, transcripts and notes for your Google Meet meetings

    What’s changing

    Admins now have the option to configure meeting recordings, meeting transcripts, and “take notes for me”* as on by default for newly created meetings. Meeting hosts and co-hosts can edit these settings in the Calendar invite, as well as turn these artifacts off during the meeting. We hope these settings help ensure artifacts are created for specific meetings or series of meetings, like sales calls or town hall meetings, without relying on manual intervention. When these meeting artifacts are turned on, attendees will be notified when they join the green room and when they join the meeting. 

    Apps > Google Workspace > Google Meet > Meet video settings > Automatic transcription

    Apps > Google Workspace > Google Meet > Meet video settings > Automatic recording


    Apps > Google Workspace > Google Meet > Meet video settings > Automatic note taking




    *”Take notes for me” requires a Gemini add-on. See below for more information.

    Getting started


    Rollout pace


    Availability

    • Available to Google Workspace 
      • Business Standard and Plus
      • Enterprise Essentials, Enterprise Essentials Plus
      • Enterprise Standard and Plus
      • Education Plus, and the Teaching and Learning Upgrade

    • Take notes for me” requires a Gemini Business, Enterprise, Education, Education Premium, or AI Meetings & Messages add-on.

    Google Workspace Updates Weekly Recap – October 4, 2024

    4 New updates

    Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.




    Access filter chips easier in Google Drive search 
    Last year, we introduced search chips in Drive to enable you to filter by criteria like file type, owner, and last modified date. To build upon this, we are adding these filters inside the Drive search bar, so you can find relevant files even faster in Drive. We will also show new as-you-type suggestions for filter chips. For example, if you type “doc”, you’ll see a suggested “Document” file type chip. | Rolling out to Rapid Release domains now; launch to Scheduled Release domains planned for October 22, 2024. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about searching and finding files in Drive.

    Access filter chips easier in Google Drive search

    The Option List field type is now two separate field types in Label Manager 
    Since launching, Google Drive Labels have supported the ability to make an Option List field a single-select or multi-select. To make this setting clearer and improve upon the user experience in the Label Manager, we’ve separated the options into two separate field types: Options list (Single select) and Options list (Multi select). | Rollout to Rapid Release and Scheduled Release domains is complete. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus, Education Standard, Education Plus, Frontline Starter and Frontline Standard customers only. | Visit the Help Center to learn more about adding fields to a label. 


    Improved spelling suggestions for Germanic languages in Google Docs
    For years, users have used Google Docs’ spelling suggestion features for a variety of languages. This week, we’re excited to announce improvements to Norwegian spelling suggestions: 
    • Norwegian Bokmal 
    • Norwegian Nynorsk 
    Rolling out to Rapid Release and Scheduled Release domains now. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about checking your spelling & grammar in Google Docs and changing your language on the web.


    Introducing new summary cards for purchase information in the Gmail mobile app 
    Summary cards extract information from related purchase emails and visually display it at the top of the email to provide helpful information about orders and deliveries. This week, we’re excited to announce updates for purchase-related summary cards including new action buttons, the ability to organize key information across related emails, and real-time status updates. Now you can effortlessly find order details of recent purchases or stay up-to-date on the latest delivery status. The new purchase summary cards are now available in the Gmail mobile app on iOS and Android devices. | For Android devices, rollout to Rapid Release domains is complete; launch to Scheduled Release domains planned for October 14, 2024. | For iOS devices, rollout to Rapid and Scheduled Release domains is complete. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about using summary cards in Gmail.

    new summary cards for purchase information in the Gmail mobile app

    Previous announcements

    The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


    Comments and action items are now available for client-side encrypted Google Sheets and Slides 
    The use of comments and action items are now available in client-side encrypted Google Sheets and Slides. | Learn more about client-side encrypted comments in Sheets and Slides.


    Beta update: Data Loss Prevention enforcement in Gmail is now instantaneous 
    We’re announcing enhancements for the Data Loss Prevention for Gmail open beta, which are designed to improve usability without compromising sensitive data protections for Gmail. | Learn more about the DLP beta in Gmail. 


    New Watermarking in Google Meet Helps Protect Your Meeting Content 
    Google Workspace customers with a Gemini add-on can now watermark presented content and video feeds in Google Meet. Watermarking in Google Meet will appear as a subtle text overlay that displays the meeting code and the email address of the viewer over the shared content and video feeds of participants.| Learn more about Watermarking in Meet.


    Gmail Q&A now available on iOS devices
    Last month, we introduced a new way of searching your inbox with Gemini on Android devices. Starting this week, this feature is also available on iOS devices, enabling you to ask Gemini questions about your inbox. | Learn more about Q&A on iOS devices.


    For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).   

    Beta update: Data Loss Prevention enforcement in Gmail is now instantaneous

    What’s changing 

    Today, we are announcing enhancements for the Data Loss Prevention for Gmail open beta, which are designed to improve usability without compromising sensitive data protections for Gmail. Once deployed, users will receive instant notifications on risks to applicable DLP policies prior to leaving their inbox, instead of having DLP rules evaluated after the message has already left the inbox. In addition to more timely user feedback, this capability, called synchronous DLP, helps educate users about the potential risk of leaking sensitive information. 


    We’re also introducing a new action for DLP rules, “Warn”, which will notify users about potentially sensitive data while providing the option to send the message based on a user’s assessment of a risk. For added safety, the DLP service will scan messages one additional time after they leave the sender's mailbox.


    Who’s impacted

    Admins and end users


    Why it matters 

    Data breaches are one of the most common and costly security issues facing organizations. Often these breaches originate from within an organization by unintentional or intentional actions by their users. Data loss prevention capabilities help prevent this exfiltration of data and helps guide users about what information to share. To help safeguard sensitive information, organizations can create and enforce policies that not only detect and block sensitive information from being shared, but educate users on what information sharing is or is not appropriate and how to be compliant with those guidelines. Specifically, data loss prevention rules can look for sensitive text stings, custom detectors, or predefined detectors in outgoing messages sent internally or externally. 


    The latest update for data loss prevention rules in Gmail brings the experience in line with Google Drive and Google Chat, which are already adopted broadly by Google Workspace customers. You can refer to our Help Center for more information about data loss prevention in Gmail.


    Additional details

    Customizable warning messages
    DLP rules can be configured to block the message, warn users about sensitive information, or quarantine the message. When sensitive information is detected, users will be shown a dialog box notifying them of the risk. Admins can now choose to customize the information shown to end users in these dialog boxes, including why their message was flagged, what they can do to unblock themselves, and links to additional resources to educate them further.

    Example of a custom warning message




    Continued asynchronous scanning of messages
    While messages will now be scanned synchronously, messages will go through additional scanning asynchronously (after the message leaves the inbox) for an additional layer of protection. This includes messages that are sent automatically, such as auto-forward or scheduled send, and messages sent from non-Gmail clients.


    Getting started

    • Admins:
      • Data loss prevention in Gmail is available in open beta for select Google Workspace customers. These rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Note that with the new synchronous scanning, your end users will begin seeing dialog boxes related to these rules before messages leave the inbox. These will be displayed when using Gmail on the web and mobile.

      • Visit the Help Center to learn more about controlling sensitive data shared in Gmail. Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail. 

      • DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.

      • We recommend selecting “Audit only” when you’re setting up a new rule in order to test and monitor its performance, or to passively monitor the environment without interrupting email flow for your users. There are no changes to the “Audit only” action with this update, they will continue to operate as usual.

    • End users: Depending on the data loss prevention rules configured by your admin, you may see a dialog letting you know that:

      • Your message is blocked: Your message contains information that cannot be shared — you’ll need to remove it in order to send your message.
    Dialog in case of a blocked message
      • Your message contains sensitive information: Your message contains information that is sensitive, but can be shared — you can decide whether to send it or edit the message to exclude this information. Note that your admin will be notified about this activity.


        Dialog in case of a warning

      • Your message contains sensitive information that requires review: Your message contains information that will need to be reviewed by an admin. You’ll have the option to submit it for review, and upon review it will be released for delivery or declined. You may receive a notification about the message being declined from delivery.


        Example of a quarantine message

    Rollout pace

    Availability

    Available for Google Workspace:
    • Enterprise Standard, Enterprise Plus
    • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
    • Frontline Standard
    • Cloud Identity Premium customers

    Resources