Tag Archives: Control Panel

Simplified email routing settings in the Google Apps Admin console

The email routing settings in the Admin console allow Google Apps admins to set up default mail routing options across their domain, or for specific organizational units. For example, you may want to route certain incoming mail to different server locations or recipients based on the nature of its content, or require that outbound mail pass through a gateway before being sent for greater security. 

These settings provide admins with a high level of granular control, but we realized that they can be complicated to find and use in their current structure in the Admin console. That’s why with today’s launch, we’re taking the first step towards significantly simplifying the experience for email routing settings by adding a new section called Routing under Gmail > Advanced settings > General settings
This new Routing section will consolidate the following existing settings into one location, making them easier to manage: Sending routing, Receiving routing, Outbound gateway, Default routing, and Email routing. The new Routing settings will coexist with your existing routing settings for the short term, and any routing policies previously set will not be impacted. 

In the future, we’ll further improve the email routing experience by migrating and consolidating additional existing settings into the new centralized location. Stay tuned for more information on these plans.

Admins creating new email routing policies are encouraged to use the new Routing settings for enhanced functionality. In addition to being easier to use, the new Routing settings will apply to SMTP-relayed messages as well as messages sent to email groups. These features are not available using the previous settings. 

Check out the Help Center for more details on the new Routing settings.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release

Rollout pace: 
Full rollout (1-3 days for feature visibility)

Impact: 
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center


Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Keeping data secure with Data Loss Prevention (DLP) for Gmail

Every company has data that it must keep secure — whether that data is about confidential innovations, strategic plans, or sensitive HR issues. Keeping all of this data safe from inadvertent or purposeful leaks needs to be simple, quick, and reliable. Google for Work already helps admins manage information security with tools such as encryption, sharing controls, mobile device management, and two-factor authentication. However, sometimes user actions compromise the best of all of these controls; for example, a user might hit “Reply all” when meaning to send a private message with sensitive content. 

Starting today, if you’re a Google Apps Unlimited customer, Data Loss Prevention (DLP) for Gmail will add another layer of protection to prevent sensitive information from being revealed to those who shouldn’t have it.

How Gmail DLP works
Organizations may have a policy that the Sales department should not share customer credit cards externally. To keep this information safe, admins can now easily set up a DLP policy by selecting “Credit Card Numbers” from a library of predefined content detectors. Gmail DLP will automatically check all outgoing emails from the Sales department and take action based on what the admin has specified: either quarantine the email for review, tell users to modify the information, or block the email from being sent and notify the sender. 

These checks don’t just apply to email text, but also to content inside common attachment types―such as documents, presentations, and spreadsheets. Admins can also create custom rules with keywords and regular expressions. So if there’s a confidential new product your company is building codenamed Lochness, admins can create custom checks for lochness, confidential, and other keywords to help deter any leaks. 

Check out the DLP whitepaper for more information, including the full list of predefined content creators, and get started. Gmail DLP is the first step in a long term investment to bring rule-based security across Google Apps. We’re working on bringing DLP to Google Drive early next year, along with other rule-based security systems. 

Note: this feature is available for Google Apps for Work Unlimited customers only.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release

Rollout pace: 
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact: 
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center


Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Easier user management in the Google Admin mobile app for Android

The Google Admin mobile app allows Apps super admins to easily manage users and groups, contact support, view audit logs and perform other common administrative tasks all from their mobile devices. 

Today’s update to the Google Admin mobile app for Android makes managing users and groups even easier with the following new features:

Add users from contact list
When adding a new user, Apps super admins can now simply import a contact from their contact list and have all of their information pre-populated in the ‘Add user’ form. The information can then be edited as needed, and the user can be quickly created. 
2015-11-10-165446_540x960_scrot.png
Quickly change roles and remove members 
When viewing member information inside of a group, it’s now possible for super admins to quickly change a member’s role or remove them from the group altogether.
2015-11-10-165534_540x960_scrot.png

Check out the Help Center links below for more information on the Google Admin app for Android.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release

Rollout pace: 
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact: 
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Manage Google Apps from an Android device
Help Center: Add a new user from your contacts
Help Center: Manage groups from an Android device
Get the Google Admin app on Google Play 

Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Setting up company-owned devices now easier with Android 6.0 (Marshmallow)

Do you purchase and give your employees Android phones and tablets to use at work? If so, our updated EMM solution now makes it easier for those employees to get their devices up and running, while also affording you complete management control.

For organizations that have enabled Android for Work, a new option in the Admin console (Device management > Mobile > Device management settings) is now available to manage company-owned devices running Android 6.0 (Marshmallow).
When you enable that option, an employee who adds a work account to a new device will be asked if the organization owns that device. Once confirmed, the Google Apps Device Policy app will automatically install and complete the steps necessary to provision the device and the user’s work account. That employee will then be ready to go—they can easily find approved mobile apps in the Google Play for Work store, and they’ll be signed in to any Google applications (like Gmail and Drive).
    
Once set up, an employee’s company-owned device will be governed by full device management (MDM) and application management (MAM) capabilities, meaning you’ll be able to require passwords, remotely wipe company information, and approve apps to be used at work. Furthermore, you’ll now be able to restrict select wireless and network settings (like mobile network, WiFi, and VPN), sharing settings (like screen capture and USB file transfer), user/account creation, and the ability to factory reset the device. Support for company-owned devices can be enabled at the domain or OU level.

In addition to the changes outlined above, which apply to company-owned Android devices running 6.0 (Marshmallow), we’ve streamlined the account setup flow for user-owned devices running 4.4 (KitKat) and 5.x (Lollipop). Employees with these devices no longer need to manually install the Google Apps Device Policy app from the Play for Work store to set up their devices; instead, the Device Policy app will be automatically installed and activated.

Check out the Help Center articles below for more information. These features will roll out gradually over the course of the next few weeks.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action suggested/FYI

More Information
Help Center: Set up device owner on company-owned devices
Help Center: Configure mobile device settings

Google Apps Admin SDK: Introducing the Roles API

Posted by Rishi Dhand, Product Manager, Google Apps Admin SDK, and Wesley Chun, Developer Advocate, Google Apps

(Cross-posted on Google Apps Developer Blog)

In a Google Apps domain, admin role management (i.e. create, assign, and update admin roles) is a critical function for super admins that helps them distribute admin responsibilities in a more secure manner. Until now, this functionality was only available via the Admin console UI.
This is what Role management looks like in the Admin console, but now you can also do this programmatically with the Roles API.

Today’s launch of the Roles API (one of the Admin SDK Directory APIs) enables developers to build admin tools that can perform role management programmatically.

This new API will be useful to admins who have built internal admin tools using the Admin SDK and to developers of third-party admin tools. Both can now use the Roles API to provide selective access to Delegated Admins (DAs) to specific admin capabilities within third-party applications.

Here are some examples of use cases where the Roles API can be leveraged:
  • A third-party user management app that relies on the Admin SDK to perform various user-related operations can now use the Roles API to selectively show the capabilities of user management DAs, such as creating/deleting users and resetting passwords.
  • A mobile device management (MDM) app developer looking to build a tool for access by Mobile Management DAs can use the Roles API to determine the privileges of the logged-in DA and selectively display MDM-related admin functionality.
  • Admins (or admin tools) can now programmatically create reports on admin role assignments which can help super admins better manage access to DAs.

For more information and to get started, please check out the Roles API documentation. We look forward to helping more admins manage their domains in a more programmatic way so they can focus on more critical aspects of managing their corporate IT infrastructure.

Manage multiple SAML and OIDC-based cloud services and custom apps with Google Apps Single Sign-On

Businesses today are investing in numerous cloud applications to provide the simple, secure, and customized experience for their employees that comes with moving to the cloud. Each application, however, can require its own set of user IDs and passwords, creating a huge amount of overhead and complexity for both admins and employees alike. 

To help simplify this experience, we’re enhancing our OpenID Connect (OIDC) Identity Provider support that can already be used with many SaaS apps in the Google Apps Marketplace, and adding support for SAML 2.0 (Security Assertion Markup Language) for more than 15 popular SaaS providers, including Salesforce, Workday and Dropbox. We’re also making it easy for admins to add new custom SAML and custom OIDC app integrations.

These new features allow admins to greatly reduce the time investment with managing multiple cloud applications, and allow employees to use their Google Apps credentials as their single login for all of the tools they need.
These single sign-on options help address the growing demand for a central cloud-based identity service. Check out our Identity whitepaper for a complete overview and the Help Center for more information on SAML apps set-up details and features, and a full list of pre-integrated cloud applications.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release

Rollout pace: 
Full rollout (1-3 days for feature visibility)

Impact: 
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center
Identity Whitepaper
Google for Work blog post


Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Programmatically transfer ownership of Drive content and Google+ pages

In July, we introduced a Data Transfer privilege in the Admin console, which we indicated would be required to use the soon-to-launch Data Transfer API. We’re excited to announce that that API is now available! It allows admins to programmatically transfer ownership of Google Drive content and Google+ pages—in bulk—from one employee to another. For more details on the API, please refer to our post on the Google Apps Developer Blog.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Google Apps Developer Blog

Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Easily migrate calendar events to Google Apps

The Google Apps data migration service lets Apps admins easily migrate user data to Google Apps via the Admin console, with no additional software or hardware installations required. The process is easy—just enter basic information about where the data is coming from, specify the type of data to include in the migration, and select the users to migrate. 

Admins could already migrate emails, labels, folders and contacts with the data migration service. With today's launch of calendar migration support, admins can now easily migrate calendar data from one or multiple Microsoft accounts (including Office 365, and Exchange versions 2007 and above) to Google Apps accounts.
calendar-migration.png
The data migration service can be accessed in the Admin console via the Migrations icon on the home screen. Check out the Help Center for more information.

Launch Details
Release track:  
Launching to both Rapid release and Scheduled release

Rollout pace: 
Full rollout (1-3 days for feature visibility)

Impact: 
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center


Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Block access to less secure applications in the Admin console

Last year, as part of an initiative to enhance user security, we encouraged developers to switch to OAuth 2.0 if their applications used plain passwords to authenticate to Google. To further that effort, we are now giving Google Apps admins increased control over user security by allowing them to block access to less secure applications in the Admin console (Security > Basic Settings > Less Secure Apps Access). Admins can change this setting at any time for their entire domains or specific organizational units.

For existing customers, this setting in the Admin console will be checked to allow access to less secure apps. If an admin leaves this setting as is, less secure applications will continue to work for any existing end users who already have them configured. New end users (e.g. new hires) who want to access less secure apps will need to enable them using an option on their My Account pages (under Sign-in & security).

If an admin decides to block access to less secure apps via the Admin console setting, their end users will not see this option on their My Account pages and will instead receive an error message when they try to access less secure apps.

Please note the following:
  • If an admin chooses to block access to less secure apps by disabling the Allow access for less secure apps setting in the Admin console, Google Sync/ActiveSync―which allows users to access their Google Apps accounts from devices and apps like the Windows Phone and iOS native mail app―will no longer work.
  • If an admin chooses to block access to less secure apps by disabling the Allow access for less secure apps setting in the Admin console, 2SV users will be unable to create to new ASPs (Application-Specific Passwords), though existing ASPs will continue to work. Admins will still have the ability to revoke ASPs on a user-level basis in the Admin console or by using an API.

Check out the Help Center articles and FAQ below for more information. This is a gradual rollout; we recommend waiting two weeks for the changes to fully propagate and the controls to work as intended.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action and change management suggested/FYI

More Information
Help Center: Admins
Help Center: Users
FAQ

Manage apps on employees’ iOS devices directly from Admin console

Earlier this year, we introduced Mobile Application Management (MAM) for Android devices. Today, we’re launching that same functionality for iOS devices. iOS Mobile Application Management enables Google Apps admins to recommend specific mobile apps they want their employees to use on their managed iOS devices.

Admins can easily whitelist the apps of their choosing from within the Admin console (Device management > Mobile > Manage Applications for iOS devices). By default, the following six apps are pre-whitelisted: Gmail, Google Calendar, Google Drive, Google Docs, Google Sheets, and Google Slides.

Once an app is whitelisted, an employee can easily discover and download it from the Device Policy app (recently made available in the App Store) on their iPhone or iPad. This ensures that new and existing employees can easily find and download the apps they need most—without having to scour the App Store or recall specific app names from their orientation. If an employee then leaves the organization and the admin wipes their account, they can be sure that all of that employee’s managed work apps are uninstalled as well.

Check out the Help Center articles below for more information.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins and end users

Action:
Admin action and change management suggested/FYI

More Information
Whitelist iOS apps
Mobile Management overview
Manage iOS devices
Google Apps for Work on iOS devices

Note: all launches are applicable to all Google Apps editions unless otherwise noted