Tag Archives: Rapid Release

Gems are now available in the side panel of Google Workspace apps

What’s changing

Currently, when you’re using the Gemini app, you can use Gems, custom AI experts that can help you complete specific goals, tasks, and workflows based on your input. You can also take advantage of pre-made Gems as well, like writing editor, coding partner, sales pitch ideator, and more. 

Today, we’re bringing the power of Gems directly into the side panel of Google Docs, Slides, Sheets, Drive, and Gmail.

Gems in the side panel of Google Docs


Who’s impacted

Admins and end users

Why you’d use them

Gems can help you further leverage the power of Gemini in a way that’s customized to your needs more efficiently by minimizing repetitive prompting. You can now take advantage of Gems directly from the side panel of several Google Workspace apps. This includes your custom Gems or pre-made gems. Without needing to switch between applications, you can use Gems in the side panel to:

  • Leverage a copywriting Gem to create posts and content tailored to your target audience, pre-loaded into the Gem.
  • Create a Gem that helps with sales interactions that is grounded on information for a specific company, prospect, or industry. 
  • Leverage an "assistant gem" tailored to your job role to help provide more relevant summaries for you and content for internal communications.
  • Leverage a Gem designed to help pressure test content from a certain persona (e.x C-Suite or CEO) to help you create the most compelling message.

Additional details

If you don't see a Gem that meets your needs, or want to customize a Gem for a specific task, you can create your own at gemini.google.com/gems/create. Both custom and premade Gems will appear in the side panel across all supported Workspace applications, and can leverage many Workspace capabilities including @ mentioning, accessing files and folders in your corpus, and more. Visit the Help Center for more information on working with Gems.

Getting started

  • Admins: There are no admin controls for Gems or Gemini in the side panel of supported Google Workspace apps.

  • End users: Visit the Help Center to learn more about using Gems. You can access the Gemini in the side panel by clicking on “Ask Gemini” (spark button) in the top right corner of Docs, Sheets, Slides, and Drive on the web. Visit the Help Center to learn more about collaborating with Gemini in Google Drive, as well as Google Docs, Google Sheets, and Google Slides, and Gmail.

Rollout pace


Availability

  • Available for Google Workspace customers who can access Gemini in the side panel of Workspace apps and Gems in the Gemini app.

Resources


AppSheet Updates: New Licenses page in the AppSheet Admin Console and group based license controls for Enterprise Plus licenses

What’s changing 

We’re pleased to announce the Licenses page in the AppSheet Admin Console. From the Licenses page, customers that purchase their AppSheet licenses through Workspace can now see the licenses purchased, assigned and used in a single consolidated view in the AppSheet Admin Console. Customers can also distinguish between licenses used in a month and licenses assigned. 

This updated license reporting will show you every user of your licenses in the calendar month and the reason why licenses were consumed. You can also select the reason and you will be redirected to the app usage report highlighting the apps that caused a license to be used.

The new License page in the AppSheet Admin console


Additional details

License Warnings
Starting this week, you may start to see warnings in the AppSheet Admin Console if you have exceeded the number of licenses purchased or have shared an app with a user with a lower license tier. 

Note that regardless of the license type, all AppSheet licenses are billed as a subscription – billing is not usage based. In other words, your organization will never be charged for more licenses than you have agreed to purchase upfront, even if your usage exceeds your commitment. However, user access may be restricted after repeated months of unresolved license violations. For detailed information on the licensing options, types of warnings you may see, and how to resolve these warnings, please read through this post in the AppSheet community.

Example warning banner


Pooled licensing for AppSheet Enterprise Plus
It is now possible to limit the users of your pooled enterprise licenses to a group configured by an admin. Eligible users can be members from your verified domain(s) in a Google Group. When configured, this setting grants an enterprise license to every member of the group, including groups within the selected group. Users from your organization that are outside of the enterprise pooled group will not be allowed to access apps created by users with an enterprise license.

Pooling AppSheet Enterprise licenses by a specific Group


Getting started


Rollout pace


Availability

  • Available for all Google Workspace customers with AppSheet licenses

Resources

Join a client-side encrypted meeting from a Google Meet Hardware device

What’s changing 

Currently, you can join client-side encrypted calls from a computer or mobile device. Starting today, you can join client-side encrypted calls directly from Google Meet hardware devices. Simply select the meeting from the in-room agenda on any hardware device – you’ll be prompted to authenticate from a personal device, such as your phone or laptop, which will grant the room access to this specific meeting.

Joining a client-side encrypted meeting from a hardware device

Google Meet always encrypts call media in transit and at rest, ensuring only meeting participants and Google's data center services can decrypt it. Client-side encryption adds an additional layer of privacy by encrypting all media that is encrypted directly by each participant's browser using keys accessible only to them, meaning Google's servers and other service providers cannot decrypt or access the call content. This gives users greater control and confidentiality over their meeting communications, and this specific update gives users another way to join client-side encrypted calls.

Additional details

Client-side encrypted calls can be joined from meeting rooms in the host's organization or in the organization of an invited participant. A room does not need to be specifically invited to the meeting — access to client-side encrypted calls is determined by the identity of the individual participant. 

Getting started

  • Admins: 
    • In order for end users to use client-side encryptions, admins must connect Google Workspace to an external identity provider and encryption key service (IdP+key service). Visit the Help Center to learn more about managing client-side encryption for your organization. Note: There is no additional configuration for room hardware if client-side encryption has already been configured.
    • Note: The KACLS server used for key management needs to support the delegate call. This call is used for authorizing a room to join a meeting on behalf of an authenticated user. Check with your KACLS vendor for details. 

  • End users: You can join a client-side encrypted call from a room in the same way you would join a call using regular encryption. Follow the additional instructions displayed on the room unit to authenticate on your personal device. Visit the Help Center to learn more about joining a client-side encrypted meeting from a Google Meet hardware device.

Rollout pace

Availability

Client-side encryption for Google Meet is available for Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus
Joining an encrypted call is available for all Google Meet hardware devices

Resources

Access Gemini Audit logs using the Reporting API, the security and audit investigation tools

What’s changing

Gemini Audit logs are now accessible through the Reporting API (Admin SDK). This allows admins to track user activity and interactions with Gemini across Workspace app, including: 
  • The action performed by the user within a Workspace application, initiated or assisted by Gemini. For example: formalizing copy, generating a background, or summarizing a conversation. 
  • The specific app where Gemini inWorkspace apps was used, for example Chat, Gmail, or Docs. 
  • The specific features which were used, for example “help me write”, “remove image background” or “help me organize”. 
  • And more – see our API documentation for more information on the types of Gemini in Workspace activity you can query
As part of this update, this information will be available in the security investigation tool and audit investigation tool as well. 

Who’s impacted 

Admins 

Why you’d use it

Admins can use the Reports API to analyze how their users are engaging with Gemini at scale. These valuable insights can help organizations get the most out of Gemini. Specifically: 
  • Monitoring adoption and usage: Admins can track the overall use of Gemini features across the organization and within specific Workspace applications (Gmail, Docs, Slides, Sheets, Gemini app). This includes identifying the number of active Gemini users, their usage patterns per app, and the “Last Used” time stamp for each user. 
  • Understanding feature utilization: The reports detail how frequently specific Gemini features like content summarization and generation are used within different applications. 
  • Identifying training needs: By observing feature and app usage, admins can pinpoint areas where users might require additional training or resources to maximize their use of Gemini's capabilities. 
  • Identifying power users: The reports can help identify individuals who are heavily utilizing Gemini features, potentially recognizing internal champions who can share their expertise and best practices with other users. 
Further, surfacing this information in the audit and investigation tool can help admins review user activity related to Gemini, while the security and investigation tool can help admins to identify, triage, and take action on potential security and privacy issues.

Getting started 

Rollout pace 

  • Reports API: Available now.
  • Security investigation tool and the audit investigation tool: Extended rollout (potentially longer than 15 days for feature visibility) beginning on July 1, 2025

Availability 

  • Available for all customers with a Google Workspace edition that includes access to Gemini in Workspace apps, as well as customers with a Gemini add-on*. 
  • The Reports API and audit and investigation tool is available for all Google Workspace customers. 
  • The security investigation tool is available for Google Workspace
    • Frontline Standard and Plus 
    • Enterprise Standard and Plus 
    • Education Standard and Plus 
    • Enterprise Essentials Plus 
    • Cloud Identity Premium.

*As of January 15, 2025, we’re no longer offering the Gemini Business and Gemini Enterprise add-ons for sale. Please refer to this announcement for more details

Resources 

Access Gemini Audit logs using the Reporting API, the security and audit investigation tools

What’s changing

Gemini Audit logs are now accessible through the Reporting API (Admin SDK). This allows admins to track user activity and interactions with Gemini across Workspace app, including: 
  • The action performed by the user within a Workspace application, initiated or assisted by Gemini. For example: formalizing copy, generating a background, or summarizing a conversation. 
  • The specific app where Gemini inWorkspace apps was used, for example Chat, Gmail, or Docs. 
  • The specific features which were used, for example “help me write”, “remove image background” or “help me organize”. 
  • And more – see our API documentation for more information on the types of Gemini in Workspace activity you can query
As part of this update, this information will be available in the security investigation tool and audit investigation tool as well. 

Who’s impacted 

Admins 

Why you’d use it

Admins can use the Reports API to analyze how their users are engaging with Gemini at scale. These valuable insights can help organizations get the most out of Gemini. Specifically: 
  • Monitoring adoption and usage: Admins can track the overall use of Gemini features across the organization and within specific Workspace applications (Gmail, Docs, Slides, Sheets, Gemini app). This includes identifying the number of active Gemini users, their usage patterns per app, and the “Last Used” time stamp for each user. 
  • Understanding feature utilization: The reports detail how frequently specific Gemini features like content summarization and generation are used within different applications. 
  • Identifying training needs: By observing feature and app usage, admins can pinpoint areas where users might require additional training or resources to maximize their use of Gemini's capabilities. 
  • Identifying power users: The reports can help identify individuals who are heavily utilizing Gemini features, potentially recognizing internal champions who can share their expertise and best practices with other users. 
Further, surfacing this information in the audit and investigation tool can help admins review user activity related to Gemini, while the security and investigation tool can help admins to identify, triage, and take action on potential security and privacy issues.

Getting started 

Rollout pace 

  • Reports API: Available now.
  • Security investigation tool and the audit investigation tool: Extended rollout (potentially longer than 15 days for feature visibility) beginning on July 1, 2025

Availability 

  • Available for all customers with a Google Workspace edition that includes access to Gemini in Workspace apps, as well as customers with a Gemini add-on*. 
  • The Reports API and audit and investigation tool is available for all Google Workspace customers. 
  • The security investigation tool is available for Google Workspace
    • Frontline Standard and Plus 
    • Enterprise Standard and Plus 
    • Education Standard and Plus 
    • Enterprise Essentials Plus 
    • Cloud Identity Premium.

*As of January 15, 2025, we’re no longer offering the Gemini Business and Gemini Enterprise add-ons for sale. Please refer to this announcement for more details

Resources 

Improving Google Meet hardware admin log events with more granular information

What’s changing 

We’re improving the granularity of Google Meet hardware Admin log events. This upgrade offers a more comprehensive and precise audit trail, enabling you to better track and understand administrative actions related to your Google Meet hardware. This increased visibility will enhance your organization's security and facilitate more effective troubleshooting. 

First, the “HANGOUTS DEVICE SETTING” event category is going away and will be replaced with a new event type: “GOOGLE MEET HARDWARE”. This does not apply for “Chromebox for meetings Device Setting Change”, which will move to “APPLICATION SETTING” in a follow-up launch. 

The following changes made in the Google Meet hardware Admin console will be logged as an Admin log event under “GOOGLE MEET HARDWARE”:
  • Change lifecycle state on Meet device 
  • Change OU membership of Meet device 
  • Change properties on Meet device 
    • This includes all information found in the Admin console under Devices > Google Meet Hardware > Devices > [Device name] > Device settings
  • Perform bulk action on Meet devices
  • Perform command on Meet device

You can also view additional fields related to these new events, including: 
  • Device ID 
  • Resource ID(s) for Serial Number 
  • Device type (will always be ‘meet’) 
  • Action(s) (if applicable) 
  • Setting name (if applicable) 
  • And, if applicable, additional information, such as the meeting code and more. 
Note that some fields are not visible in the log viewer by default; you can add additional fields using the “Manage columns” button.



In the coming weeks, you will be able to create, change, and delete application settings under “Application Settings”. All changes to settings found in the Admin console under Devices > Google Meet hardware > Settings will be audited here. We will share more details in the coming weeks. 

Additional details 

In the coming months, we are removing all events under the “HANGOUTS DEVICE SETTINGS” event type since the product name is obsolete, and the new events will include this information and even more data. Prior to their removal, you’ll still be able to filter for these events, however new activity will be only captured under the new “GOOGLE MEET HARDWARE” events.


 This table has more details:

New Event name 

Associated Actions 

Perform command on Meet device

  • Reboot 

  • Connect to Meeting 

  • Mute 

  • Hangup 

  • Run Diagnostics 

  • Passcode viewed 

Perform bulk action on Meet devices 

  • Download device information

  • Bulk update devices

  • Reboot

  • Connect to Meeting

  • Mute

  • Hangup


*Audit logs will also be created for the individual devices included in a bulk action.

Change properties on Meet device 

Occupancy detection, noise cancellation, etc.

Change lifecycle state on Meet device 

Provision or deprovision a Meet device

Change OU membership of Meet device 

Moving a device from OU to OU


 Getting started 

  • Admins: Visit the Help Center to learn more about admin log events
  • End users: There is no end user impact or action required. 

Rollout pace 

Important note: The new log events will be available in the user interface via the Event filter drop-down under “Google Meet Hardware” beginning July 7, 2025, however data will remain under the old log events (“Hangouts Device Settings”).Data will become available under the new log events starting July 21, 2025. You can use the time in between to update any scripts or rules to align with the new log events. 


Availability 

  • This update impacts all Google Workspace customers with Google Meet hardware devices. 

Resources 

Improving Google Meet hardware admin log events with more granular information

What’s changing 

We’re improving the granularity of Google Meet hardware Admin log events. This upgrade offers a more comprehensive and precise audit trail, enabling you to better track and understand administrative actions related to your Google Meet hardware. This increased visibility will enhance your organization's security and facilitate more effective troubleshooting. 

First, the “HANGOUTS DEVICE SETTING” event category is going away and will be replaced with a new event type: “GOOGLE MEET HARDWARE”. This does not apply for “Chromebox for meetings Device Setting Change”, which will move to “APPLICATION SETTING” in a follow-up launch. 

The following changes made in the Google Meet hardware Admin console will be logged as an Admin log event under “GOOGLE MEET HARDWARE”:
  • Change lifecycle state on Meet device 
  • Change OU membership of Meet device 
  • Change properties on Meet device 
    • This includes all information found in the Admin console under Devices > Google Meet Hardware > Devices > [Device name] > Device settings
  • Perform bulk action on Meet devices
  • Perform command on Meet device

You can also view additional fields related to these new events, including: 
  • Device ID 
  • Resource ID(s) for Serial Number 
  • Device type (will always be ‘meet’) 
  • Action(s) (if applicable) 
  • Setting name (if applicable) 
  • And, if applicable, additional information, such as the meeting code and more. 
Note that some fields are not visible in the log viewer by default; you can add additional fields using the “Manage columns” button.



In the coming weeks, you will be able to create, change, and delete application settings under “Application Settings”. All changes to settings found in the Admin console under Devices > Google Meet hardware > Settings will be audited here. We will share more details in the coming weeks. 

Additional details 

In the coming months, we are removing all events under the “HANGOUTS DEVICE SETTINGS” event type since the product name is obsolete, and the new events will include this information and even more data. Prior to their removal, you’ll still be able to filter for these events, however new activity will be only captured under the new “GOOGLE MEET HARDWARE” events.


 This table has more details:

New Event name 

Associated Actions 

Perform command on Meet device

  • Reboot 

  • Connect to Meeting 

  • Mute 

  • Hangup 

  • Run Diagnostics 

  • Passcode viewed 

Perform bulk action on Meet devices 

  • Download device information

  • Bulk update devices

  • Reboot

  • Connect to Meeting

  • Mute

  • Hangup


*Audit logs will also be created for the individual devices included in a bulk action.

Change properties on Meet device 

Occupancy detection, noise cancellation, etc.

Change lifecycle state on Meet device 

Provision or deprovision a Meet device

Change OU membership of Meet device 

Moving a device from OU to OU


 Getting started 

  • Admins: Visit the Help Center to learn more about admin log events
  • End users: There is no end user impact or action required. 

Rollout pace 

Important note: The new log events will be available in the user interface via the Event filter drop-down under “Google Meet Hardware” beginning July 7, 2025, however data will remain under the old log events (“Hangouts Device Settings”).Data will become available under the new log events starting July 21, 2025. You can use the time in between to update any scripts or rules to align with the new log events. 


Availability 

  • This update impacts all Google Workspace customers with Google Meet hardware devices. 

Resources 

Now generally available: prevent sensitive changes by locking Google Groups

What’s changing 

We’re pleased to announce the ability to label a Google Group as “Locked” is now generally available. When a group is “locked”, it heavily restricts the ability to change group attributes, such as the group name & email address) and memberships. 

This is helpful when admins need to sync their groups from an external source and want to prevent things from getting out of sync or want to restrict changes to sensitive groups in general.

The Group Details page in the Admin console shows a “Locked” label on the group, with the message “You can’t update this group - it might be managed by an external identity system.”


Who’s impacted

Admins

Why it’s important

If you use third-party tools, like Entra ID, to manage group synchronization, you may encounter inconsistencies when modifications are made to these groups, like adding or removing members, for example. To help address this, we’re introducing the option to “lock” a group, which will prevent modifications within Google Workspace and help maintain synchronization with the external source. 

When a group is locked, only certain admins* can modify:
  • The group name, description, email, and alias(es)
  • Group labels
  • Memberships (adding or removing members) and member restrictions
  • Membership roles
  • Delete the group
  • Set up a new membership expiry

When a group is locked, access and content moderation settings are not affected, this includes:
  • Who can post
  • Who can view members
  • Who can contact members
  • Membership removals due to an existing membership expiry
  • Access or content moderation settings

*Super Admins, Group Admins, and Group Editors with a condition that includes “Locked Groups”

Additional details

By default, the changes listed above will be restricted from end users, including group owners and managers of a locked group. If you want to also restrict some admins from making these changes in the Admin Console or APIs, you can assign them the Group Editor role with a condition that excludes locked groups. 

The ability to lock or unlock a group using the “Locked” label is available to Super Admins, Group Admins, or a custom role with the “Manage Locked Label” privilege. Lock a group using the “Locked” group label in the Admin Console, or the Cloud Identity Groups API.

Getting started


Rollout pace


Availability

Available for Google Workspace:
  • Enterprise Standard and Plus
  • Enterprise Essentials Plus
  • Education Standard and Plus
  • Also available to Cloud Identity Premium customers

Resources


Hardware Key Certificate Management for client-side encryption in Gmail

What’s changing 

Gmail now allows users with hardware keys, such as PIV/CAC smartcards, to directly manage their digital signature and encryption certificates within Gmail settings. Prior to this update, admins needed to upload encryption keys for their users – now users can configure their own keys in Gmail, without needing an admin. 

Gmail > Settings > Accounts > Encryption certificates

Additional details 

While Workspace encrypts data at rest and in transit by using secure-by-design cryptographic libraries, client-side encryption ensures that you have sole control over encryption keys and access to your data. Client-side encryption ensures sensitive data in the email body and attachments are indecipherable to Google servers — you retain control over encryption keys and the identity service to access those keys. For more information, check out our original announcement and the Workspace blog

Getting started 

  • Admins: In order for your users to add certificates from a hardware key, you must first enable and install the Workspace Hardware Keys application to user machines. 
  • End users: Visit the Help Center to learn more about using hardware keys for encryption. 

Rollout pace 


Availability 


Resources 

FINRA Compliance for Google Workspace: Google Drive and Calendar Updates

What’s changing 

Today, we announced Google Workspace support for FINRA compliance, continuing our commitment to meet the unique needs of heavily regulated industry. This includes the preservation of records in a non-rewritable, non-erasable (WORM) format, including support for SEC Rule 17a-4, SEC Rule 18a-6, and CFTC §1.31. 

We’re pleased to announce FINRA-compliant solutions for Google Drive and Calendar (complementing our existing FINRA-compliant features for Gmail, Chat, and Meet) that address the critical supervisory, documentation, and surveillance requirements that underpin financial regulations: 

For Google Drive, super admins can now use Google Workspace’s Data Export tool and AODocs to create a FINRA-compliant archive of their Google Drive data in a Google Cloud Storage (GCS) bucket. This data can be from specific organizational units (OUs), groups, or users, and filtered by Drive labels.

When you’re using the Data Export tool, select “FINRA” as your export type

For Calendar, super admins and admins with third-party archiving privileges can enable third-party archiving on an OU or group level and specify the email address to which Calendar archives should be sent. The following events will be captured: 
  • On the monitored user’s calendar: all events and their updates, including events modified by another user with the appropriate access to the monitored user's calendar 
  • On other calendars that the monitored user can make changes to: all actions performed by the monitored user 
When these actions are performed, an email is sent to the journaling address specified by the admin with the event data, user who performed the action, and time stamp. providing access via SMTP for a third-party service provider to archive and produce the records on demand.
Third-party archiving can be enabled in the Admin console by going to Apps > Google Workspace > Settings for Calendar > Third-party Archiving Settings

Who’s impacted 

Admins 

Why it’s important 

These updates are critical for Google Workspace customers operating in the financial services industry on a global scale. For Calendar, archival journaling functionality supports compliance news by ensuring electronic communications are captured and preserved, meeting essential record-keeping standards. For Drive, admins can manage and securely store critical documents at scale. These solutions add to our existing FINRA-compliant features for Gmail, Chat, and Meet (when certain settings are enabled and disabled), providing global communication solutions and cutting edge productivity tools that meet the regulatory needs of customers in the financial services sector. 

Additionally, we are proud to announce partnerships with several industry-leading Digital Communications Governance and Archiving (DCGA) vendors: AODocs, Mimecast, Smarsh, and Global Relay. These partners provide vital connectors for our customers, ensuring the compliant flow of Google Workspace data into their trusted archiving solutions. For more information on these partnerships and FINRA compliance for Google Workspace, visit the Workspace blog.

Getting started 


Rollout pace 


Availability 


Resources