Tag Archives: Rapid Release

Prevent the downloading, printing, or copying of files by all users with Enhanced IRM for Google Drive Data-Loss Prevention

What’s changing 

Google Drive’s Information Rights Management (IRM) capability protects documents from data exfiltration actions, specifically downloading, printing, and copying. This is useful for making sure that sensitive content is protected from data leakage. 


Historically, this feature has only been applicable to users with either the “viewer” or “commenter” role, which has left administrators unable to apply the setting to users with either “owner” or “editor” roles. To address this, we’re expanding IRM to be applicable to all users, including file editors and owners, when it is applied by a Data Loss Prevention (DLP) rule.

The new Enhanced IRM action, as seen in the DLP Rule creation flow.



Additional details

When an editor or owner is affected by IRM, they will retain the ability to copy and paste document content, but they may only do so within that document. Attempting to paste content outside of the document will not succeed. For more information, please refer to the help center content.


Getting started

  • Admins: DLP rules and CAA levels are applied per-file based on how these rules are configured.
  • End users: Only administrators can set IRM for all user roles on a file. File owners may still only set IRM for viewers and commenters. If a file has both an administrator-applied IRM setting and a file owner setting on it, the administrator setting takes priority. Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms. Visit the Help Center to learn more about stopping, limiting, or changing how your files are shared.
A view of the file owner’s IRM setting when an overriding administrator setting is present.

Rollout pace


Availability

  • IRM controls are available for all Google Workspace customers
  • Data Loss Prevention Rules and Context-Aware Access conditions are available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
    • Frontline Standard
    • Enterprise Essentials and Enterprise Essentials Plus

Resources


Google Meet provides additional privacy for livestreaming with new eCDN On-Premises API

What’s changing

Earlier this year, we introduced Enterprise Content Delivery Network (eCDN) to enhance livestreaming in  Google Meet. When configured by admins, eCDN has the potential to reduce bandwidth consumption to a fraction of the traffic volume through peer-assisted media delivery.

However, environments that have additional security requirements would not be able to benefit from the network traffic savings enabled by eCDN. That changes today with the introduction of the eCDN On-Premises API for Google Meet, which admins can use to configure their network for eCDN while keeping classified IP addresses and network information private. Specifically, IP addresses will be replaced with self-assigned peering group names and encrypted information for session description protocol (SDP) handshakes. This ensures that no IP information is shared with Google, so customers can take advantage of eCDN while adhering to their own security guidelines.


Admin console > Apps > Google Workspace > Google Meet > Meet video settings > eCDN


Who’s impacted

Admins

Why it’s important

The eCDN On-Premises API can be used to deploy eCDN for Google Meet live streaming in a way that allows the eCDN tracker service to optimize peering topologies without access to internal network information such as IP addresses or subnets. A customer-supplied service uses the API to replace all IP address information with arbitrary text labels. The service also manages encryption of SDP offers/answers using encryption keys that are never made available to Google. Any decryption needed by client peers is performed completely inside the customer's own network. No network information is sent outside the organization's network, not even to Google. This ensures that bandwidth-optimized media delivery via eCDN can also be implemented in sensitive environments without compromising organizations’ internal security guidelines.

Getting started

Rollout pace

Availability

  • Available for all Google Workspace customers

Resources


Use Gemini to interact with PDFs in Google Drive’s overlay file previewer

What’s changing

Earlier this year, we introduced the ability to use Gemini in Google Drive to interact with PDFs. To improve your viewing experience when reviewing PDFs from Drive, we’re excited to announce that Gemini in the side panel of Drive is now integrated into Drive's overlay file previewer. 

As a result, you can seamlessly switch between multiple files while leveraging AI capabilities using Gemini in Drive to do things like: 
  • Admins: To access Gemini in the side panel of Workspace apps, users need to have smart features and personalization turned on. Admins can turn on default personalization setting for their users in the Admin console. 
  • End users:
    • To access this feature, double-click on a PDF from the Google Drive file list and click on "Ask Gemini" (star button) in the top right corner. 
    • Note: When Gemini initially launched in Workspace, PDFs viewed in Drive opened in a new browser tab to allow interaction with the Gemini side panel. With this update, the default behavior will open a file in the overlay file previewer. If you prefer for PDFs to open in a new tab by default, you can update your PDF opening default behavior in your Drive settings. If you previously set a preferred PDF opening default behavior in your Drive setting, your default open behavior will remain the same. 
    • Visit the Help Center to learn more about using Gemini in Drive to work with PDFs. 

Rollout pace 


Availability 

Available for Google Workspace customers with these add-ons: 
  • Gemini Business 
  • Gemini Enterprise 
  • Gemini Education 
  • Gemini Education Premium 
  • Google One AI Premium 

Resources 

Granular OAuth consent in Google Apps Script IDE executions

What’s changing

Google offers a wide variety of APIs that Google Apps Script developers can use to build features for Google users. The data access that these APIs can reference is governed by the OAuth scopes of each Workspace application, which users are required to authorize before a script can run. Historically, the OAuth consent screen has asked the user to authorize all of the necessary OAuth scopes to run a given script. 

This screenshot shows the current OAuth consent screen, which requires the user to authenticate all or none of the requested OAuth scopes.
This screenshot shows the old OAuth consent screen, which requires the user to authenticate all or none of the requested OAuth scopes.


Starting today, the OAuth consent screen will now let users specify which individual OAuth scopes they would like to authorize. For example, if a script requests access to a user’s Sheets and Forms files, and the users only intends to use the script with Sheets files, they can decide to only allow access to their spreadsheets and not their forms. This affords users the benefit of more granular control over what data their 3P applications are allowed to access.

This screenshot shows the new OAuth consent screen, which lets the user provide consent for a subset of the requested OAuth scopes.
This screenshot shows the new OAuth consent screen, which lets the user provide consent for a subset of the requested OAuth scopes.


Additional details

To complement the release of this new consent flow, we’re also adding methods to the ScriptApp and AuthorizationInfo classes that let Apps Script developers programmatically interact with the scopes granted for a script. Refer to the developer documentation for more information.

After a user grants permission to a script, Apps Script might request OAuth consent again in the following cases: 
  • The user, who has granted consent to a subset of the requested OAuth scopes, tries to run a part of the script that was not previously authorized. 
  • The script is updated in such a way that it requires permission for additional scopes. 
  • The user revoked access to the script from their Google Account settings.
All past execution failures will be logged in the execution history. Each OAuth failure will contain a hyperlink that users can use to provide the permissions that were missing. 


Getting Started 

  • Admins: There is no admin control for this feature. 
  • Developers and end users: 
    • Granular OAuth consent is only available for scripts that have finished migrating to the V8 runtime. If you would like to utilize granular consent on one of the few remaining Rhino scripts, you can manually migrate to V8 by following these instructions.
    • This new consent screen will only be used for new OAuth scope grants. Pre-existing scope grants will not be affected, so no action is required by users on scripts they’ve already authorized. 
    • The new consent screen will be launched first to the Apps Script IDE (i.e. executing a script directly from Apps Script). The consent screen will launch to the remaining surfaces in the future: 
      • Google Ads Script
      • Macro executions 
      • Trigger executions 
      • Web app executions 
      • API Executions 
      • Chat apps
      • Add-ons 

Rollout pace 


Availability 

  • Available to all Google Workspace customers and Workspace Individual Subscribers

Resources


Control whether your users can add account recovery information with two new admin settings


What’s changing

We’re launching two new settings that will allow admins to control whether their users can add recovery email information and phone information to their Google Workspace account. 

By default, the ability to add a recovery email or phone number is ON for most Workspace users and K-12 super admins, but it should be noted that:

  • Adding email and phone recovery information is OFF by default for K-12 users. 
  • Phone number recovery collection is always enabled for super admins regardless of whether it’s disabled in the admin console.

Any changes admins make to these settings will overrule the existing organizational unit (OU) settings, except for super admins as stated above.

Security > Account Recovery > Recovery information


Who’s impacted

Admins and end users


Why it’s important

Adding recovery information to your account is helpful for keeping users’ accounts more secure, recovering users’ accounts as well as evaluating security related events, such as risky logins or re-authentication attempts. However, we know that there are a variety of reasons that customers would want to prevent their users from doing so. For example, turning recovery information off can help customers stay compliant with local privacy regulations, such as GDPR. Or admins can opt to add recovery information themselves. This update gives admins the control to decide which configuration makes the most sense for their users.

Getting started


Rollout pace


Availability

  • Available to all Google Workspace customers.

Resources


Now generally available: Monitor and manage AppSheet usage in your organization with the AppSheet Admin console

What’s changing 

Beginning today, we’re pleased to announce that all Google Workspace Admins with the AppSheet service privilege can access the AppSheet Admin Console. The AppSheet Admin console is a consolidated location to monitor, manage and govern AppSheet across your organization. Previously, the AppSheet Admin Console was only available to those with an AppSheet Enterprise Plus license in public preview, but now any admin with sufficient privileges has access to monitor and manage their users (note: some features require an enterprise license for the admin and the user). 


The AppSheet Admin Console gives admins visibility into the users, apps and licenses associated with their AppSheet users. From here, admins can: 
  • Review the most popular apps and creators. 
  • Review how many apps are owned and used for every user account. 
  • View all of their organization's app users. 
  • Verify the AppSheet licenses purchased, assigned and used. 
  • Export a list of accounts, users, apps and licenses. 

Since Public Preview, we’ve added more functionality: 
  • Historical app usage: Admins can see app usage history for all accounts in their organization up to three months starting today and soon extending to six months. 
  • Self-serve provisioning: Admins can choose how their enterprise licenses are provisioned - either through license assignment in the Workspace Admin Console or automatically upon login to AppSheet.  
  • Organizations as the new standard: New and existing Workspace customers can manage all of their secondary domain users under a consolidated AppSheet organization.
The AppSheet Admin Console



Who’s impacted

Admins


Why it’s important

We’ve heard from our customers that in order to effectively manage AppSheet activity in their organizations, they need visibility into its usage. This includes information regarding how many users are using an AppSheet license, who is accessing their teams apps, and more. Expanding access to the AppSheet Admin console provides admins with these critical metrics, enabling them to understand how the tool is being used and govern the use of the tool as needed.


Additional details

The Licenses page will remain in public preview pending some supporting launches and additional enhancements expected early in 2025.


Getting started


Rollout pace


Availability


Resources


Available in open beta: Set up Single-Sign On with custom OpenID Connect profiles

What’s changing 

Beginning today, admins now have the option to set up a custom OpenID Connect (OIDC) profile for single sign-on (SSO) with Google as their Service Provider. OIDC is a popular method for verifying and authenticating the identities - this update gives admins more options for their end users to access cloud applications using a single set of credentials. Previously, only OIDC with pre-configured Microsoft Entra ID profile was supported in addition to SAML.

Custom OIDC profiles can be configured in the Admin console at >Security > Authentication > SSO with third party IdP



Getting started


Rollout pace


Availability

  • Available for all Google Workspace customers except Google Workspace Essentials Starter customers and Workspace Individual Subscribers.
  • Also available for Cloud Identity and Cloud Identity Premium customers

Resources


Translate messages in-line from one language to another in Google Chat

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing

In continuing our effort to ensure Google Chat is your home for collaboration in Workspace, especially for global teams, we’re excited to introduce translate for me in Google Chat. 

As one of the most requested Gemini enhancements in Chat this year, translate for me will automatically detect and translate over 120 languages to a user’s preferred language. Rather than requiring users to navigate outside of Chat to translate a message, this update reduces friction and improves collaboration with colleagues, partners and customers in other parts of the world. 

translate for me in Google Chat


Getting started 

  • Admins: There is no admin control for this feature. 
  • End users: 
    • Automatic translation via translate for me will be OFF by default. Turn ON the automatic translation setting at chat.google.com (web) or on your Android or iOS device by going to Settings > Automatic Translation > select the box for ‘Translate messages to your preferred language.’ 
      • This feature translates messages received into your preferred language (based on your Google account settings). Please allow up to 24 hours for this feature to update languages when languages are changed in your Google account settings. 
      • These translated messages are viewable only to you. 
    • Automatic translation only applies to message content inside the conversation stream and does not show up on message snippets in Home or notifications. 
    • Visit the Help Center to learn more about using Automatic Translation in Chat.

Rollout pace 

  • Rapid Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on December 13, 2024, with expected completion by January 7, 2025 
  • Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on January 15, 2025 

Availability 

Available for Google Workspace customers with these add-ons: 
  • Gemini Business and Enterprise 
  • AI Meetings and Messaging 

Resources 

NotebookLM Plus now available to Google Workspace customers

What’s changing

Today, we’re announcing that NotebookLM Plus, our newest and most advanced version of NotebookLM, is available to Gemini for Google Workspace customers. In addition to what's already included with NotebookLM, which we introduced in September, this enhanced version allows users to: 
  • Get 5x more Audio Overviews, queries, notebooks, and sources per notebook 
  • Customize the style and length of their notebooks 
  • Create shared notebooks for their team and get usage analytics 
  • Use with confidence knowing their sources, queries and responses stay within their organization 
example of a strategic account planner and customer insights in NLM Plus


Who’s impacted 

Admins and end users (18+) with a Gemini for Google Workspace add-on or Gemini Education add-on
  • NotebookLM Plus is available in 180+ regions where Gemini API is available and currently supports 35+ languages. For Audio Overviews, while you can upload sources from all supported languages, the spoken audio is currently only available in English. 
  • See the ‘Getting started’ section below to learn more about adding Gemini to your Google Workspace plan. 

Why you’d use it 

NotebookLM Plus supercharges productivity and collaboration through AI that’s grounded in the information you provide. For example: 
  • Sales teams can add their product roadmap and feature specs, competitor benchmarking analysis, customer audio interviews, and market research to NotebookLM Plus. As a result, NotebookLM can help you prepare for customer meetings by creating an account plan to help your team find information faster and better engage with customers. 
  • Marketers can use NotebookLM Plus to help summarize customer trends and purchase behaviors, draft communications, create campaign briefs, and more–all based on market research, customer segmentation analysis, and marketing roadmaps. 
  • Educational customers can add their district’s strategy plan, education standards, lecture notes and/or course readings to get real-time summaries, guided lesson plans, discussion questions, quizzes and more. They can also generate audio overviews to take learning on the go and make content more accessible, digestible and engaging.

Additional details 

NotebookLM Plus is an Additional Service and is covered under the NotebookLM Plus for Workspace Additional Terms of Service.

As a Gemini for Workspace user of NotebookLM Plus, your uploads, queries and the model's responses are not used to train models and are not reviewed by humans. Your data remains your data and any files uploaded, queries and responses are not shared outside your organization’s trust boundary. 

Users can only upload sources from Workspace that they have permission to access. Furthermore, they can control who has access to their notebooks and set more granular permissions within each. Notebooks can only be shared within your organization. 


Getting started 

Rollout pace

Availability 

Available for Google Workspace customers with these add-ons: 
  • Gemini Business 
  • Gemini Enterprise 
  • Gemini Education 
  • Gemini Education Premium 

Resources 

Improvements to mentions in Google Chat

What’s changing 

We know there are scenarios in which you may want to reference a person with an @mention without adding them to a conversation in Google Chat. Starting today, when mentioning a user that is not already in the conversation, you will have the option to add them and send the message, or just send the message without adding them. 
option to add them and send the message in chat, or just send the message without adding them.
We’re also adding visual improvements by rendering @mentions as smart chips, which brings them more in line with Drive chips in Chat and smart chips across Workspace. With simplified colors, your personal mentions still stand out the most and will be easily spotted in conversations, Home and Mentions.

color of @mentions in Chat

On web, hovering on the chip will show more information about the person and clicking the chip will start a new 1:1 direct message with them. 
clicking on a people chip in chat

Who’s impacted 

End users 


Why you’d use it 

This feature reduces friction for users by making it easier to provide context when composing messages. 


Getting started 

  • Admins: There is no admin control for this feature. 
  • End users: 
    • On web, go to chat.google.com or Chat in Gmail and type “@[a person’s name or email address]” to mention them. This functionality is supported across 1:1 direct messages, group direct messages, and spaces. 
    • Note that you can only add members to a conversation in group direct messages and spaces. In 1:1 direct messages, when you mention someone they are treated as a reference and not added directly. 
    • This functionality will rollout on Android and iOS devices in Q1 2025. 
    • Visit the Help Center to learn more mentioning someone or adding someone to a message.

Rollout pace 


Availability 

  • Available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts 

Resources