Tag Archives: Security and Compliance

Control access to experimental Google Workspace apps with a new admin setting

What’s changing 

Admins can use the new Experimental Apps Control setting to grant or deny their users access to emerging or experimental Google applications and whether those applications can access core service data. 




Who’s impacted 

Admins and end users 


Why it’s important 

Oftentimes, experimental Google apps do not have individual on/off switches. With the addition of the Experimental Apps Control, admins can now better control selected services their users can access. Furthermore, they can specify whether these applications should have access to core service data. 


Getting started 

  • Admins: 
    • This feature will be ON by default for existing Google Workspace customers and OFF by default for Google Workspace for Education primary and secondary schools (K-12). 
    • This feature can be enabled or disabled at the domain, OU, or group level at Apps > Additional Google services > Settings for Workspace Experiments
    • Visit the Help Center to learn more about using Experimental Apps Controls
  • End users: There is no end user action required. If enabled by your admin, you will be able to access experimental Google apps using your Google Workspace account. 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – July 15, 2022

New updates 


There are no new updates to share this week. Please see below for a recap of published announcements. 

Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Allow collaborators to analyze data in Connected Sheets with delegated access 
Admins can now allow their users to delegate access to BigQuery when using Connected Sheets. This enables end users with access to BigQuery data to delegate their credentials to collaborators to allow them to refresh or edit analysis as needed. | Available to Google Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus customers only. | Learn more

Sync Apple DEP and Google Mobile Device Management servers on demand 
Admins can now trigger an on demand sync between Apple DEP and Google Mobile Device Management (MDM) servers for company owned devices. | Available to Google Workspace Enterprise Standard, Enterprise Plus, and Cloud Identity Premium customers only. | Learn more.

Add data loss prevention to Google Chat, now available as an open beta 
Admins can now establish data loss prevention (DLP) rules for Google Chat that can help protect sensitive data from getting to unauthorized users. | Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, and the Teaching & Learning upgrade customers only and Cloud Identity Premium users who are licensed for Workspace editions with Drive audit log. | Learn more

Better sharing options for appointment schedules 
We’ve made it easier to share appointment schedules on web through a new Share button. This update allows appointment hosts to copy a short link to all appointment schedules or a specific booking page, and add HTML to embed a booking page on their website. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, and Nonprofits customers only. | Learn more

Use Miro within Google Meet for an immersive and collaborative whiteboard experience 
You can now leverage Miro, a third party online whiteboarding app, for ideating and problem solving as a group in Google Meet. | Learn more

Trust rules for Google Drive are now available in open beta 
The closed beta we announced in 2021 for trust rules in Google Drive that gives admins more control over how files can be shared, both within and outside of their organization, is now available as an open beta. | Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Education Standard customers only. | Learn more


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Trust rules for Google Drive are now available in open beta

What’s changing 

In 2021 we announced a closed beta for trust rules in Google Drive, which gives admins more control over how files can be shared, both within and outside of their organization. Beginning today, this feature will be available as an open beta for specific Google Workspace customers, which means you can use it without enrolling in a specific beta program. See below for more information regarding availability. 


With trust rules, admins can enforce policies that limit internal and external sharing. Specific rules can even be set for organizational units and groups, allowing a more granular approach than enforcing blanket policies on every user. 


Trust rules can be turned on in the Admin console — once enabled, it will replace “Sharing options” within the Google Drive portion of the Admin console. Your existing Drive sharing settings will automatically become trust rules – note that this will not change your existing sharing settings or security configurations. 


See below for more information and availability. 


Who’s impacted 

Admins and end users 


Why it’s important 

Previously, admins were only given broad control over sharing settings for Drive, which meant choosing between options such as: no external sharing or only sharing with trusted domains. 


By enabling the trust rules beta, admins now have more control over how files can be shared, both within and outside of their organization. For example, admins can limit what their frontline workers should have access to versus other parts of their organization. 


Getting started 

  • Admins: Eligible Admins can enable this feature in the Admin console by going to Rules > Turn on trust rules. Visit the Help Center to learn more about trust rules


  • End users: Your Admin’s trust rules will determine who you can share and collaborate with on Drive files. 

Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Education Standard Customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Add data loss prevention to Google Chat, now available as an open beta

What’s changing

For select Google Workspace editions, admins can establish data loss prevention (DLP) rules for Google Chat that can help protect sensitive data from getting to unauthorized users. This feature is now available as an open beta, which means admins can use it without enrolling in a specific beta program.


Data loss prevention rules for Chat in the Admin console



End user experience on web

End user experience on mobile







Who’s impacted

Admins and end users


Why it’s important

Data leaks, whether accidental or malicious, are a top concern for our customers. Data protection rules for Chat help admins and security experts build a stronger framework around sensitive data to prevent personal  or proprietary information from ending up in the wrong hands.


Admins can selectively apply data protection rules to: 
  • Messages in groups, spaces, and/or direct messages
  • Messages between internal and/or external participants
  • Message text and/or attachments


Once DLP rules are applied, messages and files in relevant conversations will automatically be scanned for sensitive information. Users will be notified about potential data loss, preventing it from leaving the organization accidentally or on purpose. Admins can configure the action to be taken in response to sensitive data being detected, such as: block from sending, warn before sending, and log for audit in the future.


Admins can configure these options to best fit the needs of their organization. If admins opt to log these events, they can be accessed in the Security Investigation Tool. This allows admins to do a comprehensive investigation and identify the reason for each incident and make adjustments to data protection policies as necessary.


Getting started

  • Admins: 
    • This feature will be OFF by default and can be enabled at the domain, OU, or group level. You can create DLP rules in the Admin console under Security > Data Protection.
      • Note: You can modify existing DLP rules for Drive and Chrome to also apply to Chat.
    • Visit the Help Center to learn more about turning data loss prevention in Chat on for your organization.

Rollout pace


Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, and the Teaching & Learning upgrade customers.
  • DLP rules for Drive are also available for Cloud Identity Premium users who are licensed for Workspace editions with Drive audit log. Visit the Help Center for more information.
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers


Resources


Sync Apple DEP and Google Mobile Device Management servers on demand

Quick summary 

For select Google Workspace editions, admin can now trigger an on demand sync between Apple DEP and Google Mobile Device Management (MDM) servers for company owned devices. Additionally, they will also be able to see when this sync was last triggered. 


While this sync takes place automatically once every several hours, admins can now request this sync on demand for time sensitive needs. For example, admins can use this option to start a sync immediately for sensitive inventory changes on Apple devices. 

The “Sync DEP Devices” option in the Admin console under Devices > Mobile and endpoints > iOS Settings > Apple certificates.


Getting started 


Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals,Frontline, and Nonprofits, Cloud Identity Free, or G Suite Basic and Business customers 

Resources 

Synchronize client-side encrypted files with Google Drive for Desktop on Windows and Mac OS

Quick summary 

Admins for select Google Workspace editions can update their client-side encryption configurations to include Drive for Desktop. When enabled, users can synchronize their Google Drive, Docs, Sheets, and Slides files with Drive for Desktop on Windows & Mac OS devices. Synced, encrypted files will appear as shortcuts on Windows and symbolic links on Mac OS.




Support for Mac OS users on File Provider will be introduced in a future release — we will provide an update on the Workspace Updates blog at that time.


Additionally, this also allows client-side encryption users in your domain to encrypt and upload local files to Google Drive.


Getting started 


Rollout pace 


Availability 

Synchronize encrypted files 
  • Available to all Google Workspace customers, as well as legacy G Suite Basic and 

Business customers Encrypt and upload local files 

  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Education Teaching & Learning Upgrade, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

New security alerts for highly sensitive changes to Google Workspace configurations

What’s changing 

In the Alert Center, admins will now be notified of select critical and sensitive changes made to their Google Workspace configurations. Specifically, we will issue an alert when any of the following events are surfaced in the audit log: 
  • Changes to the primary admin 
  • SSO profile added: when a third-party SSO profile has been added and enabled for your organization. 
  • SSO profile updated: when a third-party SSO profile has been updated for your organization. 
  • SSO profile deleted: when a third-party SSO profile has been deleted for your organization. 
  • Password reset for super admins: when a password was reset for a super admin account. 

We plan to introduce alerts for more high risk actions over time — we will provide updates here once available. 





Who’s impacted 

Admins 


Why it’s important 

These additional intelligent alerts will closely monitor several sensitive actions, making it easier for admins to stay on top of high risk changes to their environment and potentially malicious actions being taken by bad actors. 


For each alert, admins and super admins will receive an email notification with key information regarding the event. Once the alert is received, admins can use the security investigation tool to further investigate the incident. 


Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – June 24, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 


Frictionless sharing across Google Drive, Docs, Sheets, and Slides 
In the effort to make collaboration simpler for users, we've introduced a new sharing experience in Workspace. Now, when you click the "Share" button in the top-right corner of your file, you'll see a streamlined design that makes it easier to share files with others and/or specific groups of people in your organizations, control whether your file is searchable to groups with access, and to copy the file link. | Learn more

new-sharing-experience

Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details. 



Data Loss Prevention for Drive helps protect sensitive data when users upload files to external Google Forms, now generally available 
Users can now respond to external forms that contain file upload questions, while also helping to prevent the leak of sensitive and confidential information. | Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, and Education Plus customers. | Learn more


New options for styling fonts in Google Forms 
We’ve added additional font style and sizing options, and the ability to customize header, subheader, and body text separately in Google Forms. | Learn more


Adjust spacing between content in Sites using new density theme setting 
Site editors can now adjust the spacing between the content on their site with a custom theme setting that offers Compact, Cozy, or Comfortable spacing options. | Learn more


Easily print your Tasks List 
You can now print personal and Chat spaces Task lists on web, making it easier for you to track assigned items offline or plan with pen and paper if that’s your preference. | Learn more. 


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Data Loss Prevention for Drive helps protect sensitive data when users upload files to external Google Forms, now generally available

Quick summary 

In April, we announced a beta that allows users to respond to external forms that contain file upload questions, while also helping to prevent the leak of sensitive and confidential information. 

This feature is now generally available and will apply your domain’s existing Data Loss Prevention (DLP) for Drive policies to files that your users submit to Google Forms, without creating new rules or updating any existing ones. 

dlp-file-uploads-to-external-forms

Getting started 

  • Admins: 
    • DLP for Drive rules defined for your domain will be applied to files submitted to file upload questions in Google Forms outside your domain. 
    • If you are not using DLP for Drive, you can create DLP rules at the domain, OU, or group level in the Admin console under Security > Data protection. You can apply block, warn or audit actions. Visit the Help Center to learn more about turning Workspace DLP on for your organization. 
  • End users: 
    • End users can respond to forms as usual, but can now respond to forms outside their domain, including forms that have file upload questions. 
    •  If a form violates DLP for Drive rules for their domain, end users may see warnings or be blocked from submitting. 

Rollout pace  


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, the Teaching and Learning Upgrade, and Nonprofits, as well as legacy G Suite Basic and Business customers 
  • Not available to users with personal Google Accounts 

Resources  

Google Workspace Updates Weekly Recap – June 17, 2022

New updates

There are no new updates to share this week. Please see below for a recap of published announcements. 

Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.

Improved email notifications for Google Calendar invites 
We’ve refreshed the layout of emails sent by Google Calendar to make key event details more accessible and useful. | Learn more

De-reverberation available for Google Meet 
Google Meet will now remove reverberations from sound recorded by your microphone. This automatically filters out echos created by spaces with hard surfaces, such as a basement or a kitchen, helping to ensure optimal audio quality. | Available to Google Workspace Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, the Teaching and Learning upgrade, and Frontline customers only. | Learn more

VirusTotal integration with the security investigation tool provides deeper insight into Chrome events 
You can now use VirusTotal to view deeper insights on Chrome log events in the Security Investigation Tool. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers only. | Learn more

Manage Google Voice call recording options for your organization 
Admins can set Google Voice call recording options (automatic or manual) for any organizational unit or group in their organization. | Automatic voice recording is available to all Google Voice Premier customers. On-demand voice recording is available to all Google Voice Premier and Standard customers. | Learn more

Improved experience for removing participants from Google Meet calls 
We’ve updated the user experience for removing participants from a meeting in Google Meet. When a host or co-host removes a participant from a call, they are prompted with additional actions: remove the user from the call, fill out an additional abuse report, and/or block the user from rejoining. | Learn more

Export search results to .CSV files from the security investigation tool 
Admins can now download log event data from the security investigation tool as a .CSV file. This will allow admins to further analyze data outside of the tool. | Learn more

Picture-in-Picture and multi-pinning available for Google Meet in Chrome 
We’re bringing picture-in-picture to Google Meet to Chrome browsers on the web. You’ll be able to see up to four video tiles of meeting attendees in a floating window on top of other applications. | Learn more.  


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).