Admins can now surface post-delivery actions taken by delegated users in the Security Investigation Tool. Specifically, you can now see if a delegate:
- Opened, replied, or marked a message as unread.
- Moved a message to the trash or back to their inbox.
- Clicked links or attachments.
- Downloaded attachments.
Why it’s important
It’s important to understand the exact user performing actions related to an investigation or audit — this change will give admins greater insight into actions taken by delegated users versus the account owner.
- Admins: In the Admin console, navigate to Security Investigation Tool > Gmail log events > "Delegate" and "Has delegate" columns. Visit the Help Center to learn more about the Security Investigation Tool, searching and investigating user log events, and customizing searches with the investigation tool.
- End users: There is no end user action required.
- Rapid and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on March 18, 2022
- Available to Google Workspace Enterprise Standard Enterprise Plus, Education Standard, and Education Plus customers
- Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers