[go: up one dir, main page]

What’s changing

When a Google Workspace for Education admin chooses to enable Additional Services for students under the age of 18 to use, they acknowledge that they may be required to collect parental or guardian consent. This includes access to services like YouTube, Google Translate, Google Photos, Google Books, Google Earth and more.

In September 2024, we communicated that we now require admins who have Additional Services enabled for users under the age of 18 to re-review them on an annual basis. Admins are always in control of which services their users have access to, and this gives admins an opportunity to ensure the right users have access to the right services.

  • If admins do not want to provide access to Additional Services for their under 18 users, they can turn them off for those users. 
  • If admins want to keep Additional services enabled for under 18 users, they need to reconfirm parental consent in the admin console.  
  • If admins do not take action, under 18 users who previously had access to Additional Services will lose access in the coming weeks. Admins can re-enable access to Additional Services at any time. 

How admins can take action
Admins were first provided notice of this re-confirmation requirement in September 2024, which indicated a 6 months notice to complete the re-review process before the March 2025 rollout. The banner in the admin console has turned red to alert admins that action is required. While the rollout begins in March, it might take several weeks before some users in your organization are impacted.

You can easily view which applications require consent reconfirmation from Admin console > Apps > Additional Google services. You can re-confirm consent by checking the box next to the app, hovering over the app, or using the three-dot overflow menu. 

Experience for impacted end users
If users lose access to a specific service they’ll be notified “Your Google Workspace for Education account is designated as under 18 and your organization’s admin has not granted you access to this Additional Service. To regain access, inform your admin that you need this service to be enabled.“ 



Who’s impacted
Admins and end users under the age of 18


Why it’s important
Admins are in control of which services their users have access to, and to do so in alignment with both our terms of service and local laws and regulations that determine what services are appropriate for users under 18. Since admins manage which services their students have access to, only they can enable or disable access for their under 18 users. 


This is a guide to support admins with collecting consent from parents, which includes this template for communicating with parents and guardians around collecting consent. 

Additional details
The requirement to review and re-confirm access to Additional Products is an annual requirement customers must complete for their under 18 users, subject to their Google Workspace for Education Terms of Service

Getting started

Rollout pace

Availability
This change impacts Google Workspace:
  • Education Fundamentals, Standard, and Plus

Resources



Labels: , , ,

What’s changing 
In December 2024, we introduced new, detailed usage reports for Google Chat. These reports help admins better understand how their teams are using Chat, allowing them to analyze engagement, drive adoption, configure safety features, and more. These reports aggregate data at the group and organization level, to provide relevant insights for Workspace admins while protecting individual privacy. 

Starting today, customerUsageReports.get and userUsageReports.get for Google Chat are available via the Admin SDK Reports API for customers to use in their own customized dashboards and reporting tools. This gives admins more ways to analyze Chat usage data.


Please refer to the table below to learn about the metrics available to you:

Category

Variations

# of messages sent by users of the organization

Total number of messages

Messages sent by conversation type (direct message, group chat, space)

Messages sent by type (regular, voice, video, huddle)

Messages sent with or without attachment

Messages sent to conversations that contain or do not contain external users.

# of spaces owned by organization

Number of active spaces

Number of spaces created

# of active users in your organization by level of activity

Number of engaged users (read at least one conversation or sent messages or reactions)


Number of communicator users (sent at least one message or reaction)

# of actions by specific users*

Number of messages and reactions sent


Number of attachments uploaded


Number of spaces created


Number of conversations read

Most metrics are available for periods of 1, 7, and 28 days.
*Available for 28 days only

Additional details
We’ve also added four new fields and one additional event available in Chat Audit Logs and surfaced in the Security Investigation Tool. In addition to providing even more context on Chat usage, admins can leverage these additional data points in their own custom reporting.


The fields are:
Conversation ownership indicates whether the conversation, where a specific Chat event occurs, is owned by the organization or by an external entity. These possible values include:
  • Internally owned: conversation is owned by the admin’s organization
  • Externally owned: conversation is owned by an external entity

Conversation type indicates the type of conversation where the event occurs:
  • User-to-user direct message
  • User-to-app direct message
  • Group chat
  • Space

Message type indicates type of the message in Message sent and Message edited events:
  • Regular message
  • Voice message
  • Video message
  • Huddle

Attachment status indicates whether the message was sent with an attachment (image or file):
  • Has attachment
  • No attachment

Additionally, we’ve added a new event, “Conversation Read”. Every time a user opens a conversation and reads one or more unread messages, an event will be logged.

Getting started


Rollout pace

Availability
  • New Chat usage metrics in Report API  are available for all Google Workspace customers.
  • The security investigation tool is available for Google Workspace
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Frontline Standard
    • And Cloud Identity Premium customers
Labels: , , , ,

What’s changing 

A big threat organizations must prepare for is the risk of data exfiltration through unwanted and/or unauthorized means. Whether it’s small-scale, unintended sharing, or a larger breach scenario, organizations need powerful defenses to protect themselves from these risks. To that end, we’re pleased to announce that today Data Loss Prevention (DLP) is generally available in Gmail, alongside Drive and Chat.

DLP is one of the most powerful ways organizations can protect themselves from these risks. With DLP capabilities in Gmail, organizations can identify, monitor, and control the sharing of sensitive data. It works through a series of easy to apply data protection rules that can be implemented to instantly detect sensitive content in outgoing messages, including body content, attachments, headers, and subject lines. 


Additional details
How does DLP in Gmail compare to Content Compliance rules?
To prevent the exfiltration of sensitive data from Gmail, data protection rules with DLP are recommended. These rules offer a rich set of predefined detectors and the ability to build flexible conditions. 


Additionally, organizations can tailor warning messages based on their organization's data governance requirements, terminology, and processes; these messages will help educate users on their organization's specific security and data protection policies to prevent sharing sensitive content.


Other features, such as content compliance, can still be used for different purposes, like evaluating inbound messages and routing them internally to relevant departments.


For more information, please refer to our initial open beta announcement.


DLP within the Google Workspace ecosystem
As part of Google Workspace ecosystem, DLP for Gmail comes with capabilities available across other applications, such as Drive and Chat, so admins can configure, implement and investigate Data Loss Prevention incidents using unified tools, such as Security Investigation Tool, or build custom dashboards using unified audit logs or export to BigQuery. 


Taken together, DLP capabilities across Workspace provide powerful protections for organizations to reduce the risk of data breaches, comply with regulatory requirements, and protect their reputation and intellectual property.


Getting started

  • Admins: 
    • Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail. Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail. 
    • DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.
    • With DLP for Gmail, data protection rules can be scanned synchronously or asynchronously. Visit our Help Center for more information.
    • For new rules, we recommend starting with “Audit only” mode. This allows you to thoroughly test and monitor the rule's performance and ensure it correctly identifies the intended data without interrupting email flow for users. Once you've validated the rule's behavior and are confident in its accuracy, you can then implement actions such as blocking or warning users as needed.

  • End users: Depending on your admin configuration, you’ll be notified if your message contains information that violates DLP rules.
Rollout pace

Availability
Available to Google Workspace:
  • Enterprise Standard, Enterprise Plus
  • Education Fundamentals, Standard, Plus, and the Teaching & Learning add-on
  • Frontline Standard
  • Cloud Identity Premium customers
Labels: , , , ,

What’s changing 
Google Vault now supports the Gemini app (on web and mobile). Going forward, admins can use Vault for eDiscovery tasks to search Gemini app conversations and create an export of your search results. Specifically, the following actions can be taken around Gemini app data: 

  • Search prompts and responses with a number of filters, such as user and date to quickly refine your search. These searches can be across groups of users or by Organizational Units (OUs) up to 5000 in size. 
  • Export conversations in an XML format for the above searches via the UI or API.

Who’s impacted
Admins

Why it’s important
Vault is an eDiscovery and information governance tool for Google Workspace, which enables customers to retain, hold, search, and export users’ Google Workspace data. With this update, customers can now expand their regulatory and legal eDiscovery needs to include the Gemini app. This integration makes it easier for customers to comply with their eDiscovery obligations surrounding Gemini collaborative data, all from a central tool. 

Additionally, Vault’s integration with Gemini rounds out support for critical Workspace apps such as Gmail, Drive, Docs, Sheets, Slides, Chat, Calendar and Meet, providing customers with a consistent experience across all products that are managed within Vault for eDiscovery. Additional information governance and hold features, such as preview, retention, and litigation holds will follow in future releases. We’ll share more information on the Workspace updates blog when it’s available.

Additional details
This update is not applicable for Gemini for Google Workspace, as no prompts or responses are retained for those interactions. Visit our Privacy Hub for more information on how we’re protecting your Google Workspace data in the era of generative AI.

Getting started

Rollout pace

Availability
Available to Google Workspace
  • Business Plus
  • Enterprise Essentials and Enterprise Essentials Plus
  • Enterprise Standard and Enterprise Plus
  • Education Standard and Education Plus customers
  • Also available to customers with the Vault add-on license

Resources

Labels: , , , ,

What’s changing
In October 2024, we expanded our data migration services to include the ability for Admins to transfer OneDrive data to Google Drive. This functionality is now generally available. You can migrate the files of up to 100 users at a time, including the files corresponding access permissions with shared members. 

With the general availability release, we’ve also added additional settings which admins can use to: 
  • Specify files to migrate within a certain date range.
  • Exclude specific file formats and large files. 
  • Skip uploading an identity map and allow Google to automatically map source and target users instead. 

Now that the tool is generally available, with more customization settings, you can quickly and easily migrate your data to Workspace at scale while minimizing disruption for end users. For more information, please refer to our original beta announcement.

Example of a completed migration.


Getting started

Rollout pace

Availability
Available to Google Workspace 
  • Business Starter, Standard, and Plus
  • Enterprise Standard and Plus
  • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
  • Essentials Starter and Essentials
  • Enterprise Essentials and Enterprise Essentials Plus
  • Nonprofits

Resources

Labels: , ,

What’s changing 
In the coming weeks, admins will be able to use their Comeen or StratosMedia digital signage content on their Google Meet hardware devices. We know many of our customers use these tools for general digital signage needs within their organization and this update allows that content to be leveraged as screensavers across your Google Meet hardware fleet.

The Google Meet hardware ‘Screen Saver’  setting is located in the admin console under Devices > Google Meet hardware > Settings > Device settings



Additional details
  • Note that Comeen and StratosMedia are paid services and there may be additional costs associated with registering your devices on their platform. 
  • In some cases, this feature can conflict with the power-saving feature on your Meet hardware devices. To ensure that your custom screen saver is visible, be sure to set displays as active during working hours in the organizational unit you’re targeting. 
  • Screen savers are not interactive—tapping your touch controller or using the remote will cause the screen saver to be dismissed, and the device will return to displaying the agenda on the homepage. 

Getting started
  • Admins: Custom screen savers are opt-in and managed at the OU-level and apply to all devices in that organizational unit (OU). Visit the Help Center to learn more about how to display custom screen saver images.
Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , , ,

What’s changing 
We’re introducing a new log event, Access Evaluation, which will help admins better understand how security policies affect their users' access to OAuth apps. This includes settings and policies such as API controls, endpoint management configurations, domain wide delegation and more. The log contains information on the specific policies applied, when access was granted and the reasoning. Admins can use this information to review their security policies and revise them as needed to protect the sharing of Workspace data with users' apps.

Example of an Access Evaluation log


Getting started
  • Admins: Access Evaluation are available in the audit and investigation tool (Menu > Reporting > Audit and investigation > Access Evaluation log events), and the security investigation tool (Menu > Security > Security center > Investigation tool > Data source > Access Evaluation log events)  for specific Google Workspace editions. Visit the Help Center to learn more about Access Evaluation log events. 
  • End users: There is no end user impact or action required.
Rollout pace

Availability
  • Available in the audit and investigation tool for all Google Workspace customers.
  • Available in the security investigation tool for Google Workspace:
    • Frontline Standard
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Cloud Identity Premium

Resources

Labels: , , ,

What’s changing

Admins can now customize the Chrome Web Store experience for their users with several new options, including:

  • Branding and custom messaging: Add company logos, custom welcome banners and announcement banners.
  • Curated collections: Organize specific extensions for your users, including recommended and private extensions. We have also introduced a new collection of extensions that displays all items that are allowlisted by IT administrators.
  • Category controls: Hide specific extension categories to help streamline the browsing experience for users.

Additionally, we've enhanced the Chrome Web Store search experience. In the search results. end-users can quickly notice blocked item tags, and they can benefit from more advanced filtering such as a “Private items” filter.  

Example of a customized Chrome Web Store


Who’s impacted
Admins and end users


Why it matters 
Every Google Workspace customer has unique users with unique needs – Chrome extensions can help improve their workflows and increase productivity. However, navigating the numerous available extensions can present challenges for both admins and end users. For admins, it is often a manual and time consuming process to vet which Chrome extensions they want to allow for their users. For end users, it can be frustrating to sift through a vast catalog of extensions to find relevant and admin-approved extensions.

This update significantly improves the Chrome Web Store experience for enterprises. Admins can customize, organize, and control the Chrome Web Store experience for their users. For end users, finding work-relevant and admin approved extensions becomes significantly easier cutting down on guesswork or wasted time searching for extensions that might be blocked.


Getting started
  • Admins: Four new Apps & Extensions settings have been added to the Chrome section of the Admin console. To find the new settings, go to Menu > Chrome Browser > Apps and extensions > Navigate to the “Settings” tab > Chrome Web Store settings. Visit the Help Center to learn more about customizing the Chrome Web Store for your users.



Rollout pace

Availability
  • Available for all Google Workspace customers with access to the Admin console

Resources

Labels: , , ,

What’s changing

In May 2024, we launched the ability for admins to remotely configure managed iOS apps on end-user devices via Google Mobile Device Management. 

Beginning today, admins can use tokens in the app configurations for managed iOS apps. Tokens act as placeholders for information specific to a user or device that uses the app, such as a user's email address or their device serial number. Previously, configuration data was static, but this update gives admins the flexibility to configure devices dynamically according to various users and devices.

Creating the app configuration using XML information using a token placeholder


Getting started

Rollout pace

Availability
Available for Google Workspace:
  • Business Plus
  • Enterprise Standard and Plus
  • Enterprise Essentials and Essentials Plus
  • Education Standard and Plus
  • Nonprofits
  • Frontline Starter and Standard
  • Cloud Identity Premium 

Resources

Labels: , , , , ,

What’s changing

For Google Workspace customers with Chrome Enterprise Core, we’re pleased to introduce a new Chrome browser profile list and reporting features for signed-in Google Workspace users. These new capabilities give IT administrators more insight into Chrome user profiles in their organization. The report includes a new managed profiles list and detail pages where IT administrators can find information such as profile details, browser versions, policies applied, extensions installed and more. The list of extensions installed allows you to identify versions of extensions that can potentially be a risk factor for your users.

Overall, this update significantly improves how admins analyze how their users are interacting with Chrome and allows them to take action to keep their users and data secure in Chrome.

Once enabled, you can view reports by going to Admin console > Chrome browser > Managed profiles



Getting started
  • Admins: Admins can simply log in to the Google Admin console and enable the Managed profile reporting policy. Visit the Help Center to learn more about viewing Chrome browser profile details.

To enable reporting, go to Menu > Devices > Chrome > Settings > User & browser settings > Chrome Browser > Browser Reporting > Managed Browser Reporting

  • End users: There is no end user impact or action required.

Labels: , , ,

What’s changing 
Google Drive’s Information Rights Management (IRM) capability protects documents from data exfiltration actions, specifically downloading, printing, and copying. This is useful for making sure that sensitive content is protected from data leakage. 


Historically, this feature has only been applicable to users with either the “viewer” or “commenter” role, which has left administrators unable to apply the setting to users with write permissions (see here for more information on Drive roles). To address this, we’re expanding IRM to be applicable to all users, including file writers and owners, when it is applied by a Data Loss Prevention (DLP) rule. 

The new Enhanced IRM action, as seen in the DLP Rule creation flow.



Additional details
When an editor or owner is affected by IRM, they will retain the ability to copy and paste document content, but they may only do so within that document. Attempting to paste content outside of the document will not succeed. For more information, please refer to the help center content.


Getting started
  • Admins: DLP rules and CAA levels are applied per-file based on how these rules are configured.
  • End users: Only administrators can set IRM for all user roles on a file. File owners may still only set IRM for viewers and commenters. If a file has both an administrator-applied IRM setting and a file owner setting on it, the administrator setting takes priority. Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms. Visit the Help Center to learn more about stopping, limiting, or changing how your files are shared.
A view of the file owner’s IRM setting when an overriding administrator setting is present.

Rollout pace

Availability
  • IRM controls are available for all Google Workspace customers
  • Data Loss Prevention Rules and Context-Aware Access conditions are available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
    • Frontline Standard
    • Enterprise Essentials and Enterprise Essentials Plus

Resources

Labels: , , , ,


What’s changing

We’re launching two new settings that will allow admins to control whether their users can add recovery email information and phone information to their Google Workspace account. 

By default, the ability to add a recovery email or phone number is ON for most Workspace users and K-12 super admins, but it should be noted that:

  • Adding email and phone recovery information is OFF by default for K-12 users. 
  • Phone number recovery collection is always enabled for super admins regardless of whether it’s disabled in the admin console.

Any changes admins make to these settings will overrule the existing organizational unit (OU) settings, except for super admins as stated above.

Security > Account Recovery > Recovery information


Who’s impacted
Admins and end users


Why it’s important
Adding recovery information to your account is helpful for keeping users’ accounts more secure, recovering users’ accounts as well as evaluating security related events, such as risky logins or re-authentication attempts. However, we know that there are a variety of reasons that customers would want to prevent their users from doing so. For example, turning recovery information off can help customers stay compliant with local privacy regulations, such as GDPR. Or admins can opt to add recovery information themselves. This update gives admins the control to decide which configuration makes the most sense for their users.

Getting started

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,

Update
[January 9, 2025] We have paused rollout for this beta and will provide an update once rollout resumes.

What’s changing

Beginning today, admins now have the option to set up a custom OpenID Connect (OIDC) profile for single sign-on (SSO) with Google as their Service Provider. OIDC is a popular method for verifying and authenticating the identities - this update gives admins more options for their end users to access cloud applications using a single set of credentials. Previously, only OIDC with pre-configured Microsoft Entra ID profile was supported in addition to SAML.

Custom OIDC profiles can be configured in the Admin console at >Security > Authentication > SSO with third party IdP



Getting started

Rollout pace

Availability
  • Available for all Google Workspace customers except Google Workspace Essentials Starter customers and Workspace Individual Subscribers
  • Also available for Cloud Identity and Cloud Identity Premium customers

Resources

Labels: , , , ,

What’s changing

Beginning today, we’re expanding our data migration experience to include the ability for Google Workspace admins to migrate conversations  from channels in Microsoft Teams to spaces in Google Chat, making it easier for organizations to onboard and deploy Chat. 

This can be done within the Admin console in a few steps:

  • First, connect to your Microsoft account.
  • Then, upload a CSV of the teams from where you want to migrate the messages. You can specify the source to destination identity mapping by uploading a CSV of the email ID’s from source to target.
  • Next, you’ll enter the starting date for messages to be migrated from Teams. Then you can begin your data migration. 
  • Finally, you’ll complete the migration by making migrated spaces, messages and related conversation data available to Google Workspace users (see our Help Center article for specific details on supported data types).

Starting a chat migration in the admin console

When a migration starts, the UI displays a visual report that breaks down tasks with individual progress bars for tasks that are successfully completed, skipped, failed or have warnings.


The final step to complete the migration is to roll out spaces, making migrated spaces and their content available to users.





Additional details
  • The Chat migration tool doesn’t delete or modify existing Google Chat spaces or messages. 
  • You can also run a delta migration, which will migrate any messages added to Teams channels since the primary migration. Messages that are already successfully migrated are skipped.
  • Once a migration is complete, you can export a report that contains detailed information regarding content that skipped, failed or had warnings during the migration.
  • You can find more information in our Help Center about migrating other forms of data from different types of source accounts.


Getting started
Rollout pace
  • This feature is available now.

Availability
  • Available for all Google Workspace customers

Resources

Labels: , , ,

What’s changing
From the introduction of spaces, huddles, voice messages, and more, Google Chat has added major new features and transformed significantly over the past several years. As a result, usage reports for Google Chat are evolving as well. Beginning today, we’re pleased to introduce new, information-rich usage reports to help Workspace administrators understand how their teams are using Google Chat. 


The charts being added are: 
  • User activity: the number of users based on two types (engaged and communicating) in the last 1 day and 28 days over a period of the last 180 days. 
    • “Engaged” users: these users read conversations. These users may, but are not required to, send messages and react to messages.
    • “Communicating” users: these users send or react to messages. The number of communicating users is a subset of engaged users. 
  • Messages sent: the number of messages sent by users of your organization in 1 day, 7 day, and 28 day period over a period of the last 180 days. 
  • Messages sent by conversation type: the number of messages sent in 1 day in direct messages, group and space conversations over a period of the last 180 days. 
  • Messages sent by type: the number of messages sent in 1 day broken out by message type: regular message, voice or video, huddle over a period of the last 180 days. 
  • Messages sent with attachment: the number of messages sent with or without attachments in 1 day over a period of the last 180 days.
  • Messages sent to conversations with external participants: the number of messages sent to conversation that include or may include users external to your organization over a period of the last 180 days.
  • Created spaces*: the number of spaces created by users of your organization in 1 day over a period of the last 180 days 
  • Active spaces*: the number of spaces owned by your organization in 1 day over a period of the last 180 days.

Updated Apps Reports for Google Chat




Admins can view user level data for Google Chat, as you can with Gmail, Drive, and other apps today. Admins can also view how many conversations were read, how many messages were sent, how many attachments* were uploaded, and more. They can also sort this information by specific organizational units or groups to assess adoption or usage within specific parts of organization

User level reporting for Google Chat



*Active Spaces and Created Spaces charts may show different numbers from those in Active Rooms and Active Rooms legacy charts. Active Spaces and Created Spaces charts only count conversations of ‘space’ type; Active Rooms and Created Rooms count conversations of space group conversation types.
*Attachments can be viewed in the security investigation tool.
Who’s impacted
Admins

Why it’s important
The updated reporting aligns trackable metrics with the current Chat experience and provides essential data for analyzing and driving adoption, configuring safety features, and more. 

For instance, admins can gain a deeper understanding of how their users are engaging with chat, differentiating between those who actively participate (send, react) and those who are primarily only reading messages. Organizational leaders  can use these insights to assess the need for further product training to boost adoption. Additionally, monitoring the volume of messages sent to external users can signal to admins that safety measures should be implemented, like establishing data loss prevention (DLP) rules to safeguard sensitive information.

Additionally, Chat is now represented in app usage reports, alongside other products like Google Drive and Gmail. While each set of apps has their own unique set of metrics, admins now have another data set to draw on when analyzing how their users are interacting with Google Workspace apps

Additional details
With the implementation of these new, information rich charts, we’re planning to remove the following charts on July 1, 2025:
  • Active Rooms
  • Created Rooms
  • Active Users
  • Messages Posted

Also note that:
  • Some metrics will take time to populate, such as the 7-day or 28-day views.
  • If you've used the 'Manage Reports' or 'Manage Columns' features to customize the App Reports or User Reports pages, you'll need to adjust your settings to see the new Google Chat charts and columns. These customization features, which allow you to hide, unhide, and rearrange the order of chats or columns, will prevent the new Google Chat data from automatically appearing in your reports. 
Getting started
  • Admins: 
  • End users: There is no end user impact or action required.

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources
Labels: , , ,