WorryFree Computers   »   [go: up one dir, main page]

What’s changing

The Groups Admin role can now be assigned for security groups or non-security groups. Previously, those with the Groups Admin role had access to all groups within an organization. This change gives administrators more granular delegation of group admin responsibilities, helping limit access to the most sensitive groups to only those who absolutely need it. 

This feature is available in open beta, which means no additional sign-up is required to use the feature.

Getting started

Labels: , , , , ,

What’s changing

We’re giving admins more granular control over how mobile device management privileges are delegated. Specifically, admins can be assigned privileges for specific organizational units (OUs). This adds yet another layer of security by ensuring that access is scoped to the necessary OUs only. This feature is available as an open beta, which means you can use it without enrolling in a specific beta program.

Creating a custom role, which is assignable at the OU level.

Assigning permissions at the OU level



Example experience for an admin with OU level permissions





Getting started

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,

What’s changing 
Today, we’re introducing Google Workspace’s new feature, local data storage. This feature allows admins to export their organization’s Workspace data into the geographic location or locations of their choice. These are the available options for this feature: 
  • User data: Specify users, groups, organizational units or your entire organization 
  • Export frequency: Opt for continuous or one-time exports 
  • Storage settings: Specify the geographic location of the Google Cloud storage bucket that the data is exported to, who can access the data, and more settings within the Google Cloud storage bucket.

When creating a new export, you can choose to export your data continuously into your own storage bucket



Who’s impacted
Admins


Why you’d use it
This update allows admins to export their organization's Workspace data into their own Google Cloud Storage (GCS) bucket located in a geographic location of their choice to meet their data sovereignty, compliance, and data archival needs. 

Getting started

Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus customers with Assured Controls add-on
    • If you don’t currently have the Assured Controls add-on, please contact us or reach out to your sales rep for more information.

Resources

Labels: , ,

What’s changing

We’re making changes to the terminology that refers to  when a Meet hardware device is no longer supported:

  • ‘End of Meet support date’ replaces Auto-Update Expiration (AUE) in the Meet hardware Help Center.
  • The Admin console will show ‘end of Meet support’ instead of ‘EOL (end of life)’ in both device information and fleet overview pages.
  • The field name for “end of life” in Admin console’s CSV downloads will change from “eolDate” to “endOfMeetSupportDate”
End of Meet support as indicated in the device information page


End of Meet support as indicated in the Google Meet hardware fleet overview


Additional details

The end of Meet support date for Intel 10th generation devices have been extended from June 2028 to June 2029 to reflect their continued availability.


Getting started


Rollout pace


Availability

  • This update impacts all Google Workspace customers with Meet hardware devices. 


Resources


Labels: , , , ,

What’s changing

We’re introducing a centralized location for reviewing and taking action on reported Google Chat content in the Admin console under Apps > Google Workspace > Moderation, alongside the email quarantine tool for Gmail. Here can be found an overarching view of active and resolved reports, as well as additional information and context about reported messages, allowing for more informed decisions to be made.

Super admins will have access to the moderation tool and can also assign users the new “Moderate Chat content report” privilege. The new privilege can be assigned to users in your organization who are best suited to review Chat content, helping to reduce the burden on super admins.


Who’s impacted
Admins and designated moderators 


Why it’s important
Google Chat is key to accelerating productivity and collaboration — content reporting and moderation helps ensure that information exchanged across Chat is safe and appropriate.  When a report is submitted by users, the moderation tool can be used to:

  • See all reports associated with the message (including those resolved in the past).
    • Note that resolved reports will be removed from the Moderation tool after 180 days.
  • Review the edit history of a message and conversation transcript, including up to five messages posted before the reported message.
  • Conversation details provide information about the type of conversation (direct messages, group direct messages, or Spaces) with number of participants, space managers, guidelines, etc.


Using this information, combined with organization policies, admins and moderators can choose the best course of action, whether that be deleting a specific message or deleting an entire space before resolving the report. Additionally, moderators can add comments to the report for prosperity should the content require further auditing in the future.

The moderation tool can be accessed in the Admin console by selecting Apps > Google Workspace > Moderation.

Upon selecting a reported message, you’ll see a variety of information including conversation details and other reports for the message.

You can select “Show more” from the “Reported message” section to view up to five messages sent prior to the reported message.



Additional details
As part of this change, the moderation tool will also include a tab for managing quarantined Gmail messages. Visit our Help Center for more information regarding setting up email quarantine and the admin privileges required to manage quarantined messages. The Gmail tab is available to all Google Workspace customers.


Getting started


Rollout pace

Availability
  • Google Chat content reporting and moderation is available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers

Resources

Labels: , , ,

What’s changing
In the coming weeks, we’ll be introducing several improvements to Chrome-on-iOS that will help admins more seamlessly apply policies and preferences across their users’ managed devices. This launch will align with the planned release of Chrome 121. Specifically, these improvements are: 
  • Cross-device policy application: Whether it’s a company-owned or personal device, Chrome User Policies can be applied when a user signs into the Chrome browser with their managed account. This ensures a consistent and secure browsing experience across all devices.
  • Management notice for end-users: Managed end-users will begin seeing a management notice, informing them that their organization manages the account they are signing into. This transparency not only fosters trust but also keeps users informed about the security measures in place to protect their data. 
  • Admin console integration: Admins can easily activate this functionality through the Admin console under the "Chrome on iOS" Browser setting. This centralized control allows admins to tailor policies to meet the specific needs of their organization, ensuring a customized and secure browsing environment for all users.
Getting started
 
We’ll remind you that your account is managed upon login and when you’re logged in.


Rollout pace
End user notifications

Admin console integration

Availability
  • Available to all Chrome Browser Cloud Management and Google Workspace customers

Resources

Labels: , , ,

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


We have begun enforcing 2-step verification for all admin accounts 
Two-step verification (2SV) is a critical security measure that has been proven to reduce password-based hijacking by more than 50%. We are committed to protecting the security of our users and are taking additional steps to help customers guard against data compromise and prevent account takeovers.

We have begun enforcing 2SV for all admin accounts and will continue this enforcement on an ongoing basis. As of December 2023, this change is already in effect for some customers. When this goes into effect for your organization, you will receive the following notifications:
  • 30 days prior to enforcement in your domain: Super admins will receive various email and in-app notifications informing them of the forthcoming enforcement, encouraging them to verify their admins’ 2SV status. 
  • Once enforcement goes into effect in your domain: All admins will receive email and in-app notifications upon signing into their accounts for the next thirty days. If they do not enable 2SV within this time period, they will be locked out and will need to follow these steps to recover an administrator account.
We highly encourage all administrators to turn on 2SV as soon as possible. Visit the Help Center for more details and further guidance.



Dynamic groups limit increased to 500 
We’re increasing the number of dynamic groups a customer can have from 100 to 500. Dynamic groups are defined as groups whose membership is managed automatically based on specific criteria, such as a user’s department or location. This increase gives admins more flexibility to create dynamic groups as needed and cuts down on manual group management tasks that would otherwise be required. | Rolling out now to Rapid Release and Scheduled Release domains at a gradual pace (up to 15 days for feature visibility). | Available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers only. | Learn more about dynamic groups.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Meet Add-ons SDK available in Developer Preview 
The Google Meet Web Add-ons SDK is available through our Developer Preview Program. Developers can use the SDK to bring their app experience right into Meet. End users can install, open, and collaborate in apps right inside a meeting, either as the meeting focal point, or in the sidebar — all without ever leaving Meet. | Learn more about Meet Add-ons SDK .

Huddly cameras bring continuous framing to Google Meet Series One room kits 
As part of our initiative to bring adaptive framing to Google Meet meeting rooms, we’re proud to announce that you can now access Huddly’s continuous framing capability available as part of the Series One room kit hardware devices. | Available to all Google Workspace customers using Google Meet Series One room kits only. | Learn more about Google Meet Series One.

Record and share your name pronunciation across Google Workspace products 
From your Google account settings, you can now record your name and share its pronunciation with other users. The pronunciation can be played from your profile card across various Google Workspace tools such as Gmail or Google Docs on web or mobile devices. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Frontline Starter, Frontline Standard, and Nonprofits customers only. | Learn more about name pronunciation. 

Easy access to people, documents, building blocks and more in Google Docs 
When moving to a blank line within your Doc, you will see an “@” button with the option to select, search and insert smart chips, such as people, dates, timers, or files, building blocks, calendar events, groups and more. | Learn more about bringing smart canvas features to the forefront of your workflow

Excuse assignments in Google Classroom 
Teachers can mark an assignment for a particular student as “Excused” instead of giving it a 0-100 score. This will exclude that particular assignment from the student’s overall grade. | Learn more about excusing assignments. 

Introducing interactive questions for YouTube videos in Google Classroom 
Educators can now turn any YouTube video into an interactive lesson by adding questions for their students to answer throughout the video. | Available to Education Plus and the Teaching and Learning Upgrade only. | Learn more about interactive videos. 

Introducing the Bitbucket app for Google Chat 
We’re adding Bitbucket for Google Chat. Bitbucket is a Git-based code and CI/CD tool optimized for teams using Atlassian’s Jira. | Learn more about Bitbucket app for Google Chat. 

Use “Profile Discovery” to display basic information only in search results, available in open beta 
Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. | Learn more about Profile Discovery.


Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).
Labels: , , , ,

What’s changing

Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. 

This feature is available in open beta, which means no additional sign-up is required to use the feature.








In the Admin console, under Directory Settings > Profile editing, you can turn “Profile discovery” on or off for your users.

To help people recognize you, we’ll share basic information needed to confirm your identity. After you interact with someone, they'll typically see your full name, profile picture, and more from your Google Account.




Getting started
Rollout pace


Availability
  • Available to all Google Workspace customers

Resources
Labels: , , ,

What’s changing 
Earlier this year, we announced the beta availability for admins to display custom notifications when a Google Chat message is blocked or intercepted based on data loss prevention rules. Beginning today, this feature will become generally available on web and mobile. 


Custom notifications give admins the opportunity to provide their users with more context about why they were blocked from sending a specific message, what they can do to unblock themselves, and include links to additional resources, such as organization guidelines for sensitive data with actionable recommendations. For more information, please reference our original announcement.

Getting started
  • Admins: 
    • Custom notifications can be set per each data protection rule at the domain, Organizational Unit (OU), or group level. 
    • When creating a rule, in Step 4: Actions, under “User Message”, select “customize message”.  Custom notifications can also be applied to existing DLP rules. If admins do not customize the notification, the generic notification will be shown to users.
    • Visit the Help Center to learn more about preventing data leaks from Chat messages & attachments.


  • End users: There is no end user action required. Depending on your admin settings, you’ll see more detailed information if you’re trying to send a Google Chat message that meets conditions defined in a data loss prevention rule.


Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, and Frontline Standard customers
  • DLP for Chat is also available to Cloud Identity Premium users who are also licensed for Workspace editions that include Google Chat and Audit and investigation. Visit the Help Center for more information. 

Resources

Labels: , , , ,

What’s changing 
Ensuring only managed applications can access sensitive information is vital to security. Currently, when admins make a policy change that results in an app going from unmanaged to managed, if a policy violation is detected, a 24-hour grace period is given to users to comply with the change. After this grace period, users will lose the ability to access their Google Workspace account. 


Moving forward, we’re adjusting a few components to how this grace period operates to boost compliance and prevent inadvertent circumvention. Specifically:

Grace Period 

Situation

Next Steps



None 

-The managed apps policy violation is detected during the device enrollment.

-The managed apps policy violation by an app is detected after 24 hrs from the moment the admin changes the policy.

Users will be prompted to install the app from the Google Device Policy app for IOS or they will lose access to Google Workspace.

Visit the Help Center to learn more.


24 hours

The managed apps policy violation by an app is detected within the 24hrs from the moment the admin changes the policy. 



Who’s impacted
Admins and end users


Why it’s important
Improving these safeguards helps ensure that  only managed applications can access sensitive organization information. If the managed applications do not meet the requirements of the access policies set by admins, managed application access to Workspace data is deactivated until users take the proper steps.


Getting started

Rollout pace
Availability
  • Available to Google Workspace Frontline Starter and Frontline Standard, Business Plus, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus; Enterprise Essentials and Enterprise Essentials Plus and Cloud Identity Premium customers

Resources

Labels: , , , ,

What’s changing 
Admins can now view “Sensitive Content Snippets” for data loss prevention (DLP) rules. This applies to DLP events for Drive, Chat, and Chrome. When turned on, snippets will log the matched content that triggered a DLP violation in the security investigation tool. Admins can use the information captured in the snippet to better identify actual security risks, determine whether a false positive was returned, and decide on an appropriate course of action.




Getting started
  • Admins: 
    • Make sure any admins who need to review the snippets have the "view sensitive content" privilege. Only super admins have the ability to hide or unhide sensitive data.

    • This feature will be OFF by default and can be turned on in the Admin console by going to Security > Data Protection > Data Protection Settings > Sensitive Content Storage.
      • To view snippets in the security investigation tool, select any row from the “Description column” and scroll down to “Sensitive Content Snippets”. Here you’ll see the matched detector ID, the matched content starting character, and the matched content length.

    • Visit the Help Center to learn more about viewing content snippets that trigger DLP rules, using Workspace DLP to prevent data loss, and the security investigation tool.

  • End users: There is no end user impact or action required.
Rollout pace

Availability
  • Available to Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus, and Enterprise Essentials Plus customers
  • Also available to Cloud Identity Premium and BeyondCorp Enterprise customers

Resources
Labels: , , , , , ,

What’s changing

Admins can now set client-side encryption (CSE) to be on by default for:

  • Newly created Gmail messages, Google Calendar events. 
  • Newly created Google Docs, Sheets, and Slides files.
  • Newly uploaded Google Drive files.

Admins can set client-side encryption as default on for users in Organizational Units (OUs) that regularly handle sensitive data requiring additional encryption. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Users are prompted to create a CSE object natively in each app meaning their emails, events and files are encrypted by default with customer-managed keys and are private from Google. For organizations with strict regulatory or sovereignty needs, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data.  

Drive:


Gmail:

This is available on the web initially, with support coming for mobile apps in the future. 

Who’s impacted

Admins and end users


Why it matters

This feature is important for Google Workspace admins as it improves users compliance behavior without sacrificing productivity and increases control for admins implementing data control policies. It also includes improved audit logs, providing more detail for admins compiling regulatory compliance reports.

Workspace already uses the latest cryptographic standards to encrypt data by default, at rest and in transit between our facilities. Client-side encryption goes beyond this, giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. It gives organizations higher confidence that any third party, including Google and foreign governments, cannot access their confidential data. Users can continue to collaborate across their preferred apps in Workspace while IT and compliance teams can ensure that sensitive data stays compliant with regulations. 


Getting started

Rollout pace

Availability
  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.

Resources

Labels: , , , , , , , , ,

What’s changing

We’re excited to announce the general availability of an improved Google Vault audit log experience. As a result of this change, you can now find Vault audit logs in the Admin console alongside other Google Workspace apps like Gmail, Google Drive, and more. Beginning in January, Vault audit logs can be accessed by the Reports API, which you can use to actively monitor your domain’s Vault usage. We’ll share more information here on the Workspace Updates blog when this functionality becomes available.

Aligning the location and functionality of Vault audit logs with other Workspace apps creates a consistent experience for admins and reduces the need to search for information in various locations. It also enables audit logs in the admin console to be compliant with our new regionalized data processing capabilities.

Additional details

The duration, access and visibility of Vault audit logs will remain the same and will continue to require the “manage audits” permission. The Vault audit logs can be accessed through the Vault reports and matter audits links as well as from the Admin Console. Visit the Help Center to learn more about setting up Vault privileges.


Getting started
  • Admins: Visit the Help Center to learn more about Vault log events.
  • End users: There is no end user impact or action required.


Rollout pace


Availability

  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus customers or customers with the Vault add-on license

Resources

Labels: , , ,

What’s changing 
Admins can now more seamlessly integrate their Google Workspace data with Chronicle (Google’s cloud-native Security Operations platform), to quickly detect, investigate and take action on risky activity and threats. Admins can now leverage reduced time spent syncing data from Workspace to Chronicle, as well as Chronicle’s curated preconfigured out-of-the-box detections.




Who’s impacted
Admins

Why it matters 
As an admin, you can already use the Alert Center to view notifications and take action on potentially issues within your domain. Now you can take this a step further by using Chronicle, leveraging its rich risk management capabilities and recommendations:
  • Chronicle can help detect and investigate potential threats at every level of sophistication by monitoring your data in real time. 
  • Data insights are available at your fingertips, with rich context and visualization alongside industry best recommendations, helping you make better decisions faster. 
  • Further, you can deploy Chronicle’s out-of-the-box use cases, helping to cut down on time spent building rules and playbooks. 
  • You can also build and automate repeatable playbooks with full-fledged security orchestration, automation and response capabilities (SOAR).
Getting started

Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard and Enterprise Plus customers 

Resources

Labels: , , ,

What’s changing 
In 2022, we introduced several improvements for managing Google Meet hardware devices. These improvements included surfacing additional information about device issues, such as a description of the issue, when the issue was detected, and more. Today, we’re taking these improvements one step further by providing admins with even more data points. Specifically, admins will now be able to see the following types of usage data:


Issues: device health problems that are detected and persist over time. This is existing functionality and will continue to include the following issue types:
  • Device offline
  • Missing microphone
  • Missing speaker
  • Missing camera
  • Missing controller
  • Missing display
  • Missing default microphone
  • Missing default speaker
  • Missing default camera
  • Missing default whiteboard camera

Activities: records of how a hardware device is being used at any given time, including:
  • Meet call 
  • Zoom call 
  • Webex call
  • Bring-your-own-device mode [or computer connected]
  • Local present
  • Whiteboard camera present 
  • Peripheral firmware update 


Events: any notable point-in-time occurrence that can be useful for admins looking to troubleshoot issues, including:
  • Operating system update 
  • Feedback filed
  • Restart
Who’s impacted
Admins


Why it matters
The health and functionality of your Meet hardware fleet is critical for connection and collaboration. As such, it’s important that admins have the information and context they need to troubleshoot issues across their fleet. With these additional data points, admins will have even greater insight and context into issues, allowing them to troubleshoot and resolve them faster.


Additional details
Google Meet Hardware devices that do not run ChromeOS (such as Poly X30, X50, X70) will only support activity data for Meet calls at this time.


Getting started


Rollout pace

Availability
  • Available to all Google Workspace customers with Google Meet hardware devices

Resources

Labels: , , ,

What’s changing 
We’re expanding mobile device enrollment options for iOS devices to include user enrollment. User enrollment separates work and personal data on iOS devices, giving admins control over Workspace data on the device while users retain privacy over their personal data. 


Additionally, admins can use the Apple Volume Purchase Program (VPP) to purchase and distributed apps in bulk to user-enrolled iOS devices in their organization. 


Who’s impacted 
Admins and end users 


Why you’d use it 
Managing how Workspace data is accessed is a cornerstone of security. The new user enrollment option ensures end users can keep their personal data separate from their work data, while admins can ensure their users are using and accessing apps appropriately. 


Using the VPP, admins can efficiently curate a suite of work-related apps—both free and paid—for their team. This streamlined process not only simplifies the deployment of essential business apps but also ensures that employees have access to the right apps they need to be productive and efficient, all within the secure perimeter of our MDM platform.


Getting started
Admins: 
  • Volume Purchasing Program:
    • To begin, admins need to access Apple’s volume purchasing program with their Business Manager credentials. Through the VPP, admins can purchase app licenses that can be distributed to their employee’s devices in bulk. 

From the Apple Business Manager, you can purchase app licenses in bulk.


Once purchased, admins will need to download the content token, which needs to be uploaded into the Admin console.


VPP tokens can be uploaded in the Admin console at Devices > Mobile and endpoints > iOS settings > Apple Volume Purchase Program (VPP).


For complete instructions, use this Help Center about distributing iOS apps with Apple VPP and applying settings for iOS devices.

  • End users:

The user enrollment process starts when a user signs-in to an app for the first time or re-signs into an app. They’ll be prompted to begin downloading the configuration profile, which will open in an internet browser with more instructions and information. Once the profile has been downloaded, the user will be directed to their devices settings to complete user enrollment.




Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Enterprise Essentials, Enterprise Essentials Plus, Frontline Standard, Frontline Starter, Business Plus, Cloud Identity Premium, Education Standard, Education Plus and Nonprofits customers

Resources



Labels: , , , , ,

What’s changing 
Using Directory Sync, admins can map all the system or default user attributes, including custom attributes, from Microsoft Active Directory or Microsoft Azure Active Directory to Google Directory user attributes and synchronize them. These attributes include first and last names, job title, company, and department. The detailed list of attributes supported can be found in the Help Center. Based on these attribute values, Directory Sync will automatically map the users with the attributes provided from the Active Directory or Azure Active Directory on the Google Workspace side.




Directory Sync is available as an open beta, meaning no sign-up is required. Use our Help Center to learn more about using Directory Sync and FAQs

Getting started
  • Admins: To use the Directory Sync, go to Admin console > Home > Directory > Directory Sync. Visit the Help Center to learn more about setting up a user sync.

Rollout pace
  • This feature is available now for all users.

Availability
  • Available to all Google Workspace customers

Resources

Labels: , ,