Workspace Data Protection rules are now available for Gmail in Beta
- Block message — the sender will receive a notification about message delivery failure and more information about the policy they violated.
- Quarantine message — the message will require review and approval by an admin before delivery. If the message is rejected by an admin, the user may receive a notification about it.
- Audit only — the message is delivered, but it is captured in rule log events for further analysis. This is particularly advantageous because it allows admins to assess the impact of rules before introducing them to your end users.
- Simplified deployment and data protection policies management with rules for Gmail, Drive and Google Chat unified into the same area and workflow.
- Advanced detection policies with flexible conditions, wide selection of predefined detectors for global and regional information types, custom detectors (Regular Expressions and word lists), targeting on specific parts of a message (header, subject, body).
- Granular configuration of policies scope, defining sender audiences (at domain, OU, and group levels) and recipient audiences (internal, external, both).
- Actions with various levels of restriction such as block delivery of message (Block), quarantine message for review (Quarantine), and log event for future audit (Audit only).
- Tools for incident management and investigation such as the Alert Center, Security Dashboard and Security Investigation Tool.
- Set up a metadata match on a range of IP addresses, and quarantine messages from IP addresses outside of the range.
- Route messages with content that matches specific text strings or patterns to a specific department, suited the best to process information.
- Admins:
- Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail.
- Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail.
- DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.
- We recommend selecting “Audit only” when you’re setting up a rule. When selected, messages that match the conditions of a rule will be delivered with the detection being logged. This allows you to rest new rules and monitor their performance, or to passively monitor the environment without interrupting email flow for your users.
- Note on asynchronous and synchronous scanning: With DLP for Gmail, data protection rules are scanned asynchronously, which means that the message is blocked or quarantined after it leaves the sender’s mailbox and before being dispatched to the recipient. We’re working on the ability to scan data protection rules synchronously when a user hits “Send” in order to notify users about sensitive content before the message leaves their mailbox.
- Please share your feedback on this feature with us — this will help us continue to improve the experience as we move through beta and toward general availability. You can share your feedback by selecting the “Send feedback” button located in the bottom left corner of your screen of any data protection related page in the Admin console.
- End users: When configured by your admins, you’ll be notified if your message contains information that violates a DLP rule
- Rapid Release and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 26, 2024
- Enterprise Standard, Enterprise Plus
- Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
- Frontline Standard
- Cloud Identity Premium customers