WorryFree Computers   »   [go: up one dir, main page]

What’s changing 
Launching first to beta, we’re introducing data loss prevention rules for Gmail. Data protection rules help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. This functionality is already available in Google Chat and Google Drive, and in Gmail you’ll be able to create, implement, and investigate rules in the same manner. 


Admins can create data protection rules to flag sensitive information from using your organization. These rules are applied to outgoing messages sent internally or externally and admins can choose whether all content (including attached files and images), the body of the email, email headers, or subject lines should be scanned. You can configure your rules to look for sensitive text strings, custom detectors, or select predefined detectors. If a message violates a rule, admins can choose to:

  • Block message — the sender will receive a notification about message delivery failure and more information about the policy they violated.
  • Quarantine message — the message will require review and approval by an admin before delivery. If the message is rejected by an admin, the user may receive a notification about it.
  • Audit only — the message is delivered, but it is captured in rule log events for further analysis. This is particularly advantageous because it allows admins to assess the impact of rules before introducing them to your end users.

Data loss prevention for Gmail are available for select Google Workspace customers (see the “Availability” section below) — no additional sign-up is required to use the feature. 

Create data protection policies for Gmail alongside Drive and Chat

Build flexible conditions with selection of predefined and custom detectors of sensitive information

Set up a rule with Audit Only action applied to messages sent outside of organization. The severity level for event logging is set up to ‘Medium’ and alerting via Alert Center is turned on 

Detailed information about the event in the Alert Center

Overview of DLP incidents in the Security Dashboard with further option to investigate audit logs in detail

Who’s impacted
Admins and end users



Why it’s important

In addition to detecting sensitive content, DLP in Gmail offers additional benefits such as:

  • Simplified deployment and data protection policies management with rules for Gmail, Drive and Google Chat unified into the same area and workflow.
  • Advanced detection policies with flexible conditions, wide selection of predefined detectors for global and regional information types, custom detectors (Regular Expressions and word lists), targeting on specific parts of a message (header, subject, body). 
  • Granular configuration of policies scope, defining sender audiences (at domain, OU, and group levels) and recipient audiences (internal, external, both).
  • Actions with various levels of restriction such as block delivery of message (Block), quarantine message for review (Quarantine), and log event for future audit (Audit only).
  • Tools for incident management and investigation such as the Alert Center, Security Dashboard and Security Investigation Tool.


Additional details
How does DLP in Gmail compare to Content Compliance rules?
Content compliance in Gmail does offer similar functionality in that you can create rules to prevent messages that contain specific content from being sent. However, unlike DLP in Gmail, admins have no way to preview the impact of these rules before deploying them broadly.


Further, content compliance offers a variety of features that are better suited for filtering content. For example, you can:
  • Set up a metadata match on a range of IP addresses, and quarantine messages from IP addresses outside of the range.
  • Route messages with content that matches specific text strings or patterns to a specific department, suited the best to process information.

Getting started
  • Admins: 
    • Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail.
      • Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail. 
    • DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.


    • We recommend selecting “Audit only” when you’re setting up a rule. When selected, messages that match the conditions of a rule will be delivered with the detection being logged. This allows you to rest new rules and monitor their performance, or to passively monitor the  environment without interrupting email flow for your users.

    • Note on asynchronous and synchronous scanning: With DLP for Gmail, data protection rules are scanned asynchronously, which means that the message is blocked or quarantined after it leaves the sender’s mailbox and before being dispatched to the recipient. We’re working on the ability to scan data protection rules synchronously when a user hits “Send” in order to notify users about sensitive content before the message leaves their mailbox. 


    • Please share your feedback on this feature with us — this will help us continue to improve the experience as we move through beta and toward general availability. You can share your feedback by selecting the “Send feedback” button located in the bottom left corner of your screen of any data protection related page in the Admin console.


  • End users: When configured by your admins, you’ll be notified if your message contains information that violates a DLP rule

Rollout pace
Availability
Available to Google Workspace:
  • Enterprise Standard, Enterprise Plus
  • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
  • Frontline Standard
  • Cloud Identity Premium customers

Labels: , , , ,

What’s changing 
As part of an ongoing series of improvements for managing Google Meet hardware devices, we recently announced that we would begin capturing application load failures across Meet hardware devices. Beginning today, you can now opt-in to receive email or text message notifications when these failures occur. Subscribing to alerts can help you stay on-top of what’s happening across your hardware fleet and quickly take action to resolve these issues.


Getting started

Rollout pace
  • Rapid and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 25, 2024. We anticipate rollout to take around six weeks to complete.

Availability
Labels: , , , ,

What’s changing
We recently announced the ability to import data from other messaging platforms using the Google Chat API. To build upon this, we’re excited to announce a new migration solution from CloudFuze that enables you to import data from Slack into Google Chat. 

With this integration, you can move messages and memberships from Slack channels into Chat spaces. CloudFuze also imports data while maintaining historical timestamps to ensure users can start using spaces right where they left off.
Import data from Slack to Google Chat using CloudFuze


Who’s impacted 
Admins and developers 


Why you’d use it 
Developed in collaboration with Google Workspace, CloudFuze imports your knowledge repository from Slack into Google Chat. 


Additional details 
To import user data from other messaging platforms into Google Chat, please review the original blog post on how to create a Chat app to migrate data. 

Visit the CloudFuze resource page to learn more about user integrity preservation, optimum Cloud Authentication, migration security and more. 


Getting started 

Rollout pace 

Availability 
  • Available to all Google Workspace customers. Note that a separate CloudFuze licensing is required to enable data migrations. 

Resources 
Labels: , ,

What’s changing 
You can now use client-side encryption as a condition for a data loss prevention (DLP) rule. As with other DLP rules, you’ll be able to configure: 
  • If users are warned before sharing externally. 
  • If users are blocked from sharing externally. 
  • The ability to download, print, or copy the document are disabled for commenters and viewers. 
  • Whether these events should be sent to the Alert Center for further investigation. 

Client-side encryption goes beyond the latest cryptographic standards used by Workspace by giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. Combining client-side encryption with DLP rules help our admins build an even stronger framework around sensitive data and information.


Getting started
Rollout pace


Availability
Available for Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus


Resources

Labels: , ,

What’s changing 
We’re enhancing the experience for client-side encrypted Google Meet calls to include support for inviting external participants, including users without a Google account. Admins will need to turn on access for external participants and determine which identity provider the guest uses to join.




Who’s impacted
Admins and end users


Why it’s important
Meet already encrypts all of your data at rest and in transit between our facilities — client-side encryption gives users direct control of their encryption keys and the identity service that they choose to authenticate for those keys. Adding support for external participants means customers can collaborate with any of their stakeholders safe in the knowledge that only the meeting participants can decrypt the call media. This feature further extends the privacy and compliance capabilities of Google Meet and is the latest security enhancement, alongside encryption for in-meeting chat messages, co-host support, and the ability to join an encrypted meeting from a mobile device. For more information about client-side encryption for Google Meet, see our original announcement.


Getting started
  • Admins: Admins will need to update their IdP/KACLS configurations to open up for external participants and determine which third-party Identity Providers they can use to join a client-side encrypted meeting. Visit the Help Center for more information on providing external access to client-side encrypted content.

  • End users: 
    • Organizing encrypted calls: To turn on client-side encryption for a meeting, go to a calendar event with Meet video conferencing, navigate to Settings (cog-wheel  icon) > Security and select “Add encryption”
      • Contact your administrator to learn about your organization's policies and which external identity services and guests have been configured to allow access. Visit the Help Center to learn more about inviting participants to client-side encrypted meetings.
      • Note that only directly invited participants can join client-side encrypted meetings.

    • Joining encrypted calls: External users will validate their identity using a method supported by the Identity Provider. Authentication methods vary between providers. Some common options could be to log in with an account from e.g. Google or Microsoft, or by receiving an email with a one-time password. Visit the Help Center to learn more about client-side encrypted meetings.
Rollout pace

Availability
Available to Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus
Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing
At Google Cloud Next 2023, we announced interoperability between Google Chat, Microsoft Teams and Slack— powered by Mio and previously available to Workspace customers through a Beta program. We’re pleased to announce that as of today, this solution is generally available for Google Workspace customers. 


Interoperability will enable organizations that use Google Chat and other messaging platforms within their domain to provide a more seamless experience for their users.




Getting started
  • Admins: Learn more about Mio and visit the Mio Help Center for more information.
  • End users: There is no end user action required.

Rollout pace

Availability
  • Available to all Google Workspace customers. Note that separate Mio licensing is required to enable interoperability.


Labels: , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing
Google Workspace developers registered in our Developer Preview Program have been able to build Chat apps that can subscribe to Chat events using the Google Workspace Events API. We’re pleased to announce that as of today, this functionality is now available to all Workspace developers.


Chat apps can receive events about the following types of changes in Google Chat:

  • New memberships
  • New or removed reactions to a message
  • New, updated, or removed members in a space
  • Changes to a space, such as the space name or description

Subscribing to these notifications allows Chat apps to respond to important actions in real-time. For details, see subscribe to Google Chat events in the Google Workspace Events API documentation.


Getting started

Rollout pace

Availability

Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing
Last year, we announced the ability to create spaces, memberships, group chats, and more using the Google Chat API. 

Today, we’re excited to introduce enhanced membership management using the Chat API. Specifically, you can now use the Chat API to promote space members to space managers. 
Promote space members to space managers using the Google Chat API


Getting started 

Rollout pace 

Availability 

Resources 
Labels: , ,

What’s changing 
Since September 2023, Workspace users have enjoyed the convenience of launching FigJam, Figma’s free online whiteboard, directly in Google Meet. We’re excited to announce that you can now launch FigJam both in and out of an active Meet call from the Series One Board 65 and Desk 27 devices.




Who’s impacted
Admins and end users


Why you’d use it
Prior to this update, these rich collaborative tools were only available within a Meet call — now you can launch them from Board 65 and Desk 27 devices outside of a call for on-demand collaboration and problem solving. Existing Jamboard customers can find more resources related to the FigJam and Google Meet integration here.


Additional details
Migrating your Jamboard files to Figma
Figma’s integration allows users to easily migrate their existing Jamboards to FigJam files through the FigJam importer


Device support for additional apps
This enhancement is part of the next phase of digital whiteboarding for Google Workspace. We’ll continue to keep you updated as we add support for launching additional applications directly from Board 65 and Desk 27 devices. 


Getting started
Rollout pace

Availability
  • Available to all Google Workspace customers with Google Meet Board 65 and Desk 27 devices
Resources

Labels: , , ,

What’s changing
Today, we’re introducing a highly requested feature: Dark mode in Drive on web. This new setting aims to provide you with a more comfortable, customizable viewing experience for Drive. 
Dark mode now available in Google Drive web


Getting started 
  • Admins: There is no admin control for this feature. 
  • End users: To use Dark Mode, go to Drive > Settings > Appearance > Dark. Visit the Help Center to learn more about using Dark theme in Google Drive.

Rollout pace 
Availability 
  • Available to all Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts 

Resources 
Labels: , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing

Earlier this year, we introduced the integration between Google Chat and Dialogflow CX through the Google Workspace Developer Preview Program


Dialogflow helps developers build and host Chat bots that understand natural language with minimal coding effort. The enhanced Dialogflow CX version, now generally available, provides a new way of designing virtual agents by taking a state machine approach to agent design. Now, developers have clear and explicit control over a conversation, enjoy a better end-user experience, and gain access to an improved development workflow. 


The Dialogflow CX integration with Google Chat allows developers to easily create Google Chat apps that are useful in all kinds of interactions, especially those that require natural human speech. For example, consider a Chat app that helps people rent cars. A user might write, "I'd like to rent a car". The Chat app might respond with a question like "Where would you like to pick up the vehicle?" which starts a human-like conversation with the user in which the Chat app both understands and responds with human speech while booking the car rental. 
Build a Dialogflow CX Google Chat app that understands and responds with natural language
Who’s impacted 
Developers 


Why it’s important 
Dialogflow CX enables developers to create Chat apps with virtual agents that are more conversational and capable of performing specific tasks. 


Getting started 

Rollout pace 

Availability 
  • Available to all Google Workspace customers 

Resources 
Labels: , , ,

What’s changing 
Back in 2021, we introduced the “enrollment privilege”, which restricts who in your organization can enroll or re-enroll Google Meet hardware devices. Prior to introducing this privilege, Admins had to put devices in a “deprovisioned” state to prevent end users from re-enrolling devices until they were moved to a “pending” state. 



Since the enrollment privilege makes those labels obsolete, we are removing the “deprovisioned” state from the Admin console. You’ll no longer see devices in this state from the device status page (Devices > Google Meet Hardware > Devices), nor will you be able to filter for those labels.


Getting started
  • Admins: 
    • Visit the Help Center to learn more about enrolling and re-enrolling  Google Meet hardware devices into your organization, as well as licensing FAQs.
    • To prevent unauthorized users from re-enrolling devices, opt in to Enrollment Privilege Enforcement: Menu > Google Meet hardware > Settings > Service Settings and toggle ‘Require enrollment privilege’ to ON.
  • End users: There is no end user impact or action required.
Rollout pace
  • Available now.

Availability

Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing
To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. Multi-party approvals will be required for the following settings:
  • 2-Step verification
  • Account recovery
  • Advanced Protection 
  • Google session control
  • Login Challenges
  • Passwordless (beta)
This feature is available for eligible Workspace customers with multiple super admin accounts — see the “Getting started” section below for more information.


Who’s impacted
Admins


Why it’s important
Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action. Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions.


Outlined below is an example of the feature in action, in this case there is an attempt to make a change to 2-step verification policies:

When 2-step verification changes are attempted, admins will be required to submit the change to a super admin for approval.

Super admins can review and take action on these requests in the Admin console by navigating to Security > Multi-party approval. Super admins will also receive email alerts when a 2-step verification change is requested or any other protected action is attempted.

Admins can open a specific approval request to view more information including who is impacted by the change, what the configuration was before the change and what it will be after the change.

Getting started
  • Admins: 
    • This feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approvals are OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approvals for sensitive actions.


Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers


Labels: , , ,

What’s changing

When delegating admin privileges for the Audit and Investigation Tool, you can now restrict access levels to audit data on a per application basis (eg: Admin, Drive logs etc.). This change ensures that access isn’t too broadly provisioned and delegated admins only have access to the apps relevant to their scope.

Assigning access levels for audit data on a per application basis


Getting started

Rollout pace


Labels: , ,

What’s changing

For more than a year, Workspace users have enjoyed the convenience of launching Miro’s visual collaboration tools that can be directly installed in Google Meet.

We’re building upon this by giving users the ability to launch Miro from a Series One Board 65 or Desk 27, either in an active Meet call or directly from the device home screen. 


Who’s impacted
Admins and end users 


Why you’d use it 
Previously, you could access Miro’s rich tools and templates on the Board 65 and Desk 27, such as brainstorming with digital sticky notes and planning agile workflows, during a Meet call. With this update, you can access these tools directly from the Board 65 and Desk 27 whenever collaboration strikes, outside of a Meet call. Visit the Google Workspace Blog for more information on the Google Meet and Miro integration.


Additional details
In late 2024, we will wind down the Jamboard whiteboarding app and continue with the previously planned end of support for Google Jamboard devices. Leveraging our partner ecosystem, including Miro, FigJam and LucidSpark, is part of our effort to continue providing the best whiteboard experiences in Workspace. Please use the following article in the Miro Help Center for more information about migrating your Jamboard files to Miro.


Getting started

Rollout pace

Availability
  • The Miro import tool is available to all Workspace customers.
  • The ability to open Miro on Board 65 and Desk 27 is available to all Google Workspace customers with Google Meet Board 65 and Desk 27 devices.


Labels: , , ,

What’s changing 
Beginning today, admins can migrate encrypted emails from other services like Microsoft 365, Microsoft Exchange, or Virtu, to Gmail client-side encryption in the S/MIME format. This enables Google Workspace customers to simplify the migration process by bulk importing sensitive emails as S/MIME messages without compromising their privacy or compliance posture.


Specifically: 
  • S/MIME messages imported from other mail providers are now supported by Gmail CSE 
  • Virtru customers can use our migration utility to encrypt their plain-text archives from Vault or Takeout, and import them as S/MIME messages 
  • Customers can bulk-import any plain-text email archives into Gmail as S/MIME messages
Additional details
The Gmail CSE Migration Utility is available for Windows, Mac, and Linux and supports PST & Mbox file formats. 

Getting started 

Rollout pace 
Web & Android: 
  • This feature is available now.
iOS: 
Availability 
  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
Resources 
Labels: , , ,

What’s changing 
Google Workspace developers registered in our Workspace Developer Preview program have been able to import user data from other messaging platforms into Google Chat using the Google Chat API. This functionality is now generally available to all Workspace developers and admins. 


Who’s impacted
Admins and developers 


Why it’s important
In order to import data, you can create a Chat app and “import mode” Chat space. Within an import mode space, Chat apps can import the following data as equivalent REST resources:
  • Messages
  • Attachments
  • Reactions
  • Memberships with the following considerations:
    • Historical memberships must be imported when a space is in import mode. You can't import historical memberships after the space completes import mode.
    • Other existing memberships from the source messaging platform must be created after a space completes import mode.
    • Members must be users within the same domain.
  • Spaces: only SpaceType.SPACE is supported.
This is a helpful workflow for those who are transitioning from other messaging platforms to Google Chat. Rather than copying source data into regular spaces, import mode has the following advantages:
  • Preservation of resource creation timestamps: You can set a historical time for the creation times of space and message resources, letting Chat apps retain historical context during user adoption of Google Chat.

  • End users can't view or access spaces in import mode: To prevent user interference with a space undergoing data import, or to avoid possible user confusion as a result of viewing an in-progress data import, spaces in import mode are hidden from end users. After a space has completed import mode, you can add users to the space.

  • Chat turns off notifications during import mode: This helps users to avoid unnecessary alerts about the migration.
Getting started

Rollout pace
  • Available now.

Availability
  • Available to all Google Workspace customers

Labels: , , , ,

What’s changing 
Google Workspace Admins can now configure a number of App Access Control (AAC) policies at the Organizational Unit (OU) level. Previously, this was only possible at the domain level. Specifically, this applies to: 

Who’s impacted
Admins


Why it’s importantWe know that users rely on a variety of tools to do their best work, including third-party apps. However, not every third-party app aligns exactly with every organization’s security policies. App access controls give customers and partners the ability to control access to third-party apps and how those apps access Google Workspace data. This update gives admins added flexibility, allowing them to set App Access Controls as they see fit at the OU level, rather than across their entire domain.


Additional detailsFor Google Workspace education editions, the “User requests to access unconfigured apps setting” can now be configured at the OU level. Visit the Help Center to learn more about managing access to unconfigured third-party apps for users designated under the age of 18.

Getting started

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,