WorryFree Computers   »   [go: up one dir, main page]

What’s changing 
Launching first to beta, we’re introducing data loss prevention rules for Gmail. Data protection rules help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. This functionality is already available in Google Chat and Google Drive, and in Gmail you’ll be able to create, implement, and investigate rules in the same manner. 


Admins can create data protection rules to flag sensitive information from using your organization. These rules are applied to outgoing messages sent internally or externally and admins can choose whether all content (including attached files and images), the body of the email, email headers, or subject lines should be scanned. You can configure your rules to look for sensitive text strings, custom detectors, or select predefined detectors. If a message violates a rule, admins can choose to:

  • Block message — the sender will receive a notification about message delivery failure and more information about the policy they violated.
  • Quarantine message — the message will require review and approval by an admin before delivery. If the message is rejected by an admin, the user may receive a notification about it.
  • Audit only — the message is delivered, but it is captured in rule log events for further analysis. This is particularly advantageous because it allows admins to assess the impact of rules before introducing them to your end users.

Data loss prevention for Gmail are available for select Google Workspace customers (see the “Availability” section below) — no additional sign-up is required to use the feature. 

Create data protection policies for Gmail alongside Drive and Chat

Build flexible conditions with selection of predefined and custom detectors of sensitive information

Set up a rule with Audit Only action applied to messages sent outside of organization. The severity level for event logging is set up to ‘Medium’ and alerting via Alert Center is turned on 

Detailed information about the event in the Alert Center

Overview of DLP incidents in the Security Dashboard with further option to investigate audit logs in detail

Who’s impacted
Admins and end users



Why it’s important

In addition to detecting sensitive content, DLP in Gmail offers additional benefits such as:

  • Simplified deployment and data protection policies management with rules for Gmail, Drive and Google Chat unified into the same area and workflow.
  • Advanced detection policies with flexible conditions, wide selection of predefined detectors for global and regional information types, custom detectors (Regular Expressions and word lists), targeting on specific parts of a message (header, subject, body). 
  • Granular configuration of policies scope, defining sender audiences (at domain, OU, and group levels) and recipient audiences (internal, external, both).
  • Actions with various levels of restriction such as block delivery of message (Block), quarantine message for review (Quarantine), and log event for future audit (Audit only).
  • Tools for incident management and investigation such as the Alert Center, Security Dashboard and Security Investigation Tool.


Additional details
How does DLP in Gmail compare to Content Compliance rules?
Content compliance in Gmail does offer similar functionality in that you can create rules to prevent messages that contain specific content from being sent. However, unlike DLP in Gmail, admins have no way to preview the impact of these rules before deploying them broadly.


Further, content compliance offers a variety of features that are better suited for filtering content. For example, you can:
  • Set up a metadata match on a range of IP addresses, and quarantine messages from IP addresses outside of the range.
  • Route messages with content that matches specific text strings or patterns to a specific department, suited the best to process information.

Getting started
  • Admins: 
    • Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail.
      • Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail. 
    • DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.


    • We recommend selecting “Audit only” when you’re setting up a rule. When selected, messages that match the conditions of a rule will be delivered with the detection being logged. This allows you to rest new rules and monitor their performance, or to passively monitor the  environment without interrupting email flow for your users.

    • Note on asynchronous and synchronous scanning: With DLP for Gmail, data protection rules are scanned asynchronously, which means that the message is blocked or quarantined after it leaves the sender’s mailbox and before being dispatched to the recipient. We’re working on the ability to scan data protection rules synchronously when a user hits “Send” in order to notify users about sensitive content before the message leaves their mailbox. In the interim, there may be a slight delay before users are notified that their message violates a DLP rule. We’ll share more information on the Workspace Updates blog when synchronous scanning becomes available.


    • Please share your feedback on this feature with us — this will help us continue to improve the experience as we move through beta and toward general availability. You can share your feedback by selecting the “Send feedback” button located in the bottom left corner of your screen of any data protection related page in the Admin console.


  • End users: When configured by your admins, you’ll be notified if your message contains information that violates a DLP rule

Rollout pace
Availability
Available to Google Workspace:
  • Enterprise Standard, Enterprise Plus
  • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
  • Frontline Standard
  • Cloud Identity Premium customers

Labels: , , , ,

What’s changing 
You can now use client-side encryption as a condition for a data loss prevention (DLP) rule. As with other DLP rules, you’ll be able to configure: 
  • If users are warned before sharing externally. 
  • If users are blocked from sharing externally. 
  • The ability to download, print, or copy the document are disabled for commenters and viewers. 
  • Whether these events should be sent to the Alert Center for further investigation. 

Client-side encryption goes beyond the latest cryptographic standards used by Workspace by giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. Combining client-side encryption with DLP rules help our admins build an even stronger framework around sensitive data and information.


Getting started
Rollout pace


Availability
Available for Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus


Resources

Labels: , ,

What’s changing 
We’re enhancing the experience for client-side encrypted Google Meet calls to include support for inviting external participants, including users without a Google account. Admins will need to turn on access for external participants and determine which identity provider the guest uses to join.




Who’s impacted
Admins and end users


Why it’s important
Meet already encrypts all of your data at rest and in transit between our facilities — client-side encryption gives users direct control of their encryption keys and the identity service that they choose to authenticate for those keys. Adding support for external participants means customers can collaborate with any of their stakeholders safe in the knowledge that only the meeting participants can decrypt the call media. This feature further extends the privacy and compliance capabilities of Google Meet and is the latest security enhancement, alongside encryption for in-meeting chat messages, co-host support, and the ability to join an encrypted meeting from a mobile device. For more information about client-side encryption for Google Meet, see our original announcement.


Getting started
  • Admins: Admins will need to update their IdP/KACLS configurations to open up for external participants and determine which third-party Identity Providers they can use to join a client-side encrypted meeting. Visit the Help Center for more information on providing external access to client-side encrypted content.

  • End users: 
    • Organizing encrypted calls: To turn on client-side encryption for a meeting, go to a calendar event with Meet video conferencing, navigate to Settings (cog-wheel  icon) > Security and select “Add encryption”
      • Contact your administrator to learn about your organization's policies and which external identity services and guests have been configured to allow access. Visit the Help Center to learn more about inviting participants to client-side encrypted meetings.
      • Note that only directly invited participants can join client-side encrypted meetings.

    • Joining encrypted calls: External users will validate their identity using a method supported by the Identity Provider. Authentication methods vary between providers. Some common options could be to log in with an account from e.g. Google or Microsoft, or by receiving an email with a one-time password. Visit the Help Center to learn more about client-side encrypted meetings.
Rollout pace

Availability
Available to Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus
Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing
To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. Multi-party approvals will be required for the following settings:
  • 2-Step verification
  • Account recovery
  • Advanced Protection 
  • Google session control
  • Login Challenges
  • Passwordless (beta)
This feature is available for eligible Workspace customers with multiple super admin accounts — see the “Getting started” section below for more information.


Who’s impacted
Admins


Why it’s important
Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action. Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions.


Outlined below is an example of the feature in action, in this case there is an attempt to make a change to 2-step verification policies:

When 2-step verification changes are attempted, admins will be required to submit the change to a super admin for approval.

Super admins can review and take action on these requests in the Admin console by navigating to Security > Multi-party approval. Super admins will also receive email alerts when a 2-step verification change is requested or any other protected action is attempted.

Admins can open a specific approval request to view more information including who is impacted by the change, what the configuration was before the change and what it will be after the change.

Getting started
  • Admins: 
    • This feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approvals are OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approvals for sensitive actions.


Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers


Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing
As we continue to expand our Gemini for Google Workspace offerings, we're excited to introduce the AI Security add-on for Google Workspace customers. 

At launch, the AI Security add-on will give customers access to the AI Classification capability in Google Drive. AI Classification allows IT teams to automatically and continuously identify, classify, and label sensitive files across the organization. This capability is powered with privacy-preserving AI models that can be uniquely trained for the specific needs of your organization. Classified files can then be protected with existing data loss prevention (DLP) controls. 

Who’s impacted
Admins

Why it matters
Drive Labels enable Workspace Administrators to up-level their security posture by closely monitoring activity on labeled files, and using labels as a vehicle for data loss prevention and lifecycle management policies. The challenge with label-based policies is that they are only effective on files that are correctly identified and labeled. Further, labeling files placed a considerable manual burden on Admins.

This is where AI Classification can help. By training models on customer-identified examples of content that match their data classification definitions, AI Classification can evaluate files where text can be extracted to see if it should be labeled.  This enables organizations to achieve label coverage at a scale and accuracy that is very difficult to accomplish through traditional means and manual Admin intervention. Once labeled, the organization's data can be protected by fine-grained security policies. 


Availability
The AI Security add-on is available for the following Google Workspace Editions:
  • Business Standard and Plus
  • Enterprise Standard and Plus
  • Enterprise Essentials and Essentials Plus
  • Frontline Starter and Standard
  • Google Workspace for Nonprofits 

Resources

Labels: , , ,

What’s changing 
Beginning today, admins can migrate encrypted emails from other services like Microsoft 365, Microsoft Exchange, or Virtu, to Gmail client-side encryption in the S/MIME format. This enables Google Workspace customers to simplify the migration process by bulk importing sensitive emails as S/MIME messages without compromising their privacy or compliance posture.


Specifically: 
  • S/MIME messages imported from other mail providers are now supported by Gmail CSE 
  • Virtru customers can use our migration utility to encrypt their plain-text archives from Vault or Takeout, and import them as S/MIME messages 
  • Customers can bulk-import any plain-text email archives into Gmail as S/MIME messages
Additional details
The Gmail CSE Migration Utility is available for Windows, Mac, and Linux and supports PST & Mbox file formats. 

Getting started 

Rollout pace 
Web & Android: 
  • This feature is available now.
iOS: 
Availability 
  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
Resources 
Labels: , , ,

What’s changing 
Google Workspace Admins can now configure a number of App Access Control (AAC) policies at the Organizational Unit (OU) level. Previously, this was only possible at the domain level. Specifically, this applies to: 

Who’s impacted
Admins


Why it’s importantWe know that users rely on a variety of tools to do their best work, including third-party apps. However, not every third-party app aligns exactly with every organization’s security policies. App access controls give customers and partners the ability to control access to third-party apps and how those apps access Google Workspace data. This update gives admins added flexibility, allowing them to set App Access Controls as they see fit at the OU level, rather than across their entire domain.


Additional detailsFor Google Workspace education editions, the “User requests to access unconfigured apps setting” can now be configured at the OU level. Visit the Help Center to learn more about managing access to unconfigured third-party apps for users designated under the age of 18.

Getting started

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,

What’s changing 
In late 2023, we introduced user enrollment in beta, an additional option for iOS mobile management. User enrollment separates work and personal data on iOS devices, giving admins control over Workspace data on the device while users retain privacy over their personal data. Beginning today, user enrollment is now generally available. For more information, use our Help Center or reference our original announcement.


Getting started


Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Enterprise Essentials, Enterprise Essentials Plus, Frontline Standard, Frontline Starter, Business Plus, Cloud Identity Premium, Education Standard, Education Plus and Nonprofits customers.


Labels: , , , , , ,

What’s changing 
Admins can now set client-side encryption (CSE) to be on by default on Android and iOS for: 
  • Newly drafted Gmail messages and replies 
  • Newly created Google Calendar events 
  • Newly uploaded Google Drive files

Client-side encryption in Gmail


Admins can now set client-side encryption as the default mode for users on both web and mobile that regularly handle sensitive data. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Each new email, event and uploaded file on mobile is automatically client-side encrypted with customer managed keys meaning the user is compliant with their org’s policy from the outset. For organizations with strict regulatory or sovereignty requirements, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data while on the go. 

For more information, check out our original announcement.

Getting started

Rollout pace

Availability
  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.

Resources

Labels: , , , , , , , , ,

What’s changing

This year, we announced Endpoint Education Upgrade, which adds enterprise endpoint management features to your Google Workspace for Education edition. Using endpoint management, admins can better manage and secure the phones and tablets used across their school directly from the Admin console.

Note that advanced endpoint management features are already included with Google Workspace for Education Standard and Plus.

Who’s impacted
Admins


Why you’d use it

Using the Endpoint Education Upgrade, admins can configure a wide range of account and device management features, helping to make your organization's data more secure across your users' mobile devices, desktops, laptops, and other endpoints. For example, you can:
  • Control what Android & iOS app can be installed on a device, who can log into it (for domain owned devices), and where it can access your data.
  • Protect devices from loss or theft with admin rules for alerts, location tracking, access restrictions, and remote data wipes.
  • Manage company-owned devices or set up Android work profiles, so users can safely access your school account on the go.
  • Require stronger device passwords and more.
Visit the Help Center for a complete list of endpoint management features.


Getting started

Rollout pace
  • The Endpoint Education Upgrade will be available for purchase through your current Google Workspace for Education reseller and select channel partners on February 29, 2024. If you do not currently have a Google Workspace for Education reseller, you can find one here.


Availability
  • Endpoint Education Upgrade is available by user based license or device based license (coming soon) — it is not a domain wide license. You can purchase Endpoint Education Upgrade licenses through your current Google Workspace for Education reseller and select channel partners. 

  • If you have Education Fundamentals and wish to upgrade instead of purchasing individual Endpoint Education Upgrade licenses, you can easily upgrade to Education Standard or Education Plus.

Resources
Labels: , ,

What’s changing

You can now import and convert sensitive Excel files into Google Sheets with client-side encryption. When collaborating with external and internal stakeholders, you may find yourself working across both Google Sheets and Microsoft Excel. This update keeps your work moving by layering interoperability on top of the privacy benefits of client-side encryption: users are in direct control of their encryption keys and the identity service that they choose to authenticate for those keys.


This feature was previously announced in August 2023 as part of an open beta.

Additional details 
With this release: 
  • You can only import .xslx Excel file types. 
  • Additional Excel and tabular file types are not supported. 
  • During import, unsupported Excel features in Sheets will be ignored. 
  • The maximum file size is 100MB. 
  • The maximum number of cells that can be imported is 10 million. 
Getting started
Labels: , , ,

What’s changing 
Today, we’re introducing Google Workspace’s new feature, local data storage. This feature allows admins to export their organization’s Workspace data into the geographic location or locations of their choice. These are the available options for this feature: 
  • User data: Specify users, groups, organizational units or your entire organization 
  • Export frequency: Opt for continuous or one-time exports 
  • Storage settings: Specify the geographic location of the Google Cloud storage bucket that the data is exported to, who can access the data, and more settings within the Google Cloud storage bucket.

When creating a new export, you can choose to export your data continuously into your own storage bucket



Who’s impacted
Admins


Why you’d use it
This update allows admins to export their organization's Workspace data into their own Google Cloud Storage (GCS) bucket located in a geographic location of their choice to meet their data sovereignty, compliance, and data archival needs. 

Getting started

Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus customers with Assured Controls add-on
    • If you don’t currently have the Assured Controls add-on, please contact us or reach out to your sales rep for more information.

Resources

Labels: , ,

What’s changing 
You can now collaborate with others on client-side encrypted Google Docs to add, edit, reply, filter, or delete comments. You can also assign action items to yourself or others. This added functionality helps bring parity to unencrypted docs while also ensuring your data is behind encryption keys you control, including the identity provider used to access those keys. 


This feature is available as an open beta, which means you can use it without enrolling in a specific beta program. 




This feature is currently only available for Docs —support for Sheets and Slides will be coming in the future.



Additional details
Note that when sharing encrypted files, you can only assign “viewer” or “editor” permissions. “Commenter” permission is not supported. Viewers can view comments.


Comments are saved each time the document is autosaved. If you restore the document to a previous version, the comments added to the document in that version are also restored.

Getting started
Rollout pace


Availability
  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers

Resources

Labels: , ,

What’s changing
Last year, we improved the client-side security of Google Docs, Sheets, Slides, Forms, Sites, Drawings, Drive, and Calendar with Trusted Types. This browser-based runtime feature limits the uses of Document Object Model (DOM) APIs that are used by the apps listed above or third-party extensions. Trusted Types also reduce the possibility of Document Object Model Cross Site Scripting (DOM XSS), which continues to be one of the most critical threats to web security. 

DOM XSS occurs when a cyber attacker injects malicious code into a web page, which can then be executed by the victim's browser. This can allow the cyber attacker to steal cookies, hijack sessions, and even take control of the victim's computer. 

To defend against this, we’re excited to announce the expansion of Trusted Types to Gmail. This will provide a defense against DOM XSS and further enhances our advanced data protection controls to keep users and data safe across more of the apps they use everyday. 


Who’s impacted 
Developers (relying on any Chrome extensions that modify DOM APIs.) 


Additional details 
This new enforcement mode will require third-party extensions to use typed objects instead of strings when assigning values to DOM APIs. Once Trusted Types are fully enforced, the Trusted Types directive will be present in the Content Security Policy (CSP) header: 

Content-Security-Policy: require-trusted-types-for 'script';report-uri https://mail.google.com/mail/cspreport 


Getting started 
  • Admins: There is no admin control for this feature. 
  • Developers: 
    • To make code Trusted Types compliant, signal to the browser that data being used within the context of these DOM APIs is trustworthy by creating a Trusted Type special object. 
    • There are several ways to be Trusted Types compliant, such as removing the offending code, using a library (such as safevalues or DOMPurify), or creating a Trusted Types policy. To ensure a seamless experience for users, we recommend employing these techniques before Trusted Types enforcement is rolled out. Failure to make code Trusted Types compliant may cause feature breakages for third-party extensions as their DOM manipulations will be blocked by the browser. 
  • End users: There is no end user setting for this feature. 

Rollout pace 

Availability 
  • Available to all Google Workspace customers and users with personal Google Accounts 

Resources 
Labels: , , , ,

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


We have begun enforcing 2-step verification for all admin accounts 
Two-step verification (2SV) is a critical security measure that has been proven to reduce password-based hijacking by more than 50%. We are committed to protecting the security of our users and are taking additional steps to help customers guard against data compromise and prevent account takeovers.

We have begun enforcing 2SV for all admin accounts and will continue this enforcement on an ongoing basis. As of December 2023, this change is already in effect for some customers. When this goes into effect for your organization, you will receive the following notifications:
  • 30 days prior to enforcement in your domain: Super admins will receive various email and in-app notifications informing them of the forthcoming enforcement, encouraging them to verify their admins’ 2SV status. 
  • Once enforcement goes into effect in your domain: All admins will receive email and in-app notifications upon signing into their accounts for the next thirty days. If they do not enable 2SV within this time period, they will be locked out and will need to follow these steps to recover an administrator account.
We highly encourage all administrators to turn on 2SV as soon as possible. Visit the Help Center for more details and further guidance.



Dynamic groups limit increased to 500 
We’re increasing the number of dynamic groups a customer can have from 100 to 500. Dynamic groups are defined as groups whose membership is managed automatically based on specific criteria, such as a user’s department or location. This increase gives admins more flexibility to create dynamic groups as needed and cuts down on manual group management tasks that would otherwise be required. | Rolling out now to Rapid Release and Scheduled Release domains at a gradual pace (up to 15 days for feature visibility). | Available for Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Standard and Education Plus, Enterprise Essentials Plus, and Cloud Identity Premium customers only. | Learn more about dynamic groups.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Meet Add-ons SDK available in Developer Preview 
The Google Meet Web Add-ons SDK is available through our Developer Preview Program. Developers can use the SDK to bring their app experience right into Meet. End users can install, open, and collaborate in apps right inside a meeting, either as the meeting focal point, or in the sidebar — all without ever leaving Meet. | Learn more about Meet Add-ons SDK .

Huddly cameras bring continuous framing to Google Meet Series One room kits 
As part of our initiative to bring adaptive framing to Google Meet meeting rooms, we’re proud to announce that you can now access Huddly’s continuous framing capability available as part of the Series One room kit hardware devices. | Available to all Google Workspace customers using Google Meet Series One room kits only. | Learn more about Google Meet Series One.

Record and share your name pronunciation across Google Workspace products 
From your Google account settings, you can now record your name and share its pronunciation with other users. The pronunciation can be played from your profile card across various Google Workspace tools such as Gmail or Google Docs on web or mobile devices. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Frontline Starter, Frontline Standard, and Nonprofits customers only. | Learn more about name pronunciation. 

Easy access to people, documents, building blocks and more in Google Docs 
When moving to a blank line within your Doc, you will see an “@” button with the option to select, search and insert smart chips, such as people, dates, timers, or files, building blocks, calendar events, groups and more. | Learn more about bringing smart canvas features to the forefront of your workflow

Excuse assignments in Google Classroom 
Teachers can mark an assignment for a particular student as “Excused” instead of giving it a 0-100 score. This will exclude that particular assignment from the student’s overall grade. | Learn more about excusing assignments. 

Introducing interactive questions for YouTube videos in Google Classroom 
Educators can now turn any YouTube video into an interactive lesson by adding questions for their students to answer throughout the video. | Available to Education Plus and the Teaching and Learning Upgrade only. | Learn more about interactive videos. 

Introducing the Bitbucket app for Google Chat 
We’re adding Bitbucket for Google Chat. Bitbucket is a Git-based code and CI/CD tool optimized for teams using Atlassian’s Jira. | Learn more about Bitbucket app for Google Chat. 

Use “Profile Discovery” to display basic information only in search results, available in open beta 
Google Workspace admins can now turn on “Profile discovery” for their users. When turned on, users can customize how they appear across Google products to people who search for them by their phone number or email. Specifically, you can choose how you want your name to be displayed and how your profile picture will be displayed. | Learn more about Profile Discovery.


Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).
Labels: , , , ,

What’s changing 
Earlier this year, we announced the beta availability for admins to display custom notifications when a Google Chat message is blocked or intercepted based on data loss prevention rules. Beginning today, this feature will become generally available on web and mobile. 


Custom notifications give admins the opportunity to provide their users with more context about why they were blocked from sending a specific message, what they can do to unblock themselves, and include links to additional resources, such as organization guidelines for sensitive data with actionable recommendations. For more information, please reference our original announcement.

Getting started
  • Admins: 
    • Custom notifications can be set per each data protection rule at the domain, Organizational Unit (OU), or group level. 
    • When creating a rule, in Step 4: Actions, under “User Message”, select “customize message”.  Custom notifications can also be applied to existing DLP rules. If admins do not customize the notification, the generic notification will be shown to users.
    • Visit the Help Center to learn more about preventing data leaks from Chat messages & attachments.


  • End users: There is no end user action required. Depending on your admin settings, you’ll see more detailed information if you’re trying to send a Google Chat message that meets conditions defined in a data loss prevention rule.


Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, the Teaching and Learning Upgrade, Education Plus, and Frontline Standard customers
  • DLP for Chat is also available to Cloud Identity Premium users who are also licensed for Workspace editions that include Google Chat and Audit and investigation. Visit the Help Center for more information. 

Resources

Labels: , , , ,