WorryFree Computers   »   [go: up one dir, main page]

What’s changing 
Admins can now view “Sensitive Content Snippets” for data loss prevention (DLP) rules. This applies to DLP events for Drive, Chat, and Chrome. When turned on, snippets will log the matched content that triggered a DLP violation in the security investigation tool. Admins can use the information captured in the snippet to better identify actual security risks, determine whether a false positive was returned, and decide on an appropriate course of action.




Getting started
  • Admins: 
    • Make sure any admins who need to review the snippets have the "view sensitive content" privilege. Only super admins have the ability to hide or unhide sensitive data.

    • This feature will be OFF by default and can be turned on in the Admin console by going to Security > Data Protection > Data Protection Settings > Sensitive Content Storage.
      • To view snippets in the security investigation tool, select any row from the “Description column” and scroll down to “Sensitive Content Snippets”. Here you’ll see the matched detector ID, the matched content starting character, and the matched content length.

    • Visit the Help Center to learn more about viewing content snippets that trigger DLP rules, using Workspace DLP to prevent data loss, and the security investigation tool.

  • End users: There is no end user impact or action required.
Rollout pace

Availability
  • Available to Google Workspace Frontline Standard, Enterprise Standard and Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus, and Enterprise Essentials Plus customers
  • Also available to Cloud Identity Premium and BeyondCorp Enterprise customers

Resources
Labels: , , , , , ,

What’s changing

Admins can now set client-side encryption (CSE) to be on by default for:

  • Newly created Gmail messages, Google Calendar events. 
  • Newly created Google Docs, Sheets, and Slides files.
  • Newly uploaded Google Drive files.

Admins can set client-side encryption as default on for users in Organizational Units (OUs) that regularly handle sensitive data requiring additional encryption. This allows organizations the flexibility to meet their compliance and regulatory requirements and reduce the burden on change management programs. Users are prompted to create a CSE object natively in each app meaning their emails, events and files are encrypted by default with customer-managed keys and are private from Google. For organizations with strict regulatory or sovereignty needs, this can help them close compliance gaps by defaulting users to the preferred mode for handling sensitive data.  

Drive:


Gmail:

This is available on the web initially, with support coming for mobile apps in the future. 

Who’s impacted

Admins and end users


Why it matters

This feature is important for Google Workspace admins as it improves users compliance behavior without sacrificing productivity and increases control for admins implementing data control policies. It also includes improved audit logs, providing more detail for admins compiling regulatory compliance reports.

Workspace already uses the latest cryptographic standards to encrypt data by default, at rest and in transit between our facilities. Client-side encryption goes beyond this, giving organizations authoritative control and privacy as the sole owner of private encryption keys and the identity provider of the encryption keys. It gives organizations higher confidence that any third party, including Google and foreign governments, cannot access their confidential data. Users can continue to collaborate across their preferred apps in Workspace while IT and compliance teams can ensure that sensitive data stays compliant with regulations. 


Getting started

Rollout pace

Availability
  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative.

Resources

Labels: , , , , , , , , ,

What’s changing 
Starting December 8, 2023, admins can export Drive files hyperlinked in Gmail messages directly in Google Vault. When admins select “export linked Drive files”, Vault will look for Drive hyperlinks in the body of the emails being exported from Gmail. If Drive hyperlinks are found, a separate export of Drive files will also be created.


Toggle “Export linked Drive files” on or off



In the “Exports” tab, Drive exports will be grouped with their corresponding Gmail export — you can select the arrow icon to open the collapsible menu.






Admins will be able to find their exported hyperlinked Drive content nested under the corresponding Gmail export in the “Export” tab. Vault admins can find the association between the Gmail export and Drive link export in the export file names and metadata


Who’s impacted 
Admins 


Why it matters 
Vault is critical for retaining, holding, searching, and exporting users’ Google Workspace data. This update reduces the need for admins to manually find and extract Drive files hyperlinked in Gmail messages. 

Getting started 

Rollout pace 
Vault user interface updates 
API updates 

Availability 
  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus customers or customers with the Vault add-on license

Resources 
Labels: , , , ,

What’s changing 
Admins can now more seamlessly integrate their Google Workspace data with Chronicle (Google’s cloud-native Security Operations platform), to quickly detect, investigate and take action on risky activity and threats. Admins can now leverage reduced time spent syncing data from Workspace to Chronicle, as well as Chronicle’s curated preconfigured out-of-the-box detections.




Who’s impacted
Admins

Why it matters 
As an admin, you can already use the Alert Center to view notifications and take action on potentially issues within your domain. Now you can take this a step further by using Chronicle, leveraging its rich risk management capabilities and recommendations:
  • Chronicle can help detect and investigate potential threats at every level of sophistication by monitoring your data in real time. 
  • Data insights are available at your fingertips, with rich context and visualization alongside industry best recommendations, helping you make better decisions faster. 
  • Further, you can deploy Chronicle’s out-of-the-box use cases, helping to cut down on time spent building rules and playbooks. 
  • You can also build and automate repeatable playbooks with full-fledged security orchestration, automation and response capabilities (SOAR).
Getting started

Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard and Enterprise Plus customers 

Resources

Labels: , , ,

What’s changing 
We’re expanding mobile device enrollment options for iOS devices to include user enrollment. User enrollment separates work and personal data on iOS devices, giving admins control over Workspace data on the device while users retain privacy over their personal data. 


Additionally, admins can use the Apple Volume Purchase Program (VPP) to purchase and distributed apps in bulk to user-enrolled iOS devices in their organization. 


Who’s impacted 
Admins and end users 


Why you’d use it 
Managing how Workspace data is accessed is a cornerstone of security. The new user enrollment option ensures end users can keep their personal data separate from their work data, while admins can ensure their users are using and accessing apps appropriately. 


Using the VPP, admins can efficiently curate a suite of work-related apps—both free and paid—for their team. This streamlined process not only simplifies the deployment of essential business apps but also ensures that employees have access to the right apps they need to be productive and efficient, all within the secure perimeter of our MDM platform.


Getting started
Admins: 
  • Volume Purchasing Program:
    • To begin, admins need to access Apple’s volume purchasing program with their Business Manager credentials. Through the VPP, admins can purchase app licenses that can be distributed to their employee’s devices in bulk. 

From the Apple Business Manager, you can purchase app licenses in bulk.


Once purchased, admins will need to download the content token, which needs to be uploaded into the Admin console.


VPP tokens can be uploaded in the Admin console at Devices > Mobile and endpoints > iOS settings > Apple Volume Purchase Program (VPP).


For complete instructions, use this Help Center about distributing iOS apps with Apple VPP and applying settings for iOS devices.

  • End users:

The user enrollment process starts when a user signs-in to an app for the first time or re-signs into an app. They’ll be prompted to begin downloading the configuration profile, which will open in an internet browser with more instructions and information. Once the profile has been downloaded, the user will be directed to their devices settings to complete user enrollment.




Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Enterprise Essentials, Enterprise Essentials Plus, Frontline Standard, Frontline Starter, Business Plus, Cloud Identity Premium, Education Standard, Education Plus and Nonprofits customers

Resources



Labels: , , , , ,

What’s changing 
Admins can now use Monitor Mode to understand the implications of a Context-Aware Access (CAA) policy before deploying it to their end users. Monitor Mode will not block end users. Instead, it will show how the policy will block user access overtime, which admins can review in the CAA audit logs. Monitor Mode is available for Google Workspace, other Google Apps & third party SAML apps.

Applying Monitor Mode to context-aware access policies

Monitor Mode reports


Who’s impacted
Admins


Why you’d use it 
Before assigning Context-Aware Access levels, it’s critical for admins to understand the impact this will have on their end users. Using Monitor Mode helps admins fully understand the end user impact before deploying them in active mode, which can help avoid disruptions while helping admins make more informed decisions regarding their security strategies. 


Getting started

Labels: , , ,

What’s changing 
We’re integrating the Android Zero-Touch iFrame with the Admin console for a better, more seamless experience for admins. Zero-Touch devices are devices which have been purchased from Zero-Touch resellers and used in company owned mode. 

Directly from the admin console, admins will be able to: 
  • Set Google Workspace provided configurations for zero-touch devices. 
  • Link Workspace accounts with zero-touch accounts, ensuring devices will always enroll under Google endpoint management. They’ll also have the ability to unlink accounts if needed. Note that one Workspace account can be linked to multiple zero-touch accounts, but a zero-touch account can be linked to only one Workspace account.
In the Admin console, navigate to Devices > Mobile & endpoints > Settings > Enrollment > Android Zero touch 


Who’s impacted
Admins


Why you’d use it 
This update makes it easier for admins to specify a Zero touch configuration for their company owned devices directly from the Admin console. For enterprise mobility management partners (EMMs) this also minimizes the number of Google APIs and portals they need to interact with as well. Zero-touch devices will always enroll an account according to the GEM provided configuration — users cannot bypass this, even if they factory reset the device.

We strongly recommend that you continue to use the Zero-Touch customer portal if you need to:
  • View a list of your zero-touch company owned devices
  • Create more than one custom configuration
  • Set or remove configurations from a device
Getting started

Admins: 
Rollout pace

Availability
  • Available to Google Workspace Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, Education Plus, Frontline Starter and Frontline Standard customers.
  • Available to Cloud Identity Premium customers.

Resources

Labels: , , , ,

What’s changing 
You can now bind multiple Android enterprise mobility management providers (EMM) to your Google Workspace account. Previously, you could only bind a single EMM within your organization. This update gives you more control over how devices in your organization are managed. Specifically, it offers: 


More flexibility: You can choose the right EMM for each user group in your organization. For example, you can use one EMM for engineers and another for retail staff. 


Enhanced control: You can now have multiple instances of the same EMM provider, for example a cloud instance and an on-premise instance, to manage different sets of users. 


Easier migrations: You can now run multiple EMMs in parallel, allowing them to perform phased migrations from an old EMM to the new EMM over time.



Additional details

Private apps
We strongly recommend that admins familiarize themselves with how binding multiple EMMs will impact availability of private apps. You can find more information in our Help Center regarding creating web apps and distributing private apps.


Google Play store
If you’re binding multiple EMMs to a Google Workspace or Google Cloud identity account, you must use your EMM iframe and not play.google.com/work to access the managed Google Play store.

Getting started

Rollout pace
  • This feature is available now for all users.

Availability

  • Available to all Google Workspace customers.


Resources
Labels: , , , ,

3 New updates 

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.

Improved paste values experience in Google Sheets 
Previously, when pasting a number in Google Sheets using Paste special > Values only, the content pasted was only the text from the original range of cells. For example, for the date 9/21/2023, paste values only would paste the date serial number of 45190. To improve upon this feature, the default for paste values for numbers will include values and the number format, meaning all of your numbers will retain their formatting as you are working in Sheets. | Available now to all Google Workspace customers and users with personal Google Accounts. 
Improved paste values experience in Google Sheets
Different certificates for signing and encrypting messages in Gmail 
If your organization uses different certificates for signing and encrypting messages, you can now use the Gmail CSE API to upload different encryption and signature public certificates for each user. | Rolling out to Rapid Release domains now; launch to Scheduled Release domains planned for October 9, 2023. | Available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. | Visit the Help Center to learn more about using the Gmail CSE API to manage user certificates


Allow certificate mismatches for client-side encrypted messages 
In some cases, the email address associated with a user’s certificate might be different from their primary email address — this is known as a certificate mismatch. Admins can now opt to allow certificate mismatches, which means their end users will be able to decrypt and read messages with a mismatch. It should be noted that we recommend allowing certificate mismatches only when this feature is absolutely required for our organization. | Rolling out to Rapid Release domains now; launch to Scheduled Release domains planned for October 9, 2023. | Available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. | Visit the Help Center to learn more about allowing certificate mismatches for client-side encrypted messages in Gmail.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Create, modify, and insert email templates within Groups messages 
When you’re using Groups to send messages, you can save a composed message as a template to reuse in the future. | Learn more about email templates within Groups messages

Additional space manager capabilities in Google Chat 
We’re adding two new controls to the list of space manager capabilities in Google Chat that were introduced earlier this year to ensure effective conversations take place in spaces. The new “Manage apps” and “Manage webhooks” options will allow space managers to control the ability of space members to add and remove apps and webhooks to a space. | Learn more about new space manager capabilities

Easily link to a specific message in Google Chat 
Building upon the recent updates in Google Chat, such as message views, in-line replies and larger spaces, we’re introducing message linking, an additional feature that helps teams collaborate more effectively. | Learn more about message linking

Easily add or remove groups of members to a space in Google Chat 
We’re introducing a new app for Google Chat called Bulk Member Manager that enables space managers and space members, who have permission to manage members, to easily add or remove members to or from a space in bulk. | Learn more about the Bulk Member Manager app

The next phase of digital whiteboarding for Google Workspace 
In late 2024, we will wind down the Jamboard whiteboarding app as well as continue with the previously planned end of support for Google Jamboard devices. | This update impacts all Google Workspace customers who use the Jamboard app or 55-inch Jamboard device. | Learn more about the winding down of the Jamboard whiteboarding app

Updates regarding the transition from spaces organized by topic to in-line threading in Google Chat 
In 2022, we introduced in-line threading for Google Chat and since March 2023, all newly created spaces in Google Chat are in-line threaded by default. On September 30, 2023, we will begin taking the next step toward a single, streamlined flow of conversation in Google Chat: all existing spaces organized by conversation topic will be upgraded to the in-line threaded experience. We’d like to share more information regarding the migration, what to expect, as well as what’s next for Google Chat. | Learn more about in-line threading in Google Chat

Client-side encryption in Gmail is now available on mobile devices 
We’re expanding client-side encryption in Gmail to Android and iOS devices, so you can read and write encrypted messages directly from your device. | Learn more about client-side encryption in Gmail on mobile devices.

Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported 
Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. | Learn more about Access to Less Secure Apps (LSA).



Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.

Rapid Release Domains:



Labels: , , , ,

What’s changing 
As part of our commitment to user safety, Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. This antiquated sign-in method, known as Less Secure Apps (LSAs), puts users at an additional risk since it requires sharing Google Account credentials with third-party apps and devices that can make it easier for bad actors to gain unauthorized access to your account. 


Instead, you’ll need to use the option to Sign-In with Google, which is a safer and more secure way to sync your email to other apps. Sign-in with Google leverages industry standard and more secure OAuth method of authentication already used by the vast majority of third-party apps and devices. 


We previously announced this change in 2019, and are now ready to share an updated timeline regarding this change:


Access to Less Secure Apps (LSA) will be turned off in two stages: 
  1. Beginning June 15, 2024:
    • The LSA settings will be removed from the Admin console and can no longer be changed. Enabled users can connect during this time, but disabled users will no longer be able to access LSAs. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP. 

    • The IMAP enable/disable settings will be removed from users’ Gmail settings.

    • If you’ve been using LSAs prior to this date, you can continue using them until September 30, 2024.

  2. Beginning September 30, 2024:

As part of this change, Google Sync will also be sunsetted: 
  • Beginning June 15, 2024: New users will not be able to connect to Google Workspace via Google Sync.
  • September 30, 2024: Existing Google Sync users will not be able to connect to Google Workspace. Here is how you can transition your organization off Google Sync. To find Google Sync usage in your organization, please go to the Admin Console, navigate to Devices > Mobile & Endpoints > Devices, and filter by Type: Google Sync.


See below for more specific guidance for admins, end users, and developers regarding this change.


Who’s impacted
Admins and end users


Getting Started
Admins
Preparing your end users
In order for your end users to continue using these types of apps with their Google Workspace accounts, they must switch to a more secure type of access called OAuth. You’ll receive more information via email with affected users in your organization in the coming months. We recommend that you share the user instructions (included below) to help them make the necessary changes. 


Mobile Device Management (MDM) Impact
If your organization uses a mobile device management (MDM) provider to configure IMAP, CalDAV CardDAV, POP or Exchange ActiveSync (Google Sync) profiles, these services will be phased out according to the timeline below:
 

June 15, 2024

MDM push of password based IMAP, CalDAV, CardDAV, STMP, POP and Exchange ActiveSync (Google Sync) will no longer work for customers who try to connect to an LSA for the first time.

If you use Google Endpoint Management, you will not be able to turn on "Custom Push Configuration" settings for CalDAV and CardDAV.

September 30, 2024

MDM push of password based IMAP, CalDAV, CardDAV, SMTP and POP will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will re-add their Google accounts to iOS devices using OAuth. 


MDM push of password based Exchange ActiveSync (Google Sync)  will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will re-add their Google accounts to iOS devices using OAuth.


If you use Google Endpoint Management, “Custom push configuration-CalDAV” and “Customer push configuration-CardDAV” (more details about the settings here) will stop being effective. 



Scanners and other devices
If you have scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails, you’ll need to either: configure them to use OAuth, use an alternative method, or configure an App Password for use with the device. 


End users
If you are using an app that accesses your Google Account with only a username and password, take one of the following actions to continue to access your email, calendar, or contacts. If you do not take one of the following actions by September 30, 2024, you will begin receiving an error message that your username-password combination is incorrect and you will not be able to log in. 


Email Applications

Outlook 2016 or Earlier

Move to Microsoft 365 (formerly known as Office 365, a web-based version of Outlook) or Outlook for Windows or Mac, both of which support OAuth access.

Alternatively you can use Google Workspace Sync for Microsoft Outlook

Thunderbird or another email client

Re-add your Google Account and configure it to use IMAP with OAuth.

The mail app on iOS or MacOS, or Outlook for Mac and use only a password to login

You’ll need to remove and re-add your account. When you add it back, select “Sign in with Google” to automatically use OAuth.

MacOS:

iOS:




Calendar Applications
  • If you use an app that uses password based CalDAV to give access to your calendar, switch to a method that supports OAuth. We recommend the Google Calendar app [Web/iOS/Android] as the most secure app to use with your Google Workspace account.
  • If your Google Workspace account is linked to the calendar app in iOS or MacOS and uses only a password to login, you’ll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth. Read more.


Contacts Applications
  • If your Google Workspace account is syncing contacts to iOS or MacOS via CardDAV and uses only a password to login, you’ll need to remove your account. When you add it back, select “sign in with Google” to automatically use OAuth. Read More.

  • If your Google Workspace account is syncing contacts to any other platform or app via CardDAV and uses only a password to login, switch to a method that supports OAuth.


All Other Applications
If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth or create an app password to access these apps.



Developers
To maintain compatibility with Google Workspace accounts, update your app to use OAuth 2.0 as a connection method. To get started, follow our developer guide on using OAuth 2.0 to access Google APIs. You can also refer to our guide on OAuth 2.0 for mobile & desktop apps


Users with personal Google accounts: In the coming weeks we will be removing the IMAP enable/disable toggle from your Gmail settings. IMAP access is always enabled over OAuth and your current connections will not be impacted. No action is required of users. 

Availability
  • This change impacts all Google Workspace customers.

Resources

Labels: , ,

This announcement was made at Google Cloud Next ‘23. Visit the Workspace Blog to learn more about latest security updates and the next wave of AI innovation in Workspace.


What’s changing
Launching in beta, you can now view and edit client-side encrypted Excel files with Google Sheets. Any changes made are saved in the original Excel format. We are making it easy for you to leverage Google Workspace with the tools and formats you already use while preserving confidentiality of your sensitive data with client-side encryption. 

In Google Sheets, navigate to File > Import.


Additional details
With this release:
  • You can only view and edit .xslx Excel file types. Additional Excel and tabular file types are not supported.
  • The maximum supported file size is 20MB.
  • Maximum number of cells that can be opened is 5 million.

As we continue to improve Office editing in encrypted Google Sheets, you may encounter incompatibilities for certain features. 

Some features are not displayed and/or editable, but will be preserved in the document and viewable in Microsoft Office.

Other features may be lost or altered in the latest version of the file when it is edited in Google Sheets. You will see a notification within the document if editing will cause any features to be lost or altered.

Getting started
Rollout pace
Availability
  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers

Labels: , , , ,

Update

[September 28, 2023] Rollout has resumed. 
[September 8, 2023] We have paused rollout for this feature while we evaluate performance and quality. We will provide an update once rollout resumes.

What’s changing

Last year, we introduced stronger safeguards around sensitive actions taken in your Google Workspace accounts. We’re extending these protections to sensitive actions taken in Gmail, specifically actions related to: 
  • Filters: creating a new filter, editing an existing filter, or importing filters. 
  • Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings. 
  • IMAP access: Enabling the IMAP access status from the settings. (Workspace admins control whether this setting is visible to end users or not) 

When these actions are taken, Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a “Verify it’s you” prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. If a verification challenge is failed or not completed, users are sent a “Critical security alert” notification on trusted devices.

If a risky action is taken, you'll be prompted with a "Verify it's you" challenge.



Additional details
Note that this feature only supports users that use Google as their identity provider and actions taken within Google products. SAML users are not supported at this time. See below for more information.

Getting started
Rollout pace

Availability
  • Available to all Google Workspace customers and users with personal Google Accounts 
Resources
Labels: , , ,

What’s changing 
We’re introducing an automated workflow to help reduce the manual effort needed to turn unmanaged accounts into managed accounts. Unmanaged accounts are users who independently created a Google account using one of your organization's domains. 




Admins can access the feature within the Admin console under Account settings > Conflicting accounts management. Here, they can specify their preferences for how to resolve unmanaged accounts when provisioning users for their domains. This preference will apply only when users are provisioned using the public Directory API with URL parameter resolveConflictAccount set to true. 

  • Automatically invite users to transfer unmanaged accounts 
    • Admins can specify how many daily follow-up messages should be sent.
    • If a user declines or does not accept the transfer invitation, admins can specify which next steps should be taken. 
    • Further, admins will have the option to take over the email address of users who decline or ignore the invite. 

  • Replace unmanaged accounts with managed ones 
    • Note that data owned by the account will not be imported.
    • The user will receive a temporary account address, which they’ll need to manually replace with a @gmail.com address of their choice. 
    • They’ll receive an email notification of this, and are informed they cannot use the original email any longer. 
    • Refer to this documentation for more information

  • Don’t create new accounts if unmanaged accounts exist.


Who’s impacted
Admins and end users


Why you’d use it 
Conflict accounts refer to personal Google accounts that get registered with a corporate email address. These accounts cannot be managed by admins, which is outside of the scope of protection admins can apply to keep work data secure. Further, reconciling conflicting accounts creates churn for admins and adds to the workload of onboarding users to Google Workspace & Google Cloud.


While admins can mitigate these accounts using the transfer tool or the “UserInvitation” API functionality, the Conflict Accounts Management tool is a scaled solution for larger customers, helping reduce time spent migrating to business accounts and accelerating adoption of Google Workspace and Google Cloud.

Getting started

  • Admins: 
    • Visit the Help Center to learn more about using the Conflict Accounts Management tool and unmanaged accounts.

  • End users: Depending on your admin configuration:
    • You’ll be invited to transfer your account — if accepted, your admin will have the ability to manage your account.
    • If you do not accept the request, your admin may replace your unmanaged account with a managed one. In that case, you’ll receive a new @gmail.com address and retain your content in this unmanaged, personal Google account.

Rollout pace


Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,

What’s changing 
Admins can now use context-aware access to block users' access to Workspace Applications via other Google (1st party) & non Google (3rd party) applications. With context-aware access, you can set different access levels to Workspace applications based on a user’s identity and the context of the request (location, device security status, IP address). 




Why it’s important 
Context aware access for APIs will enable customer admins to extend existing user/device CAA context access controls to end users attempting to access Google Workspace Applications via other Google & Non Google applications. Extending these policies to APIs that request Google Workspace core data gives admins another layer of control and security and helps protect against data exfiltration. 


Getting started 

Rollout pace 
  • This feature is available now.

Availability 
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers 

Resources 
Labels: , , , ,