The Google Admin mobile app allows Apps super admins to easily manage users and groups, contact support, view audit logs and do other common administrative tasks all from their Android and iOS devices. With today’s launch, we’re streamlining some of the most popular admin experiences, integrating admin actions with mobile communications and introducing a new look and feel. The new features, launching today for both Android and iOS, include:
Richer user profiles with support for groups and several new attributes
Ability to perform bulk actions on users and groups
Ability to send text (SMS, WhatsApp, etc.) messages to users when adding them or resetting their password
The user experience has been redesigned using material design principles―aligning with the new look and feel announced for the Admin console on desktop earlier this year―providing a seamless experience across platforms and devices.
Check out the Help Center for more information on the new Google Admin app for Android and iOS. Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only Action: Admin action suggested/FYI More Information Help Center: Android Help Center: iOS Get the app on Google Play and the App Store Note: all launches are applicable to all Google Apps editions unless otherwise noted
Audit logs allow Google Apps admins to monitor user activity across different applications like Calendar and Drive, giving them increased visibility for tracking and troubleshooting. Today we’re adding audit log support for Google Groups for Business. Google Groups audit logs will provide admins with access to their users’ Google Groups activity via the Admin console and the Reports API. Admins can see an audit trail of Groups-related information, including changes to group settings and permissions, moderation actions, and membership-related actions (e.g. additions, removals, bans, unbans, invites, and joins) performed by their users in the Groups interface. In addition, admins can set up custom alerts for Groups audit events to effectively track important Groups-related activity. Check out the Help Center and developer documentation for more information. Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only Action: Admin action suggested/FYI More Information Help Center Developer Documentation Note: all launches are applicable to all Google Apps editions unless otherwise noted
Today we’re introducing YouTube settings, available to Google Apps admins as an Additional Service, that will allow admins to restrict YouTube content on managed networks. This feature is integrated directly into the Google Apps Admin console under YouTube settings [Apps > Additional Google services > YouTube]. In addition to restricting video content, admins will be able to delegate “approvers” to whitelist additional content for signed-in users on the domain. Check out the Help Center for more information on these new settings. Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only Action: Admin action suggested/FYI More Information Help Center Note: all launches are applicable to all Google Apps editions unless otherwise noted
Email compliance settings allow Google Apps admins to set policies to regulate the delivery of both internal and external email for their organization. Today, we’re announcing two different policy improvements to further enhance email security:
Attachment scanning The Content compliance setting enables admins to specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns contained within their content. Similarly, the Objectionable content setting enables admins to specify what action to perform for messages containing specific word lists that they create. Previously, each of these policies supported the scanning of the body of email messages and text attachments only. With today’s launch, the policies will also scan the content inside common attachment types―such as documents, presentations, and spreadsheets from different productivity suites―for increased security. File type detection The Attachment compliance setting enables admins to specify actions to perform for messages with attachments based on file type, filename, and message size. Previously, the policy relied solely on the file type extension when identifying matches. With today’s launch, we’ll start scanning and identifying the actual file type of attachments, preventing the renaming of most file type extensions to circumvent attachment policies. Check out the Help Center links below for more information on these security improvements. Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only Action: Admin action suggested/FYI For more information: Help Center: Content compliance Help Center: Objectionable content Help Center: Attachment compliance
Note: all launches are applicable to all Google Apps editions unless otherwise noted
With today’s launch, we’re introducing a new setting in the Google Apps Admin console that gives Apps admins control over whether or not people in their organizations can edit their profile names in Google+. By default, people can change the profile name that’s displayed for their Google+ profile. The new display name is also used in all other Google products, except for user-edited Gmail usernames. Starting today, admins can decide to disallow name changes. If changes are disallowed, all Google+ profile names that were previously changed by individuals will be replaced by their corresponding names in the Admin console directory. If admins decide to prevent users from changing their Google+ profile names, we recommend the following to minimize any confusion:
Inform people in your organization that their profile name might change—before you modify the setting.
Advise people to contact their Google Apps admin if they need to change their profile name after the setting is changed.
Visit the Help Center to learn more about managing Google+ profiles. Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only for new setting All end users on Google+ if the setting is changed Action: Change management suggested if changing setting For more information: Help Center: Manage Google+ Profiles Help Center: Prevent users from changing their Google+ profile names Note: all launches are applicable to all Google Apps editions unless otherwise noted
Currently, super admins and delegated admins with the Drive service privilege can transfer Google Drive content from one employee to another in the Drive section of the Admin console. Recently, we introduced a new Data Transfer privilege in the Admin console (located under Admin roles > Privileges > Admin API Privileges). Over the course of the following week, super admins and those delegated admins who already have the Drive service privilege will have this Data Transfer privilege enabled automatically.
Once that auto-enablement takes place for your domain, you and any other admins will need to have both the Drive service privilege and the Data Transfer privilege in order to transfer data in the Drive section of the Admin console. Note that super admins will continue to be the only admins allowed to transfer data when deleting users. They’ll also have the option to revoke the Data Transfer privilege from any delegated admin.
In the near future, we’ll introduce a Data Ownership Transfer API, which will require this Data Transfer privilege and allow admins to programmatically transfer ownership of various Google data—in bulk—from one employee to another. We’ll provide more details when that API is available.
Launch Details Release track: Launching to both Rapid release and Scheduled release
Rollout pace: Gradual rollout (potentially longer than 3 days for feature visibility)
Following the addition of download event support to the Google Drive audit logs, today we’ve added support for print and preview events within the Drive viewer. As with download events, today’s launch will cover print and preview events for Google and non-Google file formats. Admins will also be able to filter on these events and combine that with other filtering criteria like document name, user name and timestamp. Moreover, admins will also be able to set alerts for print and preview events on certain files based on filenames, owners etc. Check out the Help Center for more information. Note: Google Drive audit logs are available to Google Apps Unlimited/Google Drive for Work and Google Apps for Education customers only Launch Details Release track: Launching to both Rapid release and Scheduled release Rollout pace: Full rollout (1-3 days for feature visibility) Impact: Admins only Action: Admin action suggested/FYI For more information: Help Center Note: all launches are applicable to all Google Apps editions unless otherwise noted
Last year, Google worked with the FIDO Alliance standards organization to launch the Security Key — an actual physical key used to simplify 2-Step Verification with Google Accounts. The key adds a layer of protection as it sends an encrypted signature rather than a code, ensuring that login information cannot be phished.
Recently, we announced that we’ve been working on new controls for Google Apps admins to easily deploy, monitor and manage Security Keys for their domains via the Admin console, with no additional software to install. Today, we’re excited to announce that these controls are ready and available in the Admin console for Google Apps Unlimited and Google Apps for Education customers. We also have worked on a new special offer for Google Apps for Work customers that allows them to purchase Security Keys at a 50% discounted rate from Yubico, Security Key manufacturer. Once Security Keys have been activated by individuals within a domain, Google Apps admins will now be able to do the following with today’s release:
See where and when people last used their keys with usage tracking and reports (Admin console > Reports > Audit > Admin)
Easily revoke access to lost Security Keys and provide backup codes so people can still sign-in and get work done (Admin console > Users > Open details for person in question > Security Keys)
We are using Security Keys at Google because it makes our lives easier and increases security. With these new controls, Google Apps admins can offer the same benefits to people in their domain.
To help analyze and monitor the use of Google Drive content in their organizations, Drive for Work and Google Apps for Education admins are able to access audit logs in the ‘Audit’ section of the Admin console Reports area and via the Reports API. The current Drive audit logs include events such as create, view, and delete, among others. With today’s launch, we’re adding download event support to the Drive audit logs. Download events will cover file downloads for Google and non-Google file formats. Admins will be able to filter on download events and combine that with other filtering criteria like document name, user name and timestamp. Admins will also be able to set download alerts on certain files based on filenames, owners, etc. Check out the Help Center for more information and notes on download event support. We’ll be adding additional sources such as Sync Client downloads and exports of documents through the Google Docs editors in the future. Release track: Rapid release and Scheduled release For more information: Help Center Note: all launches are applicable to all Google Apps editions unless otherwise noted
Google Apps allows for the use of inbound mail gateway servers which admins can leverage to process their inbound mail in different ways―such as archiving it or filtering out spam―before passing it onto the Google Apps mail server for delivery. Today’s launch adds more flexibility for Apps admins when using inbound mail gateway servers:
Multiple upstream server systems - to accommodate more complex network architectures, customers can now have multiple server systems upstream from Gmail.
Message tagging - an upstream system can now tag messages as spam in the header, which Gmail will honor, allowing for full delegation of spam filtering to a third party solution if desired.
Check out the Help Center for more information on these new features. Note: previously configured inbound gateway settings will be retained after this launch. Release track: Rapid release and Scheduled release For more information: Help Center Note: all launches are applicable to all Google Apps editions unless otherwise noted
Check out the Help Center for more information on the new Google Admin app for Android and iOS.
