[go: up one dir, main page]

What’s changing
We’re introducing several updates around framing controls for Google Meet hardware devices:


First, we’re introducing an admin setting which will allow admins to choose a default framing option for their meeting spaces, ensuring every meeting begins with an optimally configured view. This will help your users jump right into their meetings without having to re-adjust camera settings from the previous meeting. This can be set individually for each device or via the bulk updates across your fleet.

Setting the default camera framing option in the Admin console




Next, we’re adding framing support on whiteboards (Series One Desk 27 and Board 65) and remote controlled only Google Meet hardware devices, which will help ensure optimal camera framing on these devices.


Remote control framing user interfaceWhiteboard framing user interface




Finally, we’re making a few small adjustments to how camera framing settings appear on hardware devices. For Meet on Android, we’re removing the “Continuous framing” toggles and replacing them with a “Framing by” toggle. Depending on the third-party devices you’re using, you’ll see “Framing by Logitech”,“Framing by Huddly” or “Framing by Poly”, for example. We’re also changing the “Home” button to “Reset to default”.
Updated camera framing settings on Meet hardware devices



Getting started
Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , ,

What’s changing 
Using context-aware access, you now have the option to automatically block access to Google Workspace data from compromised Android and iOS devices. A device may be counted as compromised if certain unusual events are detected, including devices that are jailbroken, bypassing of security controls, modification of restricted settings, and more.

Creating a new rule to block compromised mobile devices


Blocking message for compromised iOS and Android devices






Getting started

Rollout pace
  • Block access to Google Workspace data: available immediately for both Android and iOS.
  • Remediation message: available immediately for Android, available on May 9, 2024 for iOS. 

Availability
Available to Google Workspace
  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Frontline Standard
  • Enterprise Essentials Plus
  • Cloud Identity Premium

Labels: , , , ,

What’s changing

We’re simplifying how users turn on 2-Step Verification (2SV), which will streamline the process, and make it easier for admins to enforce 2SV policies in their organizations.  

Here are some of the important changes with this change:

  • Users may add “second step methods” (such as Google Authenticator, or a hardware security key) before turning on 2SV. This is particularly helpful for organizations using Google Authenticator (or other equivalent time-based one-time password (TOTP) apps). Previously, users had to enable 2SV with a phone number before being able to add Authenticator.

  • Users with hardware security keys will have two options to add them to their account on the “Passkeys and security keys” page:
    • ‘Use security key”: this registers a FIDO1 credential on the security key even if the key itself is FIDO2 capable.
    • ‘Create passkey and follow instructions to “use another device”: this registers a FIDO2 credential on the security key, and will require users to use the key’s PIN for local verification (this creates a passkey on the security key).
    • Note: users will continue to be asked for their password along with their passkey if the admin policy for “Allow users to skip passwords at sign-in by using passkeys” remains turned OFF (this is the default configuration).

  • If an enrolled 2SV user turns 2SV OFF from their account settings, their enrolled second steps (such as backup codes, Google Authenticator, or second factor phone) are not automatically removed from their account. Before this change all second factors would be removed when the user turned 2SV off. Note: When an administrator turns off 2SV for a user from the Admin console or via the Admin SDK, the second factors will be removed as before, to ensure user off-boarding workflows remain unaffected
Getting started
Rollout pace

Availability
  • Available to all Google Workspace customers and users with personal Google accounts 

Resources

Labels: , , ,

What’s changing 
We’re making it easier to manage your AppSheet users with the introduction of AppSheet Organizations. An AppSheet organization creates organization administrators with a centralized tool to manage all of the teams in the organization and delegate team management responsibilities to team administrators. 

This chart shows the hierarchical relationship between an organization, and its teams and members. 




An organization is based on a Workspace organization and is tied to your primary domain. One organization can contain multiple teams based on Google groups and Workspace organizations.


Who’s impacted
Admins


Why you’d use it
AppSheet organizations significantly simplify the management of users and policies across all their AppSheet teams. Admins can:
  • Access self-serve tools to make changes that formerly required manual Support team intervention.
  • Create and manage organization-level policies that apply to all teams and manage individual team policies.
  • Create new teams with distinct admins, users and policies as needed. Admins can also independently assign or remove team, root, or organization administrator roles of any user.

Additional details
Support for non-Google authenticated users
For new and existing customers with AppSheet Organizations, any user from your verified primary or secondary domains that does not authenticate through Google will be shown in your domain-based teams alongside any group-based teams that have been created. These users will be subject to the same policies and team settings that apply to your users that authenticate through Google.


Getting started

Rollout pace


Availability

Resources

Labels: , , ,

What’s changing 
Directly from the Admin console, admins can remotely set custom configs for managed iOS apps on end-user devices for their enterprise using Google Mobile Device Management. Managed configurations are applied using XML property lists and the same app can be configured differently across different domains, groups, or organizational units (OUs).

Creating the app configuration using XML information


Applying the configuration


Who’s impacted
Admins and end users


Why it’s important
Prior to this update, mobile app configuration was only available for managed Android devices. Beginning today, Workspace admins can use Managed App Configuration to set custom app configurations and deploy them to manage iOS devices across their organization. This gives admins the flexibility they need to create safety parameters that align with the various needs of users across their organization.




Getting started

Rollout pace

Availability

Labels: , , , , ,

3 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


Customizable Home tab for Google Chat apps 
Recently, we announced the availability of the "Home" tab for Google Chat apps through the Google Workspace Developer Preview Program. This feature allows developers to create a new tab in their Chat apps, known as “App Home”. App home can be customized to display user-specific dashboards, a list of open items and tasks, and more. We’re excited to announce this is now generally available for Google Workspace developers. | Rollout to Rapid Release domains and Scheduled Release domains is complete. | Available to all Google Workspace customers. | Learn more about sending an app home card message for a Google Chat app.
Customizable Home tab for Google Chat apps

Create Looker Studio reports from Google Sheets 
Looker Studio enables users to quickly build interactive reports and dashboards, and starting today they can now be created directly from Google Sheets. More specifically, users can: 
  • Pick which sheet or cell range to use in the generated report on Looker Studio. 
  • Transform the data in Sheets to an automatically generated Looker Studio report in a single click, and save and share the report with an individual or a team. 
The Looker Studio report remains connected to the Sheet, and can be refreshed to reflect data updates. | Rolling out to Rapid Release domains and Scheduled Release domains now. | Available to all Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Learn how to create a Looker Studio report from Google Sheets

Create Looker Studio reports from Google Sheets

Export Gemini data for users in your organization 
Super admins can now export all of their users Gemini data, including prompts and Gemini’s responses to those prompts. Expanding takeout to include Gemini data continues to ensure that our customers have control over their organization’s data in order to manage their data privacy and compliance needs. | Rollout to Rapid Release domains and Scheduled Release domains is complete. | Available to Google Workspace customers with the Gemini Enterprise and Gemini Business add-on, as well as those customers with Gemini (gemini.google.com) enabled for their users. | Learn more about exporting Gemini data, exporting all of your organization’s data, and exporting data by organizational unit, group, or user. Additionally, you can use the Help Center to learn more about allowing your users to download their data.





Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


External participants can now join Google Meet client-side encrypted calls 
We’re enhancing the experience for client-side encrypted Google Meet calls to include support for inviting external participants, including users without a Google account. | Learn more about external participants joining CSE Meet calls. 


Client-side encryption can now be selected as a data loss prevention condition 
You can now use client-side encryption as a condition for a data loss prevention (DLP) rule. | Learn more about the DLP rule. 


Seamlessly transfer between devices during a Google Meet call 
You can now smoothly transfer between devices while on a Google Meet call without hanging up and rejoining. | Learn more about transferring between devices during a Google Meet call. 


Import data from Slack to Google Chat using CloudFuze 
With the CloudFuze integration, you can move messages and memberships from Slack channels into Chat spaces. CloudFuze also imports data while maintaining historical timestamps to ensure users can start using spaces right where they left off. | Learn more about Google Chat and CloudFuze.


Get notified about application load failures for your Google Meet Hardware devices 
You can now opt-in to receive email or text message notifications when application load failures occur. Subscribing to alerts can help you stay on-top of what’s happening across your hardware fleet and quickly take action to resolve these issues. | Learn more about application load failure notifications.


Workspace Data Protection rules are now available for Gmail in Beta
Launching first to beta, we’re introducing data loss prevention rules for Gmail. Data protection rules help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. | Learn more about Data Protection rules.



Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).   

Labels: , , , , ,

What’s changing 
As part of an ongoing series of improvements for managing Google Meet hardware devices, we recently announced that we would begin capturing application load failures across Meet hardware devices. Beginning today, you can now opt-in to receive email or text message notifications when these failures occur. Subscribing to alerts can help you stay on-top of what’s happening across your hardware fleet and quickly take action to resolve these issues.


Getting started

Rollout pace
  • Rapid and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 25, 2024. We anticipate rollout to take around six weeks to complete.

Availability
Labels: , , , ,

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


Address access permissions for Google Drive embeds in Google Sites 
When adding embedded content from Google Drive into a Google Site, such as a PDF, document or presentation, site editors will now be prompted to address potential access permissions. The notification will also appear when site editors are publishing the site or sharing it with other site collaborators and viewers. This will ensure other site collaborators or viewers have permission to edit or view embedded Drive content when collaborating on a site. | Rolling out to Rapid Release domains now; launch to Scheduled Release domains planned for April 25, 2024. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Learn more about adding Google files, videos, website content, & more.
Address access permissions for Google Drive embeds in Google Sites

Track usage for Gemini for Workspace users in the Admin console
We recently announced the Gemini Business add-on which provides a subset of generative AI features, subject to monthly usage limits. Gemini Business customers can now check a user’s Gemini limit status in the admin console. For Gemini Enterprise and Gemini Business customers, admins can check their user’s last Gemini usage date as well. | Gemini usage and limit status reports are now available. | Learn more about Usage limits in Gemini for Google Workspace.




Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Introducing the AI Meetings and Messaging for Google Workspace add-on 
As we continue to expand our Gemini for Google Workspace offerings, we're excited to introduce the AI Meetings and Messaging add-on, which will help you have richer meetings and foster more meaningful collaboration. | Learn more about the AI Meetings and Messaging add-on

Introducing a new AI Security add-on for Google Workspace  
The AI Security add-on will give customers access to the AI Classification capability in Google Drive. AI Classification allows IT teams to automatically and continuously identify, classify, and label sensitive files across the organization. | Learn more about the AI Security add-on

Control your users’ access to new Gemini for Google Workspace features before general availability
We’re introducing a new setting in the Admin console which will give Gemini customers the ability to test Gemini for Google Workspace alpha features before they become generally available. Specifically, admins will be able to turn on alpha features for all Gemini provisioned Workspace users or for a subset of Gemini users in a particular Organizational Unit (OU) or Group. | Learn more about accessing Gemini for Google Workspace features

Protect sensitive admin actions with multi-party approvals 
To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. | Learn more about multi-party approvals.

Changes to displaying the “deprovisioned” status for Google Meet hardware devices 
We are removing the “deprovisioned” state from the Admin console. You’ll no longer see devices in this state from the device status page (Devices > Google Meet Hardware > Devices), nor will you be able to filter for those labels. | Learn more about statuses for Google Meet hardware devices.



For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).   




Labels: , , , , ,

What’s changing 
Back in 2021, we introduced the “enrollment privilege”, which restricts who in your organization can enroll or re-enroll Google Meet hardware devices. Prior to introducing this privilege, Admins had to put devices in a “deprovisioned” state to prevent end users from re-enrolling devices until they were moved to a “pending” state. 



Since the enrollment privilege makes those labels obsolete, we are removing the “deprovisioned” state from the Admin console. You’ll no longer see devices in this state from the device status page (Devices > Google Meet Hardware > Devices), nor will you be able to filter for those labels.


Getting started
  • Admins: 
    • Visit the Help Center to learn more about enrolling and re-enrolling  Google Meet hardware devices into your organization, as well as licensing FAQs.
    • To prevent unauthorized users from re-enrolling devices, opt in to Enrollment Privilege Enforcement: Menu > Google Meet hardware > Settings > Service Settings and toggle ‘Require enrollment privilege’ to ON.
  • End users: There is no end user impact or action required.
Rollout pace
  • Available now.

Availability

Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.

What’s changing
To protect our customers from malicious actors taking sensitive admin actions, we’re launching multi-party approvals where one admin must approve certain sensitive actions initiated by another. Multi-party approvals will be required for the following settings:
  • 2-Step verification
  • Account recovery
  • Advanced Protection 
  • Google session control
  • Login Challenges
  • Passwordless (beta)
This feature is available for eligible Workspace customers with multiple super admin accounts — see the “Getting started” section below for more information.


Who’s impacted
Admins


Why it’s important
Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made. This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often. Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action. Multi-party approvals makes super admins aware of what changes are being attempted and gives them the opportunity to accept or reject these sensitive actions.


Outlined below is an example of the feature in action, in this case there is an attempt to make a change to 2-step verification policies:

When 2-step verification changes are attempted, admins will be required to submit the change to a super admin for approval.

Super admins can review and take action on these requests in the Admin console by navigating to Security > Multi-party approval. Super admins will also receive email alerts when a 2-step verification change is requested or any other protected action is attempted.

Admins can open a specific approval request to view more information including who is impacted by the change, what the configuration was before the change and what it will be after the change.

Getting started
  • Admins: 
    • This feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approvals are OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approvals for sensitive actions.


Rollout pace

Availability
  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Cloud Identity Premium customers


Labels: , , ,

This announcement was part of Google Cloud Next ‘24. Visit the Workspace Blog to learn more about the next wave of innovations in Workspace, including enhancements to Gemini for Google Workspace.


What’s changing
We’re introducing a new setting in the Admin console which will give Gemini customers the ability to test Gemini for Google Workspace alpha features before they become generally available. Specifically, admins will be able to turn on alpha features for all Gemini provisioned Workspace users or for a subset of Gemini users in a particular Organizational Unit (OU) or Group.

To configure Gemini access features, go to Account settings > Gemini for Google Workspace


Who’s impacted
Admins and end users


Why it matters
As our Gemini for Workspace offerings continue to evolve, you may consider allowing your users to test Gemini features in alpha. This will give your users a head start on leveraging our latest AI features and provide Google with helpful feedback to improve Gemini features before they’re generally available. Alpha features get the same robust data protection standards that come with all Google Workspace services.

Getting started
        Please consider the following before configuring alpha access for your users:
    • Your users will receive all Gemini for Workspace alpha features — it is not possible to enable a subset of features or opt-out of specific features. 
    • Features will appear in alpha as soon as they are available — there is no advanced notice of these features appearing for Gemini  for Workspace alpha provisioned users.
    • As these features are not yet generally available, we will not offer full support for these features. Alpha features get the same robust data protection standards that come with all Google Workspace services.
    • You can also help us improve Gemini for Workspace by allowing users at your organization to provide feedback via research studies and surveys
Additionally, we strongly recommend that you and your users sign up for the Google Workspace alpha community page. Subscribing to this page will help users stay on top of the latest Gemini for Workspace alpha features. You can also ask questions about the features on this page.

Rollout pace

Availability
Labels: , ,

1 New update

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


Simplified troubleshooting of user issues in the Admin console
When viewing a user’s detail page in the Admin console, you’ll notice new “Investigate”, “Security”, and “Groups” tabs. Within these tabs, you can find all user-related information from security alerts to audit logs, group memberships, and security policies applied to the user. You can click out to the relevant sections of the Admin console where you can find more information on the event and take action if needed. Centralizing this information should reduce the time and effort required by admins to assess and take action on user issues. | This is available now to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Essentials Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade and Frontline customers. | Learn more about investigating user problems with log events.
Simplified troubleshooting of user issues in the Admin console



Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Assign the audit and investigation privilege on a per-application basis 
When delegating admin privileges for the Audit and Investigation Tool, you can now restrict access levels to audit data on a per application basis (eg: Admin, Drive logs etc.). This change ensures that access isn’t too broadly provisioned and delegated admins only have access to the apps relevant to their scope. | Learn more about assigning privileges.



Completed rollouts

The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.


Rapid Release Domains: 
Scheduled Release Domains: 
Rapid and Scheduled Release Domains: 

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).  

Labels: , ,

What’s changing

When delegating admin privileges for the Audit and Investigation Tool, you can now restrict access levels to audit data on a per application basis (eg: Admin, Drive logs etc.). This change ensures that access isn’t too broadly provisioned and delegated admins only have access to the apps relevant to their scope.

Assigning access levels for audit data on a per application basis


Getting started

Rollout pace


Labels: , ,

What’s changing 
Google Workspace Admins can now configure a number of App Access Control (AAC) policies at the Organizational Unit (OU) level. Previously, this was only possible at the domain level. Specifically, this applies to: 

Who’s impacted
Admins


Why it’s importantWe know that users rely on a variety of tools to do their best work, including third-party apps. However, not every third-party app aligns exactly with every organization’s security policies. App access controls give customers and partners the ability to control access to third-party apps and how those apps access Google Workspace data. This update gives admins added flexibility, allowing them to set App Access Controls as they see fit at the OU level, rather than across their entire domain.


Additional detailsFor Google Workspace education editions, the “User requests to access unconfigured apps setting” can now be configured at the OU level. Visit the Help Center to learn more about managing access to unconfigured third-party apps for users designated under the age of 18.

Getting started

Rollout pace

Availability
  • Available to all Google Workspace customers

Resources

Labels: , , ,

What’s changing
In November 2023, we announced a series of improvements for managing Google Meet hardware devices, which included surfacing additional information about device issues, such as a description of the issue, when the issue was detected, and more. Today, we’re adding an additional data point: admins can now see when the Google Meet app fails to load for a device.


“Application load failures” will now be displayed in the “Device status” column.


When you click on the alert, you’ll see more detailed information on the error.






Getting started
  • Admins: 
    • To filter for devices that are in the “Application load failure” state specifically, navigate to Admin Console > Google Meet hardware > Devices > Filter by ‘Device Status’ and select ‘Application load failure’.
    • Visit the Help Center to learn more about understanding device usage in your organization.
  • End users: There is no end user impact or action required.

Rollout pace


Availability
  • Available to all Google Workspace customers with Google Meet hardware devices

Resources

Labels: , , ,

What’s changing 
In late 2023, we introduced user enrollment in beta, an additional option for iOS mobile management. User enrollment separates work and personal data on iOS devices, giving admins control over Workspace data on the device while users retain privacy over their personal data. Beginning today, user enrollment is now generally available. For more information, use our Help Center or reference our original announcement.


Getting started


Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Enterprise Essentials, Enterprise Essentials Plus, Frontline Standard, Frontline Starter, Business Plus, Cloud Identity Premium, Education Standard, Education Plus and Nonprofits customers.


Labels: , , , , , ,