This official feed from the Google Workspace team provides essential information about new features and improvements for Google Workspace customers.
rss_feed

Previously available in beta, Device Bound Session Credentials (DBSC) in the Chrome browser on Windows is now generally available and enabled by default for Google Workspace users.

DBSC strengthens account security after users are logged in and helps bind a session cookie — small files used by websites to remember user information — to the device a user authenticated from. Even if malware was present on the user’s device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies.

With this change to general availability, Workspace admins no longer need to take action to enable DBSC in the Admin console. Organizations can also bolster protections with more granular account attributes when using DBSC together with context-aware access (CAA). To monitor DBSC binding events, admins can view the audit logs available in the security investigation tool.

An example of the audit log and log details for a DBSC event in the admin console

Getting started

  • Admins: This feature is ON by default for all Google Workspace customers, and there is no administrator control to disable it.
  • End users: There is no end user setting for this feature.

Rollout pace

Availability

  • Available to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts

Resources

Read More

Today, we’re announcing improvements to our Out-of-Domain file-level warnings. First launched in April 2025, these badges alert users to documents and users outside of their Workspace organization, helping to prevent accidental data exfiltration and potential phishing attacks that spoof internal content. We’ve expanded support across devices and sharing types in the following ways:

  • Files in the Android and iOS apps for Drive, Docs, Sheets, and Slides now include external indicators
  • Chat Spaces and Google Groups can be configured to allow external users; if they’re given access to a document, that document now shows the external badge
  • If a service account has access to a document, and that service account is owned by an external Google Cloud organization, it now triggers the external badge in documents
  • Comment email notifications now include badges for external documents and users
  • File sharing email notifications now include badges for external documents and users

How Out-of-Domain warnings work

This feature helps users identify potentially risky files and avoid phishing scams when working with files shared from outside your organization.

Notification in comments

Notification in file sharing email

An image showing a Google Doc with the word "External" displayed in a small yellow badge next to the document title. The badge has been clicked, and a pop-up window appears with more information stating that “This document is owned by someone outside your organization. Be cautious about sharing sensitive information.
Image of "External" badge displayed in Google Docs

Getting started

Screenshot of the Google Workspace Admin console, navigated to Sharing settings. At the bottom of the page, a new section labeled "Highlight external files" is highlighted. The checkbox is checked, and the description reads: "Mark external files shared or owned externally as “external” to flag that content may be viewable outside your organization.
Image of the Google Workspace Admin console, Sharing settings, showing the "Highlight external files" option enabled

Rollout pace

Availability

  • Available to all Google Workspace customers

Resources

Read More

Administrators can now apply a global context-aware access (CAA) policy to all SAML applications within their organization. This update introduces a default assignment that serves as a universal security baseline, automatically protecting any SAML-based app that does not have a specific policy already assigned. By establishing this "secure-by-default" posture, IT teams can help protect internal data and third-party SaaS tools as new applications are integrated into their ecosystem.

This global control significantly reduces the administrative burden of managing security for applications at scale. Instead of manually configuring rules for every individual SAML app, administrators can set a single policy to cover their entire environment. Specific application-level policies will still take precedence, allowing for granular control where needed while the global policy acts as a reliable safety net.

These default policies support both Monitor and Active modes, providing flexibility in how security requirements are phased in. Detailed audit logs will capture these enforcement events, and remediation messages help end users understand how to resolve access issues independently.

Admins can configure CAA policies for all SAML apps in the Admin console under Security > Context-aware Access > General settings

Admins can configure CAA policies for all SAML apps in the Admin console under Security > Context-aware Access > General settings.

Getting started

Rollout pace

Availability

  • Enterprise: Enterprise Standard and Plus
  • Education: Education Standard and Plus
  • Other Editions: Frontline Standard and Plus; Enterprise Essentials Plus; Cloud Identity Premium

Resources

Read More

We’re excited to announce the beta release of a new, simplified way for very small and small-sized businesses to import their users from Microsoft to Google Workspace when setting up their Workspace account for the first time.

This new feature allows these businesses and educational institutions to automatically copy their existing Microsoft users into Google Workspace. Once you connect to Microsoft, the system automatically identifies users in your Microsoft account and prepares to add them in your new Google Workspace account. This feature significantly reduces the time and effort of switching from Microsoft and helps you get your organization up and running in no time.

You can complete the import in a single click after connecting to your Microsoft business account.




Additional details

Getting started

  • Admins: This feature will be available in the setup process for Google Workspace. Once you’ve verified your domain and activated your email records, you will find an option to import your users from Microsoft to Google Workspace before completing the setup. Visit the Help Center to learn more about importing business data during setup.
  • End users: This feature is for admins only.

Rollout pace

Availability

  • Business: Business Starter, Standard, and Plus
  • Enterprise: Enterprise Starter, Standard, and Plus 
  • Education: Education Fundamentals, Standard, and Plus
  • Other Editions: Frontline Starter, Standard, and Plus; Essentials Starter, Enterprise Essentials, and Enterprise Essentials Plus; Individual; Nonprofits; Cloud Identity Free and Premium
  • Education Add-ons: Google AI Pro for Education; Teaching and Learning; Endpoint Education

Resources

Read More

Securely managing access for generative AI and agent actions to Workspace data is easier ever than before with the new AI control center in the Admin console. This new capability gives enterprise organizations greater visibility and control, especially for teams with stringent data security and compliance requirements.

With the AI control center, admins will feel empowered to confidently deploy and adopt AI in their organizations through

  • A single pane of glass that provides a centralized view of security and governance settings for generative AI and agent actions
  • More granular security, governance, and auditing capabilities for Gemini and agentic solutions accessing Workspace data
  • Additional integrations with other 1P and 3P AI apps to manage AI access and controls to Workspace data
Additional details
The AI control center has four core modules, each addressing key areas of interest for administrators.

  1. Monitor and control AI access: Provides immediate visibility into who is using AI in your organization. It features direct links to Gemini usage reports and core management settings for the Gemini app, Gemini for Workspace and other AI features. To start, the AI control center will show usage for Gmail, Drive, Docs, Sheets, Slides, Meet, Calendar, Chat, and the Gemini App.
  2. Manage security for AI products: Enables granular authority over specific services, such as Gemini in Meet, allowing admins to ensure every AI surface adheres to domain-specific data and security policies.
  3. Manage fundamental security: Anchors AI usage in a secure environment by surfacing foundational protections like classification labels, trust rules, and data protection rules to prevent oversharing and data leaks also when using AI.
  4. Review privacy, abuse, and compliance standards: Directs admins to Google’s guaranteed safeguards, including our "Secure by Design" architecture and the commitment that your domain's data is never used to train our models.
Throughout the AI control center, certain settings will be marked “Coming soon,” allowing admins to plan longer-term rollouts with future capabilities in mind.

Getting started

  • Admins: The AI control center is available by default in the Google Admin console under Generative AI > AI control center. No manual opt-in is required to access the dashboard. Visit the Help Center to learn more about AI control center.
  • End users: No end user action is required. This feature provides administrative visibility and control within the Admin console.

Rollout pace

Availability

  • Enterprise: Enterprise Standard and Plus

Resources

Read More

Today we’re announcing the release of several enhancements to deepen the security investigation capabilities of the Workspace audit log, including expanded fields across many data sources.

These new enhancements include:

  1. Introduction of owner details for resource attribute
  2. Expansion of resource and actor attributes to additional data sources
  3. Introduction of new device info attribute for multiple data sources

New owner details for enhanced resource visibility in Security Investigation Tool and Audit logs

We’re adding a new “Owner details” field to the “Resources” attribute, making it easier to identify who owns a resource during security investigations. This field uses two primary components:

  • Owner Type: Specifies the category of the owner, which can be an individual person (User), the entire organization (Customer), or a Group.
  • Owner Identity: Contains specific details, such as IDs or email addresses, of that owner.


It will be available for all data sources wherever the resource field is present: Directory sync, Gmail, Meet, Groups, Keep, Looker Studio, Drive, Meet hardware, Chat, Admin, Data migration, Chrome, Voice, Calendar, Vault, Assignments and Groups enterprise log events.

Expanded coverage for resources and actor application info in Security Investigation tool / Audit and Investigation tool

To ensure you have a complete view across various Workspace services, we are expanding two critical attributes to additional log events:

  • Resources: Expanding to Chrome, Voice, Vault, and Assignment log events
  • Actor application info: Expanding to Chrome, Voice, Group, Meet, Assignments, and Admin data action log events

Comprehensive device information in Security Investigation tool / Audit and Investigation tool, Admin SDK (Reports API), SecOps, and BigQuery

Administrators can now gain crucial context about the devices used to perform actions. We are introducing the User device info attribute, which provides details such as User device ID, User device OS version, or User device type (e.g., DESKTOP_MAC, DESKTOP_WINDOWS).

This information is available for many log sources, including: Contact, Gemini workspace, Keep, Meet hardware, Chat, Chrome, Directory sync, Drive, Group, Meet, Rule, Looker studio and SAML log events. 

List of event fields and their descriptions
Detail for Admin SDK (Reports API)

Getting started

Rollout pace

Availability

Resources

Read More

For enterprises, data migrations and change management for a new productivity and collaboration platform can feel daunting and create business disruption across the organization. Not anymore. Today, we are excited to announce the general availability of our new Google Workspace data migration tool for enterprises: Data import.

With data import, enterprise organizations will be able to achieve easier, faster, and higher-fidelity data migrations than before for emails, calendars, and contacts – all at no additional tool cost. Moreover, the substantial time and cost-savings to IT teams will free up their bandwidth and budget to prioritize other business critical tasks.

Data import provides:

  • Ease of use: A turnkey, scalable cloud-native solution that can be accessed and deployed directly from the admin console.
  • Quicker speeds and accuracy: Finish importing data sooner with faster migration speeds from parallelization and improved algorithms.
  • No additional tool cost to use: No additional infrastructure costs for Google Cloud Platform (GCP) during migration or licensing costs for third-party data migration tools.


Additionally, customers will have access to a new migration planning utility that will help improve their change management and data migration forecasting. The migration planning utility is available to provide migration timeline estimates and organize user data into speed-optimized batches. This offers customers zero-friction discovery and data-driven planning when undertaking large scale enterprise migrations from Microsoft 365 to Google Workspace.

Additional details

Data import and the migration planning utility are now available to accelerate enterprise-scale data migrations for Microsoft Exchange Online, with additional support for OneDrive, SharePoint Online, and Teams coming soon.


Getting started

Rollout pace

Availability

  • Business: Business Starter, Standard, and Plus
  • Enterprise: Enterprise Standard and Plus
  • Education: Education Fundamentals, Standard, and Plus
  • Other Editions: Essentials Starter, Enterprise Essentials, and Enterprise Essentials Plus; Nonprofit

Resources

Read More

Today, we announced Workspace Intelligence, an underlying AI system that provides Gemini with a real-time understanding of your work across Google Workspace. With Workspace Intelligence, all of your generative AI tasks within Workspace will be grounded in your Workspace data across Gmail, Chat, Calendar, and Drive (including Docs, Sheets, and Slides), eliminating the need for users to manually provide context to Gemini on every query.

As an administrator, you can control which data sources Workspace Intelligence can use for your organization via new settings in the Admin console.


Impact of disabling data sources

If you turn off Workspace Intelligence for a data source, generative AI features will not actively search for content from the disabled source. However, if a user adds a specific source to their prompt, that source will be used in Gemini's response. For example, if you turn off Drive as a source, users can still ask Gemini about specific files. Gemini will consult these specific files, but it won't actively search for other files. We recommend keeping access to all data sources ON to ensure optimal performance of AI features across Workspace.

Strong privacy protections

These changes align to our existing data handling practices and privacy commitments. AI features respect user-level content access, ensuring that responses are grounded only in content that a user already has permission to view. Your data is never used to train generative AI models or for advertising purposes.

Getting started

Rollout pace

Availability

  • Business: Business Starter, Standard, and Plus
  • Enterprise: Enterprise Starter, Standard, and Plus
  • Education: Education Plus
  • Other Editions: Frontline Plus, Enterprise Essentials, and Enterprise Essentials Plus; Nonprofits
  • AI Add-ons: AI Expanded Access; AI Ultra Access; Google AI Pro for Education
  • Other Add-Ons: Teaching and Learning

Resources

Read More

Managing generative AI tools that can access your Google Workspace data will be easier than before with dedicated controls to manage Gemini Enterprise access in the Workspace Admin console. These settings will live in a new subsection in the left side menu bar under “Generative AI.” As part of this change, the existing "Gemini Business and Enterprise settings" card within the Google Cloud Platform app will be redirected to the new Gemini Enterprise section. Existing configurations will be inherited by the new standalone settings.

This update brings several improvements for administrators:

  • Centralized management: You can now find Gemini Enterprise settings—including service on/off toggles and data sharing configurations—directly within the Generative AI section of the Workspace Admin console.
  • Granular control: While we’ve unified the service on/off switch for all Gemini Enterprise editions, we’ve maintained independent controls over access to Workspace data based on your license. This will allow us to support edition-specific specialized features, like sharing rules, in the future.
This change provides admins with more options to set policy preferences and protect sensitive data within a familiar Workspace environment.

Getting started

  • Admins: You can find the new Gemini Enterprise page and associated controls in the Generative AI section of the Workspace Admin console. Visit the Help Center to learn more about controlling Gemini Enterprise access to Workspace data.
  • End users: There is no end-user setting for this feature. Users with an active license will be able to access the Gemini Enterprise site if the service is turned ON by their administrator.

Rollout pace

Availability

  • Available to all Google Workspace customers with Gemini Enterprise licenses

Resources

Read More

Organizations that use both Google Workspace and other calendaring systems, like Microsoft Outlook, can now more easily coordinate shared resources, such as rooms, projectors, or company cars. We are introducing an open beta that allows non-Google users to book Google Workspace resources directly from their preferred calendar service.

Google Workspace admins can grant specific non-Google users or entire non-Google domains permission to book Workspace resources. Once these permissions are configured in the Admin Console, non-Google users can reserve a resource by simply adding its email address to the calendar event guest list. If the resource is configured to auto-reply, it automatically accepts or declines the invitation based on its availability and sends an email notification to the organizer.

Additionally, for organizations using both Google Workspace and Microsoft Outlook, admins can configure Calendar Interop. This allows Outlook users to find and book Workspace resources by their name and view their availability before sending an invite.


Getting started

  • Admins: This feature is OFF by default and can be configured at the resource level in the Admin console. Admins can specify which non-Google users or entire domains are permitted to book specific rooms. Visit the Help Center to learn more.
  • End users: Once an admin has granted permission, non-Google users can book a room by adding the resource email as an attendee to their calendar event.

Rollout pace

Availability

  • Business: Business Starter, Standard, and Plus
  • Enterprise: Enterprise Starter, Standard, and Plus
  • Education: Education Fundamentals, Standard, and Plus
  • Other Editions: Frontline Starter, Standard, and Plus; Nonprofits

Resources

Read More

Beginning today, admins have access to an independent review of Google Workspace’s data regions, not only for their compliance needs but also for their peace of mind.


This external evaluation from Coalfire, a third-party assessment organization, gives Assured Controls customers the confidence that their data is stored and processed within a Google data center in the assigned region. Google Workspace admins can log on to their data regions reports and download an independent perspective on Google’s implementation of Workspace data residency controls to meet storage and processing requirements.

Getting started

Rollout pace

Availability

Resources

Read More

We are updating the administrative privileges setting for Windows device management to give administrators more control over how local administrative access is handled on Windows 10 and Windows 11 devices, managed by Google Endpoint Management.

This update simplifies settings and provides greater flexibility for organizations that need to preserve local admin access while managing specific users via Google Workspace. Previously, managing local administrative access used a "Replace" behavior, which removed any existing members from the local administrators group before adding the newly requested ones.

Getting started

Rollout pace

Availability

  • Business Plus
  • Enterprise Standard and Plus
  • Enterprise Essentials and Enterprise Essentials Plus
  • Frontline Starter, Standard, and Plus
  • Cloud Identity Premium
  • Education Standard and Plus
  • Endpoint Education add-on

Resources


Read More

Today, we’re releasing new adoption and usage metrics to our Gemini reports in the Admin console. These new reports offer administrators comprehensive visibility into AI feature usage and thresholds to help them better manage their Workspace subscription and Gemini adoption. This includes usage data by features, apps, and active users.

With these new metrics, administrators can better understand how users are engaging with Gemini features across Workspace apps. Admins can use this information to make decisions on AI enablement, adoption, and productivity for their organizations. This data also offers insight into when they may need to adjust their Workspace subscriptions and plan for potential upgrades when users have reached their maximum AI usage thresholds.

Gemini usage report in the Admin console that shows per-feature data on active users and users at the limit


User-level Gemini usage report in the Admin console that shows data across apps and overall activity

Getting started

Rollout pace

Availability

  • Available to all Google Workspace customers and Workspace Individual subscribers

Resources

Read More

Google Meet Speech Translation allows translation in near-real time, bridging language barriers across users and organizations. The feature is currently available in alpha but will launch to general availability on January 27, 2026.

Starting today, admins will see a setting to control this feature in the Admin console under Meet service settings > Gemini settings. It will be ON by default and can be disabled at the OU level.

A few important things to note:

  • The feature is only available if the Gemini for Meet admin setting has been enabled.
  • If a user turns on translation, everyone in that meeting will see that translation is being used.
  • Users cannot force other users to be translated or to hear translations.
  • See our blog post to learn more about the translation technology behind the feature.

Speech translation admin setting with box checked to let users enable Speech translation

Speech translation admin setting

A demonstration of users enablinging speech translation

Enabling Speech translation in Meet

Note that these admin settings do not affect users participating in the current alpha program.

Rollout pace

Admin setting
End user feature

Availability

  • Business Standard and Plus
  • Enterprise Standard and Plus
  • Frontline Plus
  • Google AI Pro and Ultra
  • Google AI Ultra for Business add-on
  • Google AI Pro for Education add-on

Resources

Read More

To support more granular incident investigations, we’re expanding the Workspace audit logging datasets available on the Admin SDK (Reports API) to include these additional datasets:

  • Admin data action logs
  • Contacts logs
  • Assignments logs
  • Directory Sync logs
  • Profile logs
  • Graduation logs
  • LDAP logs
  • Meet hardware logs
  • Takeout logs
  • Tasks logs
  • Cloud search logs
  • Access evaluation logs
  • Data migration logs
Additionally, the Reports API now supports in-depth filtering on resource details. You can now filter by labels and resources from your audit logs, allowing for fetching more granular logs. To learn more about this in detail, you can check out the activities list API documentation.

Granular audit logs are critical to helping organizations investigate cybersecurity incidents and understand their data usage. The changes announced today expand the depth of analysis that can be performed.

Rollout pace

Getting started

Availability

 

Read More

 What’s changing

Single-sign on with custom OpenID Connect profiles is now generally available. With this capability, admins have the option to set up a custom OpenID Connect (OIDC) profile for single sign-on (SSO) with Google as their service provider. 

OIDC is a modern authentication layer built on top of the OAuth 2.0 protocol and verifies a user's identity without exposing their password to the applications they are accessing. OIDC enables secure, seamless authentication across various platforms, including web, mobile, and cloud environments. With this update, admins have more secure options to configure SSO for their organizations. Previously, only OIDC with pre-configured Microsoft Entra ID profile was supported in addition to SAML.


Single-sign on

Getting started

Rollout pace

  • This feature is available now.

Availability

  • Available for all Google Workspace customers except Essentials Starter customers and Workspace Individual subscribers
  • Also available for Cloud Identity and Cloud Identity Premium customers

Resources

Read More

What’s changing 

Access Transparency, Access Management, and Access Approvals now cover Gemini App data. These features provide admins full transparency into when Gemini App data is viewed for support purposes, control over which Google support staff can view this data, and control over when this data can be viewed by Google for support purposes. 

The addition of Gemini App data to Access Transparency, Access Management, and Access Approvals expands on Google’s data commitments on customer data ownership, security, and privacy. 

  • Access Transparency provides real time logs whenever customer data is accessed by Google staff. 
  • Access Management allows admins to limit which Google staff can access their data such as US or EU Google staff. 
  • Access Approvals allow admins to require Google to request for explicit approval prior to accessing their data related to a support action. 

These controls have been extended to cover Gemini App data in addition to Gmail, Calendar, Drive, Docs, Sheets, Slides, Drawings, Sites, Chat, meet, and Gemini in Workspace data. 



Getting started 


Rollout pace 

  • This feature is available now. 

Availability 

  • Access Transparency is available for users with Enterprise Plus licenses 
  • Access Approvals is available for users with Assured Controls or Assured Controls Plus licenses 
  • Access Management is available for users with Assured Controls Plus licenses 

Resources 



Read More

What's changing 

In order to improve the experience of admins managing Google Meet’s Enterprise Content Delivery Network (Meet eCDN) rules, we’re updating how the “Custom Rules” peering policy works in some cases, and how assigned networks are surfaced in the MQT eCDN network table. Understanding these changes will allow customers to make full use of those improvements. 


Overlapping IP ranges 

Please note you will only see this change if you have defined overlapping IP ranges. For example, if you have defined a large range that’s allowed but including some smaller ranges that should be blocked within it. If you have non-overlapping ranges only, you won’t be affected by this change. 

Viewers with the “custom rules” peering policy will be matched against a list of IP ranges and their respective peering configuration (allowed or blocked). This is done by checking all listed ranges in order from top to bottom. Previously, any blocking match would supersede an allowing match, even if the allowing match came first. We’re removing the priority for blocking changes to simplify how matches are determined. 

Example for a viewer with private IP address 10.0.0.30: 

Scenario 1:

Viewer 1 private IP: 10.0.0.30
Viewer 2 private IP: 11.0.0.30

Custom rules list:
  • 10.0.0.0 - 10.0.0.255: allowed
  • 11.0.0.0 - 11.0.0.255: blocked
Fallback policy: blocked

Before:
  • Viewer 1 allowed since one allowed match
  • Viewer 2 blocked since one blocked match

After:
  • Same results, no changes in this scenario, since there are no overlapping IP ranges.

Scenario 2:

Viewer 1 private IP: 10.0.0.30
Viewer 2 private IP: 11.0.0.30

Custom rules list:
  • 10.0.0.0 - 10.0.0.255: allowed
  • 10.0.0.0 - 15.0.0.0: blocked
Fallback policy: blocked

Before:
  • Viewer 1 blocked, since one allowed and one blocked match, and blocked matches have higher priority.
  • Viewer 2 blocked, since one blocked match.

After:
  • Viewer 1 allowed, since the first match encountered (top to bottom) was to allow the IP.
  • Viewer 2 blocked, since the only matching rule was blocking the IP.

Scenario 3:

  • Viewer 1 private IP: 10.0.0.30
  • Viewer 2 private IP: 11.0.0.30

Custom rules list:
  • 10.0.0.0 - 15.0.0.0: blocked
  • 10.0.0.0 - 10.0.0.255: allowed
Fallback policy: blocked

Before:
  • Viewer 1 blocked, since one allowed and one blocked match, and blocked matches have higher priority.
  • Viewer 2 blocked, since one blocked match.

After:
  • Viewer 1 blocked, since the first match encountered (top to bottom) was to block the IP.
  • Viewer 2 blocked, since the only matching rule was blocking the IP.
Please note that smaller IP ranges should be listed before large ranges containing them (top-to-bottom).





Multiple private IP addresses are now supported 
Please note that the following change will only materialize if your viewers’ devices have multiple private IP addresses configured on their network interfaces (typically one IPv4 and one IPv6 address). 

Previously, eCDN clients would detect their private IP address and always prioritize IPv4 over IPv6. Also, only a single IP address could be detected and sent for matching against custom rules. We’re changing this so that all private IPs configured on the device’s interfaces will be used for matching. To ensure top-to-bottom evaluation, the first rule matching any detected private IP addresses will be used. 


Renaming Random peering policy 
The policy previously called Random peering policy is now called Testing peering policy. This policy is primarily intended for test purposes and is not designed to provide full performance in production. 


Meet Quality Tool improvements 
Viewers with the Testing peering policy will now be represented in the Meet Quality Tool eCDN table. Previously this table would only show viewers per configured network if the Custom Rules peering policy was used. 

Rollout pace: 

  • Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 6, 2025. 
  • Scheduled release domains: Gradual rollout (up to 15 days for feature visibility) starting on October 28, 2025. 

Resources: 



Read More

What’s changing 

To support more granular incident investigations and to expand access to this critical security data, we’ve made a few changes to the Gmail Audit Logs. 

1. Addition of the Gmail log events to the audit and investigation tool 
Gmail log events, previously only available to customers with access to the Security investigation tool (Security > Security center > Investigation tool), will now also be available to customers with access to the audit and investigation tool (Reporting > Audit and investigation) when Gmail is enabled as an application. This is change is now available. 

2. Addition of the Gmail log events to the AdminSDK Reports API 
Gmail log events are now available in the Google Workspace Admin SDK Reports API, providing programmatic access to this data. 

3. Gemini Data Access Logging for Gmail log events 
Addressing customer feedback for more granularity in reporting on how Gemini accesses data, a “message content accessed” log event will now be triggered when the Gemini app or Gemini for Workspace apps access Gmail messages on behalf of a user. Those events will have a client type of “API” and an actor application name of “Gemini or Gemini for Workspace”. These events will become available to customers gradually over the next few weeks. 

Who’s impacted 

Admins 

Why it matters 

Granular audit logs are critical to helping organizations investigate cybersecurity incidents and understand their data usage. The changes announced today expand access to this critical data and expand the depth of analysis that can be performed. 

Rollout pace 

  • Gradual rollout - please see launch timing notes for each change listed above. 

Getting started 


Availability 

  • Available for Google Workspace with audit log eligible licenses. To learn more about the audit log availability for your license types, please review this Help Center article.




Read More

What’s changing 

To simplify the admin experience for creating rules and monitoring alerts, we are combining reporting rules with activity rules: 

Google Workspace Enterprise Plus, Enterprise Essentials Plus, Education Plus, Cloud Identity Premium, Chrome Enterprise Premium and Enterprise Standard customers will retain all the functionality of the activity rules experience and can now also create rules without thresholds. Thresholds are applied cumulatively across user actions, not on a per-activity basis. 


New threshold mode, which triggers rule every time the event occurs 

For Google Workspace Business Starter, Business Standard, Business Plus, Education Fundamentals, Education Standard, and Enterprise Essentials customers, all existing reporting rules will automatically be converted to activity rules. Admins gain the ability to configure notification frequencies and access more descriptive alerts. However, applying thresholds and actions to rules are not available for these Workspace editions. 


Admins will now be able to set notification frequency to limit the number of alerts or emails they receive 

Who’s impacted 

Admins 

Why it matters 

Reporting rules inform admins what happened, while activity rules help admins control what happens. By combining reporting rules with activity rules, admins receive the benefits of a more streamlined workflow with additional ways to work with rules and gain insights from more detailed reporting. 

Additional details 

Additionally, “Reporting rules” will be shown as “Activity rules” in various locations within the Admin console, including the “Add rules” user interface at Security > Investigation tool > Create activity rule

Getting started 

Admins: 
  • Visit the Help Center to learn more about creating and managing activity rules
  • With this change, admins with the “Reports” privilege have automatically been assigned the “Activity Rules View” and “Activity Rules Manage privileges”. Super admins have these privileges assigned by default. These privileges can also be assigned to a custom admin role. 
End users: 
  • There is no end user action required. 

Rollout pace 


Availability 

Available for Google Workspace: 

  • Business Starter, Standard and Plus 
  • Enterprise Standard and Plus 
  • Enterprise Essentials, Enterprise Essentials Plus 
  • Education Fundamentals, Standard and Plus 
  • Cloud Identity Premium 

Resources 



Read More

Useful Links

Join the official community for Google Workspace administrators

In the Google Cloud Community, discuss the latest features with Googlers and other Google Workspace admins like you. Learn tips and tricks that will make your work and life easier. Be the first to know what's happening with Google Workspace.

Learn about more Google Workspace launches

On the “What’s new in Google Workspace?” Help Center page, learn about new products and features launching in Google Workspace, including smaller changes that haven’t been announced on the Google Workspace Updates blog.

Learn about our customers

Discover how a diverse range of organizations, from small businesses and nimble startups to globally recognized Fortune 500 corporations, leverage the collaborative power of Google Workspace. Explore examples of how teams of are streamlining workflows and driving productivity by utilizing Google-Workspace.