[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

What’s changing 
In November 2024, we launched an open beta for data classification labels in Gmail. Beginning today, data classification labels will be available when using the Gmail app on mobile Android and iOS devices. Expanding data classification labels to mobile enables organizations to protect their data whether their users are sharing and accessing information from desktop devices or from mobile devices in the field or on-the-go.

Classification labels on mobile when composing a message, reading a message, and a message thread.



Additionally, these protections provide an automated way to enhance data security. For more information on data classification labels in Gmail, please refer to our original announcement.

Getting started
  • Admins: 
  • End users: If configured by your admin, you’ll see the “Classification” option when composing a new messaging or replying to or forwarding an existing message on mobile. When you open the menu, you can select labels relevant to your message. Visit the Help Center to learn more about adding classification labels in Gmail.

Rollout pace


Availability
The Label Manager and manual classification is available to Google Workspace:
  • Frontline Starter and Standard
  • Business Standard and Plus
  • Enterprise Standard and Plus
  • Education Standard and Education Plus
  • Essentials, Enterprise Essentials, and Enterprise Essentials Plus

Data loss prevention rules with labels as a condition or labels as an action are available to:
  • Enterprise Standard and Plus
  • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
  • Frontline Standard
  • Cloud Identity Premium (in combination with a Workspace Edition eligible for Gmail)

Resources

Update
[January 9, 2025] We have paused rollout for this beta and will provide an update once rollout resumes.


What’s changing

Beginning today, admins now have the option to set up a custom OpenID Connect (OIDC) profile for single sign-on (SSO) with Google as their Service Provider. OIDC is a popular method for verifying and authenticating the identities - this update gives admins more options for their end users to access cloud applications using a single set of credentials. Previously, only OIDC with pre-configured Microsoft Entra ID profile was supported in addition to SAML.

Custom OIDC profiles can be configured in the Admin console at >Security > Authentication > SSO with third party IdP



Getting started

Rollout pace

Availability
  • Available for all Google Workspace customers except Google Workspace Essentials Starter customers and Workspace Individual Subscribers
  • Also available for Cloud Identity and Cloud Identity Premium customers

Resources

What’s changing

Beginning today, we’re expanding our data migration experience to include the ability for Google Workspace admins to migrate conversations  from channels in Microsoft Teams to spaces in Google Chat, making it easier for organizations to onboard and deploy Chat. 

This can be done within the Admin console in a few steps:

  • First, connect to your Microsoft account.
  • Then, upload a CSV of the teams from where you want to migrate the messages. You can specify the source to destination identity mapping by uploading a CSV of the email ID’s from source to target.
  • Next, you’ll enter the starting date for messages to be migrated from Teams. Then you can begin your data migration. 
  • Finally, you’ll complete the migration by making migrated spaces, messages and related conversation data available to Google Workspace users (see our Help Center article for specific details on supported data types).

Starting a chat migration in the admin console

When a migration starts, the UI displays a visual report that breaks down tasks with individual progress bars for tasks that are successfully completed, skipped, failed or have warnings.


The final step to complete the migration is to roll out spaces, making migrated spaces and their content available to users.





Additional details
  • The Chat migration tool doesn’t delete or modify existing Google Chat spaces or messages. 
  • You can also run a delta migration, which will migrate any messages added to Teams channels since the primary migration. Messages that are already successfully migrated are skipped.
  • Once a migration is complete, you can export a report that contains detailed information regarding content that skipped, failed or had warnings during the migration.
  • You can find more information in our Help Center about migrating other forms of data from different types of source accounts.


Getting started
Rollout pace
  • This feature is available now.

Availability
  • Available for all Google Workspace customers

Resources

What’s changing

Admins can now label a Google Group as “Locked,” which will heavily restrict changes to group attributes (such as group name & email address) and memberships. This will help admins who sync their groups from an external source and want to prevent getting out of sync, or who want to restrict changes to sensitive groups. This feature will be available in open beta, which means no additional sign-up is required. 

The Group Details page in the Admin console shows a “Locked” label on the group, with the message “You can’t update this group - it might be managed by an external identity system.”


Who’s impacted

Admins

Why it’s important

If you use third-party tools, like Entra ID, to manage group synchronization, you may encounter inconsistencies when modifications are made to these groups, like adding or removing members, for example. To help address this, we’re introducing the option to “lock” a group, which will prevent modifications within Google Workspace and help maintain synchronization with the external source. 

When a group is locked, only certain admins* can modify:

  • The group name, description, email, and alias(es)
  • Group labels
  • Memberships (adding or removing members) and member restrictions
  • Membership roles
  • Delete the group
  • Set up a new membership expiry

When a group is locked, access and content moderation settings are not affected, this includes:

  • Who can post
  • Who can view members
  • Who can contact members
  • Membership removals due to an existing membership expiry
  • Access or content moderation settings

*Super Admins, Group Admins, and Group Editors with a condition that includes “Locked Groups”

Additional details
By default, the changes listed above will be restricted from end users, including group owners and managers of a locked group. If you want to also restrict some admins from making these changes in the Admin Console or APIs, you can assign them the Group Editor role with a condition that excludes locked groups. 

The ability to lock or unlock a group using the “Locked” label is available to Super Admins, Group Admins, or a custom role with the “Manage Locked Label” privilege. Lock a group using the “Locked” group label in the Admin Console, or the Cloud Identity Groups API.


Getting started

Rollout pace

Availability
Available for Google Workspace:
  • Enterprise Standard and Plus
  • Enterprise Essentials Plus
  • Education Standard and Plus
  • Also available to Cloud Identity Premium customers
Resources

What’s changing
After a Vault or Data export (Takeout), admins can now convert their exported client-side encrypted spreadsheets to Excel files. This allows organizations to maintain access to and analysis of sensitive data in a portable format even after it has been exported from Google Workspace. 

Eligible Google Workspace admins can use this form to request access to the beta. We’ll share more specific instructions once you’re accepted into the beta.


Getting started
  • Admins: Client-side encryption can be enabled at the domain, OU, and Group levels (Admin console > Data > Compliance > Client-side encryption). Visit our Help Center to learn more about client-side encryption.

Rollout pace

Availability
  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers

Resources

What’s changing
We're excited to announce beta support for Drive for desktop on Windows 11 devices powered by Snapdragon processors. Compiled natively for ARM64, this release enables users to easily sync and store files online from Windows PCs powered by Snapdragon. 


To opt-in to the beta, download and install the beta version of Google Drive for desktop on Arm-compatible Windows 11 device powered by Snapdragon. If you wish to opt-out at any time, disconnect your account and then uninstall the application. 


Getting started 
  • Admins: There is no admin control for this feature. 
  • End users:
    • The beta version of Google Drive for desktop can only be installed on devices running Windows 11 and requires Microsoft WebView2, which is typically included with Windows 11. If it is missing or was previously removed, our installer will recommend you download and install it. 
    • Note: This is a beta version and may contain bugs. It should be used with non-production data only. Alternatively, ensure that your data is backed up separately. 
    • Should you encounter any issues, please submit feedback through the application. Kindly include logs to facilitate troubleshooting and assist us in improving the application. 
Availability 
  • Available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts 
Resources 

What’s changing

In addition to Google Drive, we’re expanding data classification labels to now include Gmail. Classification labels are used to classify and audit content according to organizational guidelines (“Sensitive”, “Confidential”, etc.) and apply policies, such as data loss prevention (DLP) rules, to protect sensitive information in email messages. Classification labels will be available when using Gmail on the web – support for Gmail on mobile devices will be introduced in the coming months.

Who’s impacted

Admins and end users

Why it’s important

Data breaches are increasingly common and costly across all sectors, including enterprises, public sectors, and government institutions. To minimize data exfiltration and better understand the data being shared, organizations need to differentiate between various types of information and their sensitivity levels to apply data protection policies accordingly. By expanding data classification labels to Gmail, Google Workspace provides admins with a more flexible and robust system integrated with data protection capabilities to help organizations effectively categorize and protect sensitive information. 

Specifically, admins can create:

  • New classification labels or extend existing ones enabled in Drive labels for Gmail from the Label Manager. Labels can be used to  denote department names, document types, document status, and other custom categories. 

The Label Manager tool can be accessed in the Admin console  by going to Security > Access and data control


  • Data protection rules with classification label as a condition, to apply actions to a message based on its classification. For example, a message will be blocked if it’s classified as ‘Internal’ and is being sent to an external recipient.
Notification about delivery failure due to DLP policy, blocking messages labeled as ‘Confidential’ to be sent to recipients outside of the organization




  • Data protection rules to automatically apply classification labels to a message, based on its content. For example, a ‘Confidential’ label can be applied to a message if it contains sensitive financial information, such as credit card or bank account numbers.
Data protection rule with ‘Apply a label’ action. Classification label specified in the rule will be applied to a message, if message contains information matching conditions of the rule

  • DLP rules with Confidential Mode as a condition to prevent sending messages with sensitive information, if it is not encrypted (Confidential Mode is not enabled)
Data protection rule is set up to detect messages with sensitive information (credit card or passport numbers) and confidential mode disabled in order to enforce sending such info with enhanced protection measures





  • End users can view and apply Classification Labels when using Gmail on the web.
Users can apply classification labels to a message, according to the organization’s data governance policies



Additional details
  • When Data loss prevention (DLP) rules for Gmail using classification labels either as a condition or as an action, messages are scanned asynchronously. This means that the message is classified, blocked or quarantined after it leaves the sender's mailbox) and before being dispatched to the recipient. In a future release, we plan to provide synchronous support with instant notifications consistent with our synchronous support of instant DLP enforcement for Gmail.

Note that:
    • If the message is blocked as a result of the classification label applied to it, the sender will get a bounce back message.
    • If the message is automatically labeled by a DLP rule, the sender will not see the label reflected in the sent message. The recipient will see the automatically applied label the same way as any other classification label applied manually by the sender.

  • Only Badged options list and Multiple Options list (Single select) field types are supported in Gmail. If classification labels are enabled for usage in both Gmail and Drive, and it contains fields that are not supported in Gmail, such as date or persona, Gmail users will see the label only with fields of the supported types.
Getting started
  • Admins: 
  • End users: If configured by your admin, you’ll see the “Classification” option when composing a new messaging or replying to an existing message — when you open the menu, you can select labels relevant to your message. Visit the Help Center to learn more about adding classification labels in Gmail.

Rollout pace

Availability
  • The Label Manager and manual classification is available to Google Workspace:
    • Frontline Starter and Standard
    • Business Standard and Plus
    • Enterprise Standard and Plus
    • Education Standard and Education Plus
    • Essentials, Enterprise Essentials, and Enterprise Essentials Plus

  • Data loss prevention rules with labels as a condition or labels as an action are available to:
    • Enterprise Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
    • Frontline Standard
    • Cloud Identity Premium (in combination with a Workspace Edition eligible for Gmail)
Resources





What’s changing

Earlier this year, we launched Google Workspace extensions for Gmail, Google Drive and Google Docs in open beta for the Gemini app. Beginning today, we’re pleased to announce that Google Calendar, Google Keep and Google Tasks are also available as Workspace extensions in the Gemini app.

Who’s impacted

Admins and end users

Why you’d use it

Extensions allow the Gemini app to interact with other Google apps and services, helping to provide more contextual and relevant responses to your prompts and take certain actions across apps. For example, you can use extensions to:

Calendar
  • Create an event in Google Calendar based on specific details or based on your conversation with the Gemini app
  • Find events for a specific day, date range, or based on event details
  • Edit or cancel events in Calendar

Tasks
  • Add reminders and tasks, including those based on your conversation with the Gemini app
  • View a list of your tasks and update your tasks

Keep
  • Create notes and lists, including those based on your conversation with the Gemini app
  • Add an item to your existing list
  • Find content from your notes and lists
  • Reference your notes and lists in your conversation with the Gemini app
Additional details
  • If your prompt includes multiple actions that require separate apps or services, but one or more of the required services are not enabled, neither of the actions will be completed. For example, if you prompt Gemini to create an event on your calendar and a reminder for that event but the Tasks extension is not enabled, the event will not be added to your calendar and you will not get a reminder.
  • As a reminder, during the open beta period, Context-Aware Access (CAA) for Gmail, Drive, Docs, Calendar, Keep and Tasks isn’t supported with Google Workspace extensions. Context-Aware Access gives you control over which apps a user can access based on their context, such as whether their device complies with your IT policy. Learn more about Context-Aware Access.
  • Google Workspace extensions is not available to Google Workspace users accessing Gemini as an additional Google service.
  • Note that Google Workspace personal content the Gemini app gets from extensions is not reviewed by anyone to improve AI models, not used to train AI models, and not shared with other users or institutions.
Getting started
  • Admins: 
    • Google Workspace extensions in Gemini are OFF by default and can be enabled at the OU or Group level.
      • If Google Workspace extensions are already enabled, then the Workspace extensions for Calendar, Keep and Tasks will show up automatically for your users.
    • Visit the Help Center to learn more about turning Google Workspace extensions on or off for your organization. 

  • End users: If enabled by your admin, connecting Google Workspace allows users to summarize, get quick answers, and find information from Calendar, Keep and Tasks in addition to Gmail, Docs, and Drive directly in Gemini. Visit the Help Center to learn more about using Google Workspace extensions.
Rollout pace

Availability
Available for Google Workspace customers with these add-ons:
  • Gemini Business
  • Gemini Enterprise
  • Gemini Education
  • Gemini Education Premium


Resources

What’s changing

Under the umbrella of our data migration services, we’re introducing a new file migration service for Admins to transfer files between OneDrive data to Google Drive for up to 100 users at a time. Available directly under the Admin console, super admins can now migrate all your files and folders, as well as their corresponding access permissions with shared members. Starting a migration entails a few simple steps:

  • First, connect to the Microsoft OneDrive account you want to transfer files from
  • Next, set the migration scope by identifying the email addresses of Microsoft OneDrive users that you wish to migrate.
  • Finally, create an identity map to connect users on the source account to users on the target account.


Admin console > Data > Data import & export > Data migration > Go to data migration > Microsoft OneDrive





The console will provide reporting on the migration progression and metrics such as how many users have been processed, how many files have been migrated or skipped, and more. You’ll also have the option to export a migration report to further investigate errors and access troubleshooting tips directly from the tool. You can also make delta updates to migrate any new files that were added or updated after a previous migration. 

Example of a completed migration

Who’s impacted
Admins

Why you’d use it 
Data migrations play a critical role in ensuring a seamless transition between various tools and Google Workspace for both admins and end users. Workspace now offers a first party solution that allows our customers to migrate their data at scale, and without the need for third-party workarounds or on-premises infrastructure. This will significantly reduce the overall migration process and onboarding time to Google Workspace, saving customers considerable administrative and infrastructural costs. Additionally, it ensures minimal interruption for end users, who will be able to access all of their files and documents within Google Drive.
Getting started
  • Admins: This feature is available in open beta - no additional sign-up is required to use the feature. This migration can only be performed by super admins. Visit the Help Center to learn more about migrating files from a OneDrive account.
  • End users: There is no end user action required.
Rollout pace
Availability
Available to Google Workspace 
  • Business Starter, Standard, Plus
  • Enterprise Standard, Plus
  • Education Fundamentals, Standard, Plus, the Teaching and Learning Upgrade
  • Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus
  • Nonprofits

Resources

What’s changing 
Today, we are announcing enhancements for the Data Loss Prevention for Gmail open beta, which are designed to improve usability without compromising sensitive data protections for Gmail. Once deployed, users will receive instant notifications on risks to applicable DLP policies prior to leaving their inbox, instead of having DLP rules evaluated after the message has already left the inbox. In addition to more timely user feedback, this capability, called synchronous DLP, helps educate users about the potential risk of leaking sensitive information. 


We’re also introducing a new action for DLP rules, “Warn”, which will notify users about potentially sensitive data while providing the option to send the message based on a user’s assessment of a risk. For added safety, the DLP service will scan messages one additional time after they leave the sender's mailbox.


Who’s impacted
Admins and end users


Why it matters 
Data breaches are one of the most common and costly security issues facing organizations. Often these breaches originate from within an organization by unintentional or intentional actions by their users. Data loss prevention capabilities help prevent this exfiltration of data and helps guide users about what information to share. To help safeguard sensitive information, organizations can create and enforce policies that not only detect and block sensitive information from being shared, but educate users on what information sharing is or is not appropriate and how to be compliant with those guidelines. Specifically, data loss prevention rules can look for sensitive text stings, custom detectors, or predefined detectors in outgoing messages sent internally or externally. 


The latest update for data loss prevention rules in Gmail brings the experience in line with Google Drive and Google Chat, which are already adopted broadly by Google Workspace customers. You can refer to our Help Center for more information about data loss prevention in Gmail.


Additional details
Customizable warning messages
DLP rules can be configured to block the message, warn users about sensitive information, or quarantine the message. When sensitive information is detected, users will be shown a dialog box notifying them of the risk. Admins can now choose to customize the information shown to end users in these dialog boxes, including why their message was flagged, what they can do to unblock themselves, and links to additional resources to educate them further.

Example of a custom warning message




Continued asynchronous scanning of messages
While messages will now be scanned synchronously, messages will go through additional scanning asynchronously (after the message leaves the inbox) for an additional layer of protection. This includes messages that are sent automatically, such as auto-forward or scheduled send, and messages sent from non-Gmail clients.


Getting started
  • Admins:
    • Data loss prevention in Gmail is available in open beta for select Google Workspace customers. These rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Note that with the new synchronous scanning, your end users will begin seeing dialog boxes related to these rules before messages leave the inbox. These will be displayed when using Gmail on the web and mobile.

    • Visit the Help Center to learn more about controlling sensitive data shared in Gmail. Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail. 

    • DLP events can be reviewed in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.

    • We recommend selecting “Audit only” when you’re setting up a new rule in order to test and monitor its performance, or to passively monitor the environment without interrupting email flow for your users. There are no changes to the “Audit only” action with this update, they will continue to operate as usual.

  • End users: Depending on the data loss prevention rules configured by your admin, you may see a dialog letting you know that:

    • Your message is blocked: Your message contains information that cannot be shared — you’ll need to remove it in order to send your message.
Dialog in case of a blocked message
    • Your message contains sensitive information: Your message contains information that is sensitive, but can be shared — you can decide whether to send it or edit the message to exclude this information. Note that your admin will be notified about this activity.


      Dialog in case of a warning

    • Your message contains sensitive information that requires review: Your message contains information that will need to be reviewed by an admin. You’ll have the option to submit it for review, and upon review it will be released for delivery or declined. You may receive a notification about the message being declined from delivery.


      Example of a quarantine message
Rollout pace
Availability
Available for Google Workspace:
  • Enterprise Standard, Enterprise Plus
  • Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade
  • Frontline Standard
  • Cloud Identity Premium customers
Resources

What’s changing
If your admin has set up shared drives for their organization, shared drive managers were previously not able to restrict access to folders in shared drives. Today, we’re introducing a beta that allows shared drive managers to restrict folders to specific users within a shared drive. This provides shared drive managers with greater flexibility to keep relevant content within a single shared drive, while restricting access to shared folders with sensitive information. 

A folder with “limited access” can only be opened by people who have been added to it directly. People with general access to the shared drive or shared folder can see the restricted folder in Drive, but will not be able to open it. 

Eligible customers can use this form to express interest in the beta and will receive an email confirmation prior to the feature being enabled in their specified domain. 

Limit access to a specific folder


Who’s impacted 
Admins and end users 


Why it’s important 
Folders with limited access allow users to organize files by project, in a single shared drive or shared folder, while ensuring that sensitive information is only accessible to the right team members. 


Additional details 
Folders with limited access are available in both shared drives and My Drive: 
  • Shared drive managers can always access folders with limited-access 
  • Folder owners can always access limited-access folders in their My Drive 

Getting started 
  • Admins: Eligible customers can express interest in the beta here. We’ll begin accepting domains into the program in the coming weeks. Once accepted into the beta, visit the Help Center to learn more about folders with limited access
  • End users: 
    • As a shared drive manager or My Drive folder owner, go to your shared drive > choose the folder you want to limit access > click the overflow menu > share > select share settings in the top right corner > click limited access to “Folder Name”. Visit the Help Center to learn more about folders with limited access
    • For users whose access has been limited, you will see the folder name, but the folder will be grayed out: 
For users whose access has been limited, you will see the folder name, but the folder will be grayed out:

Availability 
Available for Google Workspace: 
  • Business Standard, Plus 
  • Enterprise Standard, Plus 
  • Essentials Starter, Enterprise Essentials, Enterprise Essentials Plus 
  • Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade 
  • Nonprofits 
Resources 

What’s changing 
When your users sign in to third-party apps using the "Sign in with Google" option (single sign-on) or use OAuth to share their data with those apps, you can control what access those apps have to your organization’s Google data using app access controls


Admins currently can configure the third-party apps as “Trusted”, giving them access to all OAuth scopes or as “Limited”, giving them access to scopes only from Google services which are not restricted. Beginning today, we’re giving admins another layer of granular control for third-party apps. Specifically, you can now configure apps to be limited by selected OAuth 2.0 Scopes for Google APIs, such as Drive or Gmail scopes. This helps ensure that these apps do not gain additional access without admin consent based on new API scopes that they might request in the future, keeping data access limited to only what is deemed absolutely necessary by admins.




Getting started
Rollout pace

Availability
  • Available to all Google Workspace customers, as well as Cloud Identity Free and Premium customers


Resources

What’s changing 
Google Drive inventory reporting is now available in open beta, providing admins with enhanced visibility into the state of their data assets. By exporting this data into BigQuery, admins can gain a holistic view of how their data is classified, who can access it, and how it’s being used. Analyzing this data at scale helps admins address the challenge of understanding the full scope of their data assets, especially as it pertains to sensitive information and compliance with data policies.



Who’s impacted
Admins


Why it’s important
Compared to using APIs, Drive inventory reporting is a more efficient alternative to piecing together a full representation of Drive items from audit events and various other surfaces. The comprehensive view of the file corpus—including classifications, sizes, and locations—allows administrators to identify security risks, such as unauthorized access or oversharing. It also aids in ensuring compliance with regulatory requirements, like those for data retention and destruction. 


Getting started

  • Admins: Eligible Admins can enable this feature in the Admin console by going to Reporting > Data Integrations and enabling Drive Inventory Export. Visit the Help Center to learn more about Drive inventory reporting. Admins interested in providing feedback to the product team during the open beta can fill out this form.
  • End users: There is no end user impact or action required.

Rollout pace
  • This feature is available now for all eligible users.

Availability
Available for Google Workspace:

  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Enterprise Essentials Plus
  • Frontline Standard

Resources

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


All new appointments need to be booked through appointment schedules in Google Calendar 
Earlier this year, we announced that the appointment slots feature will be replaced by appointment schedules in Google Calendar. Starting this week, only appointment schedules can be created. In a couple of weeks, the appointment slots booking pages will no longer be available. At that time, all new appointments will need to be booked through appointment schedules. | Appointment schedules are available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, Nonprofits, Google Workspace Individual customers and Google One Premium users. | Visit the Help Center for detailed information about appointment schedules. 

Available in beta: migrate sensitive files to Google Drive with client-side encryption 
We are making it easier to programmatically import sensitive files to Google Drive with client-side encryption by providing code samples on Github. Eligible admins can apply for beta access to this Drive API feature using this form. | Available to Google Workspace Enterprise Plus; Education Standard and Education Plus.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Google Classroom now supports exporting grades and importing rosters and grade settings with PowerSchool SIS 
Google Classroom teachers can now export and import select information via the new integration with PowerSchool SIS. | Learn more about the integration with Classroom and PowerSchool SIS. 

Teachers will soon be able to create a new class in Google Classroom using Student Information System (SIS) data 
In the coming weeks, we will be introducing a new feature that allows teachers to set up a Google Classroom class using information directly imported from an SIS, including co-teachers, student rosters and class lists, grading categories and grading periods. Please note this feature is only available with our current SIS partners. | Learn more about creating new classes in Classroom using SIS data. 

Google Workspace extensions for Gmail, Google Drive and Google Docs are now available in open beta for Gemini (gemini.google.com) 
We’re pleased to announce Google Workspace extensions for Gmail, Google Drive and Google Docs are available for Gemini (gemini.google.com). When enabled, Gemini will be able to cross reference these apps as data sources to better inform its responses. | Learn more about the beta for Gemini (gemini.google.com). 

Import and export Markdown in Google Docs 
We’re introducing highly-requested features that enhance Docs' interoperability with other Markdown supporting tools. | Learn more about markdown in Docs

Clearer re-enrollment for Google Meet hardware devices 
We're updating the way Google Meet hardware devices are re-enrolled to provide a more intuitive experience for administrators. | Learn more about re-enrollment for Meet hardware devices. 

Available in beta: Policy Visualization across Google Docs, Sheets, Slides and Drive 
Users who are interacting with policy-protected content, such as those with data loss prevention (DLP) rules or trust rules, will now be proactively informed about what actions are prevented by those policies. | Learn more about policy visualization.

Enable guardians to preview assigned classwork within Google Classroom
Guardian email summaries will now include links that let guardians preview their student's Classwork pages, including assigned work and attachments provided by the teacher. | Learn more about guardians and Classroom.

Completed rollouts

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).  


What’s changing 
Currently, when there are security policies applied to documents, spreadsheets, presentations or files, users are given no central explanation of which actions, like downloading, making a copy, or external sharing are restricted. 

To improve upon this experience, users who are interacting with policy-protected content, such as those with data loss prevention (DLP) rules or trust rules, will now be proactively informed about what actions are prevented by those policies. 

For example, if a user is interacting with a document affected by DLP-enforced information rights management (IRM) and a Trust Rule, they will see a shield icon and side panel that informs them of the restricted actions.
Policy Visualization across Google Docs, Sheets, Slides and Drive
Who’s impacted 
End users 


Why it matters 
With this update, users will be made aware of which actions they are taking that are disabled on a document, spreadsheet, slide or file due to data protection controls.

Getting started 
  • Admins: There is no admin control for this feature. 
  • End users: 
    • Any user will be able to see policy visualization if it's active on a document, but the owner of the document is used to determine if it's turned ON. 
    • A shield icon and side panel will automatically appear when security controls are present. 
    • Visit the Help Center to learn more about the policies that enable Policy Visualization: 

Rollout pace 

Availability
Policy visualization is enabled when the document, spreadsheet, slides or file owner belongs to the following Google Workspace editions: 
  • Business Starter, Standard, Plus 
  • Enterprise Starter, Standard, Plus 
  • Essentials Starter, Enterprise Essentials, Essentials Enterprise Plus 
  • Frontline Starter, Standard 
  • Education Fundamentals, Standard, Plus, the Teaching & Learning Upgrade 
  • Workspace Individual Subscribers 
Resources 


[Update] September 30, 2024: As of today, Workspace admins may now disable one or more Workspace services without disabling the remaining, available Workspace extensions in Gemini.


What’s changing 
We’re pleased to announce Google Workspace extensions for Gmail, Google Drive and Google Docs are available for Gemini (gemini.google.com). When enabled, Gemini will be able to cross reference these apps as data sources to better inform its responses.

View of Google Workspace extensions from the Gemini Extensions page




This feature is available in open beta for Google Workspace customers with the Gemini Business, Enterprise, Education, and Education Premium add-ons — no additional sign-up is required.


Who’s impacted

Admins and end users


Why you’d use it

Google Workspace extensions enhance Gemini's capabilities by allowing it to access information from your Gmail, Docs, and Drive. This enables Gemini to locate, reference and incorporate this additional data, leading to even more informed and relevant responses. This deeper integration helps bring Gemini’s capabilities more seamlessly into your daily workflows, helping enhance productivity. For example, referencing a Doc that outlines your target audiences while performing customer research in Gemini (gemini.google.com).


Additional details
  • During the open beta period, Context-Aware Access (CAA) for Gmail, Drive and Docs isn’t supported with Google Workspace extensions. Context-Aware Access gives you control over which apps a user can access based on their context, such as whether their device complies with your IT policy. Learn more about Context-Aware Access.
  • Google Workspace extensions honors access control settings for files within Drive, meaning users can only access files that they own or have been shared with them (excluding files shared via Shared Drive).
  • Google Workspace extensions is not available to Google Workspace users accessing Gemini as an additional Google service.
  • Note that Google Workspace personal content that Gemini Apps get from extensions is not reviewed by anyone to improve AI models, not used to train AI models, and not shared with other users or institutions. Visit the Help Center for more information.
Getting started
  • Admins: 
    • This feature will be OFF by default and can be enabled at the OU or Group level. 



Rollout pace

Availability
Available for Google Workspace customers with the:
  • Gemini Business, Enterprise, Education, or Education Premium add-on

Resources