This official feed from the Google Workspace team provides essential information about new features and improvements for Google Workspace customers.
rss_feed

What’s changing 

Admins can now apply Context-Aware Access (CAA) policies to apps which use OpenID Connect (OIDC), which are a subset of OAuth apps that are authenticated using Google sign-in. Admins can use a single setting to apply CAA policies to all OIDC apps by default. We are not providing per app access control for individual apps at this moment. The new OIDC setting can also be applied in monitor mode for admins to gauge potential end user impact before applying in active mode. 

CAA creates granular access control security policies for apps based on attributes, such as user identity, location, device security status, and IP address, and they can be applied to users on personal and managed devices. Expanding CAA to encompass OIDC apps means admins can ensure their users are able to access or are blocked from accessing these apps according to the broader security parameters of their organizations. 

Admins can configure CAA policies for OIDC apps in the Admin console under Security > Context-Aware Access > General settings 

Getting started 

  • Admins: CAA for OIDC apps can be configured at the OU level. Visit the Help Center to learn more about context-aware access, creating context-aware access levels, and assigning access levels to third-party apps
  • End users: If enabled by your admin, you can access certain apps when authenticating using your Google sign-in. Or you may see a message letting you know that you cannot use Google sign-in to authenticate with certain apps or you may see remediation messages which will provide some options on how to unblock apps. 

Rollout pace 


Availability 

Available for Google Workspace: 
  • Frontline Standard and Plus 
  • Enterprise Standard and Plus 
  • Education Standard and Plus 
  • Enterprise Essentials Plus 
  • Also available for Cloud Identity Premium 

Resources 

Read More

What’s changing 

We’re introducing a new approval workflow option for enterprise users to request access to third-party apps that have not been explicitly configured via App Access Control (AAC) by an admin. This only applies to apps which have not been configured. If a user is able to access an app today based on the policies configured by their admin, then there will be no change and they will continue to be able to access the app. 

When end users attempt to access unconfigured third-party apps and get blocked, they will see an error screen with an option to raise a review request to admins. After the user submits a request, admins will be able to review the end user requests in app access control and make a decision. 

This feature gives enterprise users a clear process for requesting access to apps they need, reducing the likelihood of them being completely blocked and improving their productivity. For admins, it provides a centralized and efficient way to manage and configure access for new applications within their organization, while maintaining control over data security. 

An example of the dialog that the end user will see when access is blocked, with an opportunity to request access 


The dialog an end user will see if they choose to request access 


The interface in the Admin console where admins can see and process access requests from users 


The interface admins can use to configure access by OU 


Who’s impacted 

Admins and end users 

Getting started 

  • Admins: 
    • This feature will be ON by default and can be enabled at the organizational unit (OU) level. You can enable the setting for users to request access to unconfigured apps in the Admin console under API Controls Settings. Visit the Help Center to learn more about user requests for unconfigured apps
  • End users: 
    • There is no end user setting for this feature. When the approval workflow is enforced, users will see a new screen that allows them to request access to the app from their admin. 

Rollout pace 


Availability

  • Available to all Google Workspace customers 

Resources 


Read More

What’s changing 

Admins can now select “Warn” as an action when deploying context-aware access (CAA) levels. When applied, end users will see a warning message if they do not meet their admin defined conditions for accessing Google Workspace applications. They can click “See details” to see more information about why they received the warning – for example, they may be notified that their operating system is outdated and requires an update. The warning provides a useful reminder for the user to take action otherwise access could be blocked in the future. 

It’s important to note that “Warn” mode will not block users from accessing a particular app or service and they will have the option to proceed despite the warning. “Warn” mode helps educate users if they’re trying to access apps in a less secure situation and how to remediate this risk, while reducing the workload required by admins to socialize best practices. 
Example of a warning notification 


Example of what a user might see when they click “See details” 

Additional details 

  • Warning messages will be shown to users once every 48 hours if their device and session continues to not meet access levels to ensure minimizing end user friction. 
  • "Access Warning Sent” and “Access Warning Viewed by User” events can be reviewed in the CAA audit logs and in the security investigation tool for select Google Workspace customers. 

Getting started 


Admin app access level assignment flow

Rollout pace 


Availability 

Available for Google Workspace: 
  • Frontline Standard and Frontline Plus 
  • Enterprise Standard and Enterprise Plus 
  • Education Standard and Education Plus 
  • Enterprise Essentials Plus 
  • Cloud Identity Premium 

Resources 

Read More

Update (August 15, 2025): We updated this post to indicate that the rollout will start on August 26. Previously, the rollout was planned to start on August 19. 

What’s changing 

Earlier this year, we launched an improved version of the OAuth consent screen to the Apps Script IDE and unpublished Editor Add-ons that allows users to specify which individual scopes they would like to authorize for that script. For example, if a script requests access to a user’s Sheets and Forms files, and the users only intends to use the script with Sheets files, they can decide to only allow access to their spreadsheets and not their forms. 


This screenshot shows the new OAuth consent screen, which lets the user provide consent for a subset of the requested OAuth scopes. 

We’re excited to announce that this more granular OAuth consent screen will be expanding to an additional Apps Script execution type. Soon, published Editor add-ons powered by Apps Script will also present users with this more granular consent screen when requesting an OAuth grant. This will allow users of these add-on types to provide partial OAuth consent when authorizing new add-ons. A reminder that this also includes reconsenting to add-ons when OAuth grants expire.

Additional details 

To prepare for the release of this new consent flow, we suggest that Editor add-on developers refer to the ScriptApp and AuthorizationInfo classes. These allow Apps Script developers to programmatically interact with the scopes granted for a script. This allows developers to put in such safeguards as short-circuiting a script execution if not all scopes are granted. For more information, refer to the developer documentation. To test these changes, please see the documentation on Testing Editor Addons

Getting Started 

  • Admins: There is no admin control for this feature.
  • Developers and end users: This new consent screen will only be used for new OAuth scope grants. Pre-existing scope grants will not be affected, so no action is required by users on scripts they’ve already authorized. 

Rollout pace 


Availability 

  • Available to all Google Workspace customers and Workspace Individual Subscribers
Read More

What's Changing

We’re adding an additional data field for Google Meet log events: encryption_type, which will indicate whether standard cloud encryption or client-side encryption was used for a call endpoint. This information can also be called using the Admin Reports SDK API under the values: cloud_encryption and cse_encryption.


Example of a meeting without client-side encryption and a meeting with standard encryption. The encryption type will be captured in Meet log events going forward.

Rollout Pace:


Availability:

Available in the audit and investigation tool for all Google Workspace customers and for select Google Workspace customers in the Security Investigation tool, as well as the Admin Reports SDK API.
Read More

What’s changing 

We’re introducing several changes to make the act of training custom AI models for data classification in Google Drive more efficient:
  • Multi-model Support: When AI classification first launched, the product supported training a single model for a single label field.  Now, customers can train up to five unique models.  Common use cases for multiple models are:
    • Models for different labels
    • Models for different fields of a single label
    • Multiple models for the same label & field combination, with different training datasets curated for separate audiences 



  • On-demand Training: Training AI classification models can be an interactive process.  With the former version of the product, the models would train on a predefined schedule.  Now, the administrator can decide when to train the model, initiating the training process on demand – enabling organizations to move at their own pace! 
  • Refreshed UI: We’ve redesigned the AI classification experience from the ground up with a new onboarding flow and model details page.  With the redesigned UI, Workspace Administrators will now see richer insights into the status of model training, metrics on their training data, model recall scores, and a history of their model versions. 

Who’s impacted 

  • Admins

Why it matters 

  • Powered by privacy-preserving AI models that can be uniquely trained on specific customer needs, AI classification automatically identifies, classifies, and labels files in Google Drive. This helps organizations standardize data classification and achieve labeling consistency at scale. Labels can then be used to trigger rules on files that can and cannot be shared through data loss prevention (DLP) controls, lifecycle management policies, as well as audit and reporting use cases. These latest enhancements give admins the flexibility to train models when they need to and for the specific and dynamic needs of their organization.

Getting started 

Rollout pace 

Availability 

Available for Google Workspace:
  • Enterprise Plus
  • Frontline Plus
  • Gemini Education Premium add-on
Anyone who previously purchased these add-ons will also receive this feature: 
  • Gemini Enterprise*
  • AI Security*
*As of January 15, 2025, we’re no longer offering the Gemini Business and Gemini Enterprise add-ons for sale. Please refer to this announcement for more details.

Resources 

Read More

What’s changing

The Information Rights Management (IRM) feature for Drive prevents the downloading, copying and printing of documents for viewers and commenters. Currently, individual file owners can use IRM to limit viewers and commenters from printing, copying, or downloading a file. Earlier this year, we launched the ability for admins to restrict these actions for users with edit permissions.

Now, individual file owners and shared drive managers can apply printing, copying, and downloading restrictions to users with edit permissions as well. Editors and owners can still edit the document itself, however they can only copy and paste document content within the document itself. 

As a whole, IRM controls give both admins and end users the ability to help prevent sensitive content from being leaked.


Getting started

  • End users: Once this feature is enabled, all entry points for downloading, printing, and copying will be removed from Google Drive, Docs, Sheets, and Slides on all platforms. Note: If a file has both an administrator-applied IRM setting and a file owner setting on it, the administrator setting takes priority. Visit the Help Center to learn more about stopping, limiting, or changing how your files are shared.

Rollout pace


Availability

  • IRM controls are available for all Google Workspace customers
  • Data Loss Prevention Rules and Context-Aware Access conditions are available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Fundamentals, Standard, Plus, and the Teaching and Learning add-on
    • Frontline Standard
    • Enterprise Essentials and Enterprise Essentials Plus

Resources

Read More

What’s changing 

Currently, you can join client-side encrypted calls from a computer or mobile device. Starting today, you can join client-side encrypted calls directly from Google Meet hardware devices. Simply select the meeting from the in-room agenda on any hardware device – you’ll be prompted to authenticate from a personal device, such as your phone or laptop, which will grant the room access to this specific meeting.

Joining a client-side encrypted meeting from a hardware device

Google Meet always encrypts call media in transit and at rest, ensuring only meeting participants and Google's data center services can decrypt it. Client-side encryption adds an additional layer of privacy by encrypting all media that is encrypted directly by each participant's browser using keys accessible only to them, meaning Google's servers and other service providers cannot decrypt or access the call content. This gives users greater control and confidentiality over their meeting communications, and this specific update gives users another way to join client-side encrypted calls.

Additional details

Client-side encrypted calls can be joined from meeting rooms in the host's organization or in the organization of an invited participant. A room does not need to be specifically invited to the meeting — access to client-side encrypted calls is determined by the identity of the individual participant. 

Getting started

  • Admins: 
    • In order for end users to use client-side encryptions, admins must connect Google Workspace to an external identity provider and encryption key service (IdP+key service). 
    • Visit the Help Center to learn more about managing client-side encryption for your organization. Also see our API documentation
    • Note: There is no additional configuration for room hardware if client-side encryption has already been configured.
    • Note: The KACLS server used for key management needs to support the delegate call. This call is used for authorizing a room to join a meeting on behalf of an authenticated user. Check with your KACLS vendor for details. 

  • End users: You can join a client-side encrypted call from a room in the same way you would join a call using regular encryption. Follow the additional instructions displayed on the room unit to authenticate on your personal device. Visit the Help Center to learn more about joining a client-side encrypted meeting from a Google Meet hardware device.

Rollout pace

Availability

Client-side encryption for Google Meet is available for Google Workspace:
  • Enterprise Plus
  • Education Standard and Plus
Joining an encrypted call is available for all Google Meet hardware devices

Resources

Read More

What’s changing 

Gmail now allows users with hardware keys, such as PIV/CAC smartcards, to directly manage their digital signature and encryption certificates within Gmail settings. Prior to this update, admins needed to upload encryption keys for their users – now users can configure their own keys in Gmail, without needing an admin. 

Gmail > Settings > Accounts > Encryption certificates

Additional details 

While Workspace encrypts data at rest and in transit by using secure-by-design cryptographic libraries, client-side encryption ensures that you have sole control over encryption keys and access to your data. Client-side encryption ensures sensitive data in the email body and attachments are indecipherable to Google servers — you retain control over encryption keys and the identity service to access those keys. For more information, check out our original announcement and the Workspace blog

Getting started 

  • Admins: In order for your users to add certificates from a hardware key, you must first enable and install the Workspace Hardware Keys application to user machines. 
  • End users: Visit the Help Center to learn more about using hardware keys for encryption. 

Rollout pace 


Availability 


Resources 

Read More

What’s changing 

Today, we announced Google Workspace support for FINRA compliance, continuing our commitment to meet the unique needs of heavily regulated industry. This includes the preservation of records in a non-rewritable, non-erasable (WORM) format, including support for SEC Rule 17a-4, SEC Rule 18a-6, and CFTC §1.31. 

We’re pleased to announce FINRA-compliant solutions for Google Drive and Calendar (complementing our existing FINRA-compliant features for Gmail, Chat, and Meet) that address the critical supervisory, documentation, and surveillance requirements that underpin financial regulations: 

For Google Drive, super admins can now use Google Workspace’s Data Export tool and AODocs to create a FINRA-compliant archive of their Google Drive data in a Google Cloud Storage (GCS) bucket. This data can be from specific organizational units (OUs), groups, or users, and filtered by Drive labels.

When you’re using the Data Export tool, select “FINRA” as your export type

For Calendar, super admins and admins with third-party archiving privileges can enable third-party archiving on an OU or group level and specify the email address to which Calendar archives should be sent. The following events will be captured: 
  • On the monitored user’s calendar: all events and their updates, including events modified by another user with the appropriate access to the monitored user's calendar 
  • On other calendars that the monitored user can make changes to: all actions performed by the monitored user 
When these actions are performed, an email is sent to the journaling address specified by the admin with the event data, user who performed the action, and time stamp. providing access via SMTP for a third-party service provider to archive and produce the records on demand.
Third-party archiving can be enabled in the Admin console by going to Apps > Google Workspace > Settings for Calendar > Third-party Archiving Settings

Who’s impacted 

Admins 

Why it’s important 

These updates are critical for Google Workspace customers operating in the financial services industry on a global scale. For Calendar, archival journaling functionality supports compliance news by ensuring electronic communications are captured and preserved, meeting essential record-keeping standards. For Drive, admins can manage and securely store critical documents at scale. These solutions add to our existing FINRA-compliant features for Gmail, Chat, and Meet (when certain settings are enabled and disabled), providing global communication solutions and cutting edge productivity tools that meet the regulatory needs of customers in the financial services sector. 

Additionally, we are proud to announce partnerships with several industry-leading Digital Communications Governance and Archiving (DCGA) vendors: AODocs, Mimecast, Smarsh, and Global Relay. These partners provide vital connectors for our customers, ensuring the compliant flow of Google Workspace data into their trusted archiving solutions. For more information on these partnerships and FINRA compliance for Google Workspace, visit the Workspace blog.

Getting started 


Rollout pace 


Availability 


Resources

Read More

New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.

Providing support for Microsoft Office embedded files in Google Drive 
To ensure users have a seamless experience when working with Microsoft Office files, we’re excited to announce that users can now open Microsoft Office files that contain embedded PDFs in Google Drive. | Rolling out now to Rapid Release and Scheduled Release domains. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about working with Microsoft Office files

Use Imagen 4 to generate images in Google Docs, Slides and Vids in multiple languages 
Users can now utilize our highest quality image generation model, Imagen 4, which delivers: 
  • Outstanding text rendering and prompt adherence 
  • Higher overall image quality across all styles 
  • Multilingual prompt support in these 20+ languages 
Rolling out now to Rapid Release and Scheduled Release domains. | Available to Google Workspace Business and Enterprise users with access to Gemini in Docs and Slides, and users with access to Gemini in Vids. | Visit the Help Center to learn more about collaborating with Gemini Slides, Vids and Docs.
using spanish to generate visual content in Vids
View the most relevant search results in Gmail
Over the years, we’ve implemented updates to help you find exactly what you’re looking for with less effort when searching in Gmail. In March, we announced a smarter search feature powered by AI to quickly show users the most relevant results, and today we’re excited to extend this to businesses. Now, instead of just showing emails in chronological order based on keywords, Gmail search results will factor in elements like recency, most-clicked emails and frequent contacts. With this update, the emails you’re looking for are far more likely to be at the top of your search results — saving you valuable time and helping you find important information more easily. You can also select between “most relevant” and “most recent” results. | Rollout to Rapid Release and Scheduled Release domains is complete. | Available to Google Workspace customers, Google Workspace Individual subscribers, and users with personal Google accounts. | Visit the Help Center to learn more about the search in Gmail.
View the most relevant search results in Gmail

    A search view before and after. Now, search results are sorted by relevance instead of in chronological order to help you find your intended result, faster.

    Automated meeting recording, transcripts and notes available in seven additional languages
    Currently, when an Admin pre-configures meeting recordings, meeting transcripts, or “Take notes for me” in Meet as ON by default for newly created meetings, the artifacts are generated in English. Today, we’re expanding the language availability to include:
    • French
    • German
    • Italian
    • Japanese
    • Korean
    • Portuguese
    • Spanish
    The meeting artifacts will automatically be generated in the meeting host’s language if it is supported. | Rolling out now to Rapid Release and Scheduled Release domains. | Meeting recordings and transcripts are available to Google Workspace Business Plus; Enterprise Essentials, Enterprise Essentials Plus; Enterprise Standard, Plus; Education Plus, and the Teaching and Learning add-on. “Take notes for me” is available to Business Standard and Business Plus; Enterprise Standard and Enterprise Plus; the Gemini Education and Education Premium add-on and those customers who previously purchased a Gemini Business, Gemini Enterprise or AI Meetings & Messages add-on. | Admins visit the Help Center to learn more about choosing automatic meeting artifact settings for your organization. | End users visit the Help Center to learn more about recording a meeting, using meeting Transcripts, and taking notes with Gemini in Meet. Meeting hosts and co-hosts can edit these settings in the Calendar invite, as well as turn these artifacts off during the meeting.

    Studio lighting in Google Meet is now available on all devices 
    We’re pleased to announce that studio lighting in Google Meet is now available on all devices. Using machine learning, Gemini in Meet will simulate studio-quality lighting and adjust light position and brightness in your video feed, so you're perfectly lit for your meeting. | Available now. | Rollout to Rapid Release and Scheduled Release domains is complete. | Available for Google Workspace Business Standard and Plus, and Enterprise Standard and Plus. | Visit the Help Center to learn more about improving your video experience. 

    Video file uploads are now available to Google Workspace users in the Gemini mobile app 
    You can now upload videos stored on your mobile device to provide more context to your prompts in the Gemini mobile app. You can ask Gemini to summarize the video, ask Gemini specific questions about the video and more. | Rollout to Rapid Release and Scheduled Release domains is complete. | Available to all Google Workspace users with access to the Gemini app. | Visit the Help Center to learn more about how to upload and analyze files in the Gemini Apps

    Boost productivity with scheduled actions in Gemini 
    You can now use scheduled actions in Gemini to create personalized updates, set reminders, or complete routine tasks in a chat or based on existing prompts. You can set these actions to your preferred frequency, be it a single reminder, or daily or weekly updates. Some ways you can use scheduled actions are: 
    • Daily summaries of your calendar, to-do list, and unread emails for the day ahead. 
    • Daily news briefings: deliver a concise, easy-to-digest summary of the day’s top news stories or a specific topic. 
    • Competitive landscape monitoring: Monitor online news, press releases, social media content, and more based on a specific industry. 
    • Weekly vocabulary builders: Receive a curated list of new vocabulary words, complete with definitions and example sentences, tailored to your learning level. 
    Rollout to Rapid Release and Scheduled Release domains is complete. | Available with a qualifying edition of Google Workspace for Gemini on the web and mobile and in all supported languages. This feature is only available for users 18+ at this time. | Admins: For Gemini to access data from apps like Gmail, Calendar, and Drive, Workspace apps in Gemini must be turned ON. | End users: Visit the Help Center to learn more about scheduling actions in Gemini.

    Google Drive log events now include search related information 
    We’re expanding Drive log events in the security investigation tool to include search events. This includes information on resources returned from a search, the query the user entered, and more. Admins can use this information to help assess whether there is normal search behavior or whether the behavior was anomalous and indicating potential data exfiltration. This information can also be queried via API – check out our API documentation for more information. | Rollout to Rapid Release and Scheduled Release domains is complete. | Available for Google Workspace Business Starter, Standard, and Plus; Enterprise Starter, Standard, and Plus; Education Fundamentals, Standard, and Plus; Frontline Starter and Standard. | Visit the Help Center to learn more about Drive log events and the security investigation tool.
    Google Drive log events now include search related information

    Previous announcements

    The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.

    Adding granular control options for who can respond to existing Google Forms 
    In addition to being available on newly created forms, we’re excited to announce that starting today this option is now available on existing forms. As a result, form creators can upgrade existing or old forms to have more granular controls over who can respond to them. | Learn more about controls for existing forms. 

    Google Classroom now supports exporting grades and importing data with STLink SIS 
    Google Classroom teachers can now export and import select information via the new integration with Bubblecon STLink, a South Korean third-party student information system (SIS) that provides an innovative edtech platform. | Learn more about Bubblecon STLink. 

    Changes to "Who can manage" and "Who can view" members in Google Groups starting September 15, 2025 
    There are upcoming changes to permissions in Google Groups which will be implemented starting September 15, 2025. | Learn more about changes to Google Groups.

    Generate data with Gemini in Google Sheets
    Currently, you can utilize Gemini in Google Sheets to generate charts and valuable insights, and this week, we’re excited to bring AI directly into the cells of your spreadsheet with the power of AI function. | Learn more about AI function in Sheets.

    See summaries of even more file types directly in Google Chat
    Earlier this year, we introduced the ability for users to easily summarize Google Docs, Slides, and Sheets files shared within a Google Chat conversation. Today, we’re excited to expand this feature to PDF, Office (Word, Excel, PowerPoint), CSV, txt, and zip files shared as Drive links in Chat. | Learn more about summaries in Chat.

    Updates to the GitHub app for Google Chat 
    We're announcing additional updates and functionality that improve upon the overall experience using the GitHub app for Google Chat. | Learn more about GitHub app for Google Chat.

    Gemini Add-ons will no longer appear under subscriptions in the Admin console for Workspace Business and Enterprise customers
    In January 2025, we announced our plan to bring premium AI features directly to our Business and Enterprise offerings, helping our customers and their users boost productivity, creativity, and innovation, transforming how they work. We also stopped charging for Gemini add-ons that you may have purchased previously for your Business and Enterprise offerings after January 31, 2025. | Learn more about add-on subscriptions.

    Introducing Google AI Ultra for Business: Providing Access to Advanced AI Features and Next-Gen tools
    We’re pleased to introduce Google AI Ultra for Business, a new Workspace add-on that provides the highest access to AI features and models and access to next-generation AI tools. | Learn more about Google AI Ultra for Business.

    Introducing more granular controls for multi-party approvals for sensitive admin actions
    Last year, we introduced multi-party approval (MPA), a security feature that requires an admin to approve certain sensitive actions initiated by another admin. Today, we’re enhancing this feature by giving admins more granular controls. | Learn more about granular controls for multi-party approvals.

    Completed rollouts

    The features below completed their rollouts to Rapid Release domains, Scheduled Release domains, or both. Please refer to the original blog posts for additional details.

    Rapid Release Domains: 
    Scheduled Release Domains: 
    Rapid and Scheduled Release Domains: 
    For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).
    Read More

    What’s changing 

    Last year, we introduced multi-party approval (MPA), a security feature that requires an admin to approve certain sensitive actions initiated by another admin. Today, we’re enhancing this feature by giving admins more granular controls, specifically: 
    • Admins can now select which specific settings require multi-party approval. 
    • Admins can choose separate multi-party approval settings for actions that are supported via API and the admin console, such as configuring single-sign on with a third-party identity provider
    • Super admins can now delegate specific admins to approve MPA actions using the new multi-party approval role for admins.
    You can configure multi-party approval on a per action basis by going to Security > Authentication > Multi-party approved settings in the Admin console


    Account > Admin Roles 

    Who’s impacted 

    Admins 

    Why it’s important 

    Multi-party approval adds an extra layer of security for sensitive actions taken in the admin console by ensuring sensitive actions are not implemented in a silo and, more importantly, helps prevent unauthorized or accidental changes from being made. 

    We understand each customer has their own unique definition of security and what constitutes a high-risk action. By introducing more granular controls, we’re giving our customers the authority to decide what features should be subject to multi-party approvals and who has the authority to review these actions, in a way that works best for them, rather than the experience being “all or nothing”. 

    Additional details 

    To further strengthen security around sensitive actions, admins now require both 'reviewer' and 'requester' privileges for a given action to conduct its MPA review. This ensures that the approving admin possesses the direct authority to perform the action themselves, reinforcing the integrity of the approval process and preventing approvals from individuals with inadequate underlying permissions. 
     

    Getting started 

    • Admins: This feature is available for eligible Workspace customers with two or more super admin accounts. Multi-party approval is OFF by default and can be turned on in the Admin console by going to Security > Multi-party approval settings. Visit the Help Center to learn more about multi-party approval for sensitive actions and pre-built admin roles.
    • End users: There is no end user impact or action required.

    Rollout pace 

    Availability

    • Available to Google Workspace 
      • Enterprise Standard and Plus 
      • Education Standard and Plus 
    • Also available to Cloud Identity Premium customers 

    Resources 

    Read More

    What’s changing

    Last year, we ​​introduced a feature that gives Google Forms creators more granular control over who can respond to their newly created forms via sharing settings. Specifically, form creators can limit response access to specific users, groups, or target audiences—similar to how file owners can restrict the sharing of Google Docs, Sheets, Slides or Sites in Drive. 

    In addition to being available on newly created forms, we’re excited to announce that starting today this option is now available on existing forms. As a result, form creators can upgrade existing or old forms to have more granular controls over who can respond to them. 
    Adding granular control options for who can respond to existing Google Forms

    Who’s impacted 

    End users

    Why you’d use it 

    This feature is useful in any scenario where you’d like to control who can respond to a form. For example, business leaders can better collect feedback from specific organizational units and prevent the form from being responded to by other teams or organization units. Similarly, teachers can use this to ensure a quiz is only accessible to select students who receive the link. 

    Getting started 

    • Admins: There is no admin control for this feature.
    • End users: 
      • Form creators must publish their form to enable responders to view the form or submit a response. 
      • Form creators can see who has access to the form and share response access to specific users, groups, or target audiences. 
      • Visit the Help Center to learn more about upgrading your Google Form to have better access control. 

    Rollout pace 


    Availability 

    • Available to all Google Workspace customers and users with personal Google Accounts 
      • Note: The target audiences feature mentioned above is only available for the Google Drive and Docs and Google Chat services. Supported editions for this feature on Drive, Docs & Chat include: Business Plus, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, Enterprise Essentials and Enterprise Essentials Plus. Supported editions for this feature on Drive & Docs only include: Business Standard, Nonprofits and G Suite Business. 

    Resources 

    Read More

    What’s changing 

    Beginning today, you can now access log events for the new data migration service in the audit and investigation tool and the security investigation tool. You can search across a variety of attributes including: 
    • Who started a migration 
    • What data is being migrated 
    • When the migration was set up or executed, and more. 
    Log events give admins clear insight into data migration activities in their organization, providing insights into who initiated the migration, the type of data involved, the migration progress, and even allows for proactive issue triaging and resolution. 

    For Google Workspace customers with access to the security investigation tool, you can find more information on each migrated object, troubleshoot issues, create custom rules, and more. And for select Google Workspace customers, log events can be exported to BigQuery for further analysis and custom reporting. See below for more information on availability.

    Data migration log events in the security investigation tool

    Getting started

    Rollout pace

    • Data migration log events in the security investigation tool: Available now.
    • BigQuery exports: Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on June 17, 2025

    Availability

    The audit and investigation tool is available for all Google Workspace customers.

    The security investigation tool is available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Frontline Standard
    • Cloud Identity Premium

    Exporting logs to BigQuery is available for Google Workspace:
    • Enterprise Standard and Plus
    • Education Standard and Plus
    • Enterprise Essentials Plus
    • Frontline Standard

    Resources

    Read More

    Useful Links

    Join the official community for Google Workspace administrators

    In the Google Cloud Community, discuss the latest features with Googlers and other Google Workspace admins like you. Learn tips and tricks that will make your work and life easier. Be the first to know what's happening with Google Workspace.

    Learn about more Google Workspace launches

    On the “What’s new in Google Workspace?” Help Center page, learn about new products and features launching in Google Workspace, including smaller changes that haven’t been announced on the Google Workspace Updates blog.

    Learn about our customers

    Discover how a diverse range of organizations, from small businesses and nimble startups to globally recognized Fortune 500 corporations, leverage the collaborative power of Google Workspace. Explore examples of how teams of are streamlining workflows and driving productivity by utilizing Google-Workspace.