Thursday, October 24, 2024

Audit security settings using the Policy API, now available in open beta

What’s changing

Simplifying the management of Workspace settings continues to be a priority for us. To that end, we’re introducing new tools to help streamline the process for admins. 

Launching to open beta today, we’re pleased to introduce the Policy API, which will help super admins programmatically access information regarding how their Google Workspace environment service level settings and rules are configured. With the Policy API, customers  gain a comprehensive view of all their settings, giving them a holistic view of Workspace security and compliance configurations. Admins will no longer have to navigate through numerous pages in the Admin Console.

To start, the Policy API is available as a read-only API. In future releases, admins will be able to use the API to create, update, and delete their settings, as well as data loss prevention (DLP) rules. Admins will be able to use the API to audit certain settings in the following categories:

  • Authentication controls such as account recovery, advanced protection program, login challenges, passwords.
  • Chat
  • Classroom
  • Docs and Drive 
  • Gmail 
  • Groups
  • Marketplace
  • Meet 
  • Sites
  • Takeout

The Policy API can also be used to read DLP rules, including the ability to:
  • Read all DLP rule configurations in the admin console, including: rule names and descriptions; applicable organization units (OUs) and groups; triggers and conditions; and app-specific alert actions.
  • Read existing DLP detectors available in the admin console including the detector name, description, and wordlist configurations.
  • Read admin-modified system defined alerts.

Who’s impacted

Super Admins


Why it’s important

With the increase in sophistication and scale of cyber threats, the Cybersecurity & Infrastructure Security Agency’s Secure Cloud Business Applications (SCuBA) project provides guidance to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments. 


The Policy API provides access to the settings that are part of these recommendations published in CISA’s Google Workspace secure configuration baselines. Customers who wish to evaluate their Workspace policies against these baselines can start testing using the Policy API. In future releases, we plan to expand support for additional policies described in CISA’s Workspace baselines.  


Getting started

  • Admins: You must be a super admin to use the Policy API. Use our Developer Documentation to learn more about the Policy API.
  • End users: There is no end user impact or action required.

Rollout pace

  • Available now.

Availability

  • Available to all Google Workspace customers

Resources