This official feed from the Google Workspace team provides essential information about new features and improvements for Google Workspace customers.
rss_feed
arrow_back Back

kwietnia 29, 2026

Workspace audit logs: New functionality and expanded event fields in the Admin console

Today we’re announcing the release of several enhancements to deepen the security investigation capabilities of the Workspace audit log, including expanded fields across many data sources.

These new enhancements include:

  1. Introduction of owner details for resource attribute
  2. Expansion of resource and actor attributes to additional data sources
  3. Introduction of new device info attribute for multiple data sources

New owner details for enhanced resource visibility in Security Investigation Tool and Audit logs

We’re adding a new “Owner details” field to the “Resources” attribute, making it easier to identify who owns a resource during security investigations. This field uses two primary components:

  • Owner Type: Specifies the category of the owner, which can be an individual person (User), the entire organization (Customer), or a Group.
  • Owner Identity: Contains specific details, such as IDs or email addresses, of that owner.


It will be available for all data sources wherever the resource field is present: Directory sync, Gmail, Meet, Groups, Keep, Looker Studio, Drive, Meet hardware, Chat, Admin, Data migration, Chrome, Voice, Calendar, Vault, Assignments and Groups enterprise log events.

Expanded coverage for resources and actor application info in Security Investigation tool / Audit and Investigation tool

To ensure you have a complete view across various Workspace services, we are expanding two critical attributes to additional log events:

  • Resources: Expanding to Chrome, Voice, Vault, and Assignment log events
  • Actor application info: Expanding to Chrome, Voice, Group, Meet, Assignments, and Admin data action log events

Comprehensive device information in Security Investigation tool / Audit and Investigation tool, Admin SDK (Reports API), SecOps, and BigQuery

Administrators can now gain crucial context about the devices used to perform actions. We are introducing the User device info attribute, which provides details such as User device ID, User device OS version, or User device type (e.g., DESKTOP_MAC, DESKTOP_WINDOWS).

This information is available for many log sources, including: Contact, Gemini workspace, Keep, Meet hardware, Chat, Chrome, Directory sync, Drive, Group, Meet, Rule, Looker studio and SAML log events. 

List of event fields and their descriptions
Detail for Admin SDK (Reports API)

Getting started

Rollout pace

Availability

Resources

Useful Links

Join the official community for Google Workspace administrators

In the Google Cloud Community, discuss the latest features with Googlers and other Google Workspace admins like you. Learn tips and tricks that will make your work and life easier. Be the first to know what's happening with Google Workspace.

Learn about more Google Workspace launches

On the “What’s new in Google Workspace?” Help Center page, learn about new products and features launching in Google Workspace, including smaller changes that haven’t been announced on the Google Workspace Updates blog.

Learn about our customers

Discover how a diverse range of organizations, from small businesses and nimble startups to globally recognized Fortune 500 corporations, leverage the collaborative power of Google Workspace. Explore examples of how teams of are streamlining workflows and driving productivity by utilizing Google-Workspace.