What’s changing
Simplifying the management of Workspace settings continues to be a priority for us. To that end, we’re introducing new tools to help streamline the process for admins.
Launching to open beta today, we’re pleased to introduce the Policy API, which will help super admins programmatically access information regarding how their Google Workspace environment service level settings and rules are configured. With the Policy API, customers gain a comprehensive view of all their settings, giving them a holistic view of Workspace security and compliance configurations. Admins will no longer have to navigate through numerous pages in the Admin Console.
To start, the Policy API is available as a read-only API. In future releases, admins will be able to use the API to create, update, and delete their settings, as well as data loss prevention (DLP) rules. Admins will be able to use the API to audit certain settings in the following categories:
Authentication controls such as account recovery, advanced protection program, login challenges, passwords.ChatClassroomDocs and Drive Gmail GroupsMarketplaceMeet SitesTakeout
The Policy API can also be used to read DLP rules, including the ability to:
Read all DLP rule configurations in the admin console, including: rule names and descriptions; applicable organization units (OUs) and groups; triggers and conditions; and app-specific alert actions.Read existing DLP detectors available in the admin console including the detector name, description, and wordlist configurations.Read admin-modified system defined alerts.
Who’s impacted
Super Admins
Why it’s important
With the increase in sophistication and scale of cyber threats, the Cybersecurity & Infrastructure Security Agency’s
Secure Cloud Business Applications (SCuBA) project provides guidance to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments.
The Policy API provides access to the settings that are part of these recommendations published in CISA’s
Google Workspace secure configuration baselines. Customers who wish to evaluate their Workspace policies against these baselines can start testing using the Policy API. In future releases, we plan to expand support for additional policies described in CISA’s Workspace baselines.
Getting started
Admins: You must be a super admin to use the Policy API. Use our Developer Documentation to learn more about the
Policy API.End users: There is no end user impact or action required.
Rollout pace
Available now.
Availability
Available to all Google Workspace customers
Resources