Audit security settings using the Policy API, now available in open beta

Qué está cambiando

Simplifying the management of Workspace settings continues to be a priority for us. To that end, we’re introducing new tools to help streamline the process for admins.

Launching to open beta today, we’re pleased to introduce the Policy API, which will help super admins programmatically access information regarding how their Google Workspace environment service level settings and rules are configured. With the Policy API, customers gain a comprehensive view of all their settings, giving them a holistic view of Workspace security and compliance configurations. Admins will no longer have to navigate through numerous pages in the Admin Console.

To start, the Policy API is available as a read-only API. In future releases, admins will be able to use the API to create, update, and delete their settings, as well as data loss prevention (DLP) rules. Admins will be able to use the API to audit certain settings in the following categories:

Authentication controls such as account recovery, advanced protection program, login challenges, passwords.ChatClassroomDocs and Drive Gmail GroupsMarketplaceMeet SitesTakeout

The Policy API can also be used to read DLP rules, including the ability to:

Read all DLP rule configurations in the admin console, including: rule names and descriptions; applicable organization units (OUs) and groups; triggers and conditions; and app-specific alert actions.Read existing DLP detectors available in the admin console including the detector name, description, and wordlist configurations.Read admin-modified system defined alerts.

A quién afecta

Super Admins

Por qué es importante

With the increase in sophistication and scale of cyber threats, the Cybersecurity & Infrastructure Security Agency’s Secure Cloud Business Applications (SCuBA) project provides guidance to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments.

The Policy API provides access to the settings that are part of these recommendations published in CISA’s Google Workspace secure configuration baselines. Customers who wish to evaluate their Workspace policies against these baselines can start testing using the Policy API. In future releases, we plan to expand support for additional policies described in CISA’s Workspace baselines.

Para empezar

Admins: You must be a super admin to use the Policy API. Use our Developer Documentation to learn more about the Policy APIUsuarios finales: No es necesario que los usuarios finales tomen medidas.