Preamble:
This space will be utilized to synthesize my notes and help improve my learning process while I study for the Google Workspace Professional Administrator certification. I will be doing a similar process for other certifications I work on in the future. Please follow along for Google Workspace notes and feel free to ask any questions or, if I get something wrong, offer suggestions to correct any mistakes.
Part 2
Gmail
Gmail is the Google Workspace email solution. It can be managed via the Google Admin Panel which can allow you to limit some customization options for your users. Some of these features which you can control are:
1.Users choosing a theme
- Mail Delegation
- Email Read Receipts
- Confidential Mode
You can access these features in the Admin Panel by going to:
Apps> Google Workspace> Gmail> User Settings
Google Workspace also offers interoperability with Microsoft Outlook if you have users wishing to use Outlook to manage their company Gmail account. You can accomplish this with the Google Workspace Sync for Microsoft Outlook (GWSMO). You can either have your users download the software themselves (.EXE version) or, you as an administrator can push the software out if you are working within an Active Directory environment by utilizing the .MSI version.
Compliance Policies
Gmail with Google Workspace also has compliance policies which allow you to further configure how Gmail behaves. Some settings for Gmail Compliance rules include:
- Comprehensive Mail Storage
- Append Footers
- Content Compliance
- Objectionable Content
You can access these features in the Admin Panel by going to:
Apps> Google Workspace> Gmail> Compliance
Google Calendar
Google Calendar is one of the main tools for planning your day and time with Google Workspace. It can be further configured in the Admin Panel and allow you to customize the experience for your users. Some configurable features are:
- Sharing Settings
- Resources (Domain owned calendars for specific rooms/buildings in your organization)
- General Settings
- Calendar Interop
You can find these settings by going to:
Apps> Google Workspace> Calendar
One common item to configure will be how your users share calendars. You may want to restrict what information users can share outside of your Google Workspace tenant but allow full information to be seen internally. This can be done in the Sharing Settings:
You may also want to restrict who can book certain Calendar Resources. Unlike the Sharing Settings for users that we just explored, these restrictions cannot be made within the Admin Panel and must be changed within the Resource Calendar itself. As a Super Admin, you will have full control of Calendar Resources. You will first need to add the Resource Calendar to your Google Calendar and then you can change these settings. To add a Resource Calendar you must:
- Log into Google Calendar with an Super Admin account
- Click the "+" button to the right of Other Calendars
- Click Browse Resources
- Click the down arrow of the building where the Resource resides and then select the checkbox beside the Resource you wish to add.
Now that the Resource Calendar has been added you can now restrict who can book this Resource. To do this follow these steps:
- Click the 3-dots beside the Resource you wish to edit access permissions
- Click Settings and Sharing
- Scroll down to Share with Specific People. Click Add People
- Type in a user or group name. Select the Permissions you wish to give.
In the screenshot above I am giving a specific user full permissions to the calendar. In order to restrict the Calendar to the rest of your tenant you can do so in 2 different ways.
- Do not make the calendar available to everyone within your tenant
- Utilize an all.employees@yourdomain Google Group and only give Free/Busy permissions to this group.
Google Drive
Google Drive is a file sharing and creation platform for Google Workspace. It can be configured just like any other Core Google Workspace service. You Some examples of settings you can configure are:
- Sharing Settings
- Approvals
- Migration Settings
- Transferring Ownership
You can find these settings in the Google Admin Panel by going to:
Apps> Google Workspace> Drive and Docs
Sharing files with Google Drive is an important aspect to managing your Google Workspace tenant. Without configuring Sharing settings you can be at risk of data exfiltration from your users. With the Sharing Settings you can choose to turn off Sharing of files outside of your domain, only allow sharing to Allowlisted domains or turn On File Sharing. With File Sharing turned on you can choose an additional option to warn users when they are about to share a file outside of the domain. Having this option selected can help users think twice before sharing a file.
Sometimes you may need to share files with users outside of your domain and they will not have a Google Account. This is where Visitor Accounts can be used. Visitor accounts can be enabled by going to:
Apps> Google Workspace> Drive and Docs> Sharing Settings> Sharing Options> Select checkbox: Add those domains to your organization’s trusted domains list, if you haven't already. For details, go to Allow external sharing with only trusted domains.
Please note that only Allowlisted Domains can utilize Visitor Accounts. Make sure to add the outside domain to your Allowlist, otherwise Visitor accounts will not work.
An alternative to using visitor accounts would be to have the person outside of your domain turn their Non-Google account into a Google account. They can do this by creating a new Gmail account and have them use their own email instead of creating a new account ending with @gmail.com.
Shared Drives
Shared Drives are a way of sharing files within your Google Workspace tenant which allows the tenant itself to own the files/folders instead of individuals. This is crucial when it comes to business critical files. In the event that a user has to be off-boarded unless you transfer their files to a different user before deletion their files will be lost. You do have a 25 day period to restore a user before everything is permanently deleted, however, you can avoid that hassle simply by utilizing Shared Drives.
You can assign Shared Drives to an entire OU or a Google Group. You can also either allow your users to create their own Shared Drives, or limit Shared Drive creation if you would prefer to administer yourself. Administrating Shared Drives yourself can mean better maintenance of naming conventions, but, if you're in a rather large organization, can be time consuming.
Documenting Transfers can also be initiated in the Admin Panel as well. You can find the Document Transfer feature by going to:
Apps> Google Workspace> Drive and Docs> Transfer Ownership
If you need to restore files for a user this can be initiated from the user profile in the Admin Panel. As mentioned before, you can recover files up to 25 days after it was deleted out of their Trash bin. The same can be done for Shared Drives. Shared Drives can be restored up to 25 days prior and all deleted files will be restored. You can find this feature by going to:
Apps> Google Workspace> Drive and Docs> Manage Shared Drives> Select Shared Drive> Click More> Restore
Offline File Access
Offline Files Access of Google Drive can be facilitated in 2 ways. Utilizing the Google Docs Offline Extension for Google Chrome or Microsoft Edge, or utilizing Drive for Desktop application for Windows or MacOS. NOTE there is no Linux version of Drive for Desktop at this time.
You will need to turn on the Offline File Access feature within the Google Admin Panel. You can locate this feature by going to:
Apps> Google Workspace> Drive and Docs> Features and Applications> Offline
The same goes for Google Drive for Desktop. To configure Drive for Desktop settings for your tenant go to:
Apps> Google Workspace> Drive and Docs> Google Drive for Desktop
This concludes part 2 of Managing Google Workspace. I hope these notes have helped you understand how and why it may be important to configure features of Core Google Workspace Applications. If you have any questions or notice an error please leave me comment.
Until next time!