What’s changing
We’re introducing a characteristic that will let admins to restrict which URLs Apps Scripts and Sheets tin root outer contented from. More specifically, admins tin now show which URLs are being accessed by referencing caller logs that we’re adding to the audit and investigation page. Admins tin past create an allowlist that controls which of those URLs they’d for illustration to enable/disable.
When specified an allowlist is specified, users successful nan statement will only beryllium capable to usage those allowlisted URLs for some their Apps Scripts and their Sheets IMPORT functions. This allows organizations to much granularly power entree successful a measurement that amended aligns pinch a Zero Trust information posture.
Who’s impacted
Admins and extremity users
Why it’s important
Data exfiltration is an important information interest for admins, particularly erstwhile it comes to Apps Scripts and Sheets because definite functions are tin of accessing outer data. With this update, admins person much granular power complete URLs accessed by users successful their organization.
Getting started
- Admins:
- Logs tin beryllium recovered under Reporting > Audit and investigation > Drive Log Events OR Security > Security Center > Investigation Tool.
- The URL allowlists tin beryllium recovered successful nan Admin console nether Apps > Google Workspace > Drive and Docs > Features and Applications > Importing and fetching from URLs.
- If an allowlist is not established, nary URLs will beryllium restricted.
- Visit nan Help Center to study much astir Drive log events.
- End users: There is nary extremity personification mounting for this feature.
Rollout pace
- Rapid Release and Scheduled Release domains: Gradual rollout (up to 15 days for characteristic visibility) starting connected July 31, 2024
Availability
- Available to each Google Workspace customers
Resources
- Google Workspace Admin Help: Drive log events