Category: <span>Uncategorized</span>

Category: Uncategorized

Uncategorized

Improving your security with shorter Session Length defaults

What’s changing 

To further improve security for our customers, we are changing the default session length to 16 hours for existing Google Cloud customers. Note that this update refers to managing user connections to Google Cloud services (e.g. Google Cloud console), not connections to Google services (e.g. Gmail on the web). 
For existing customers who have session length configured to Never Expire, we are updating the session length to 16 hours. See below for more information. 

Who’s impacted 

Admins, end users, and developers 

Why you’d use it 

Many apps and services can access sensitive data or perform sensitive actions. Because of this, managing session length is foundational to cloud security and compliance. It ensures that access to the Google Cloud Platform is finite after a successful authentication, which helps deter bad actors should they gain access to credentials or devices.

Additional details 

Google Cloud session controls 
For existing customers who have session length configured to Never Expire, we are updating the session length to 16 hours. This ensures customers do not mistakenly grant infinite session length to users or apps using Oauth user scopes. After the session expires, users will need to re-enter their login credentials to continue their access. This impacts the following: 
Settings can be customized for specific organizations, and will impact all users within that org. This is a timed session length that expires the session regardless of the user's activity. When choosing a session length, admins have the following options:
  • Choose from a range of predefined session lengths, or set a custom session length between 1 and 24 hours. 
  • Configure whether users need just a password, or require a Security Key to re-authenticate.
Third-party SAML identity providers and session length controls 
If your organization uses a third-party SAML-based identity provider (IdP), the cloud sessions will expire, but the user may be transparently re-authenticated (i.e. without actually being asked to present their credentials) if their session with the IdP is valid at that time. This is working as intended, as Google will redirect the user to the IdP and accept a valid assertion from the IdP. To ensure that users are required to re-authenticate at the correct frequency, evaluate the configuration options on your IdP and review the Help Center article to Set up SSO via a third party Identity provider.
Trusted applications
Some apps are not designed to gracefully handle the re-authentication scenario, which can cause confusing app behavior. Other apps are deployed for server-to-server purposes via user credentials — because they don’t require service account credentials, they are not prompted to periodically re-authenticate.
If you have specific apps like this, and you do not want them to be impacted by session length reauthentication, the org admin can add these apps to the trusted list for your organization. This will exempt the app from session length constraints, while implementing session controls for the rest of the apps and users within the organization.

Getting started

  • Admins: For customers who have their session length set to "Never Expire", your session length will reset to 16 hours. It can be turned off or modified at the OU level. Visit the Help Center article to learn how to set session length for Google Cloud services for your organization.  
  • End users: If a session ends, users will simply need to log in to their account again using the familiar Google login flow. 

Rollout pace

Availability

  • Available to all Google Workspace and Cloud Identity customers, as well as legacy G Suite Basic and Business customers
Uncategorized

Public preview: Illumio for Azure Firewall

Illumio for Azure Firewall enables organizations to understand application traffic and dependencies and apply consistent protection across environments – limiting exposure, containing breaches, and improving efficiency.

Uncategorized

Provide custom Google Meet background images for your users

What’s changing 

We’ve heard from our users that having backgrounds that match your brand guidelines are important for visual polish during critical meetings. Now, admins can now provide a set of images for the background replace feature in Google Meet. This will enable users to easily select an image that properly represents their company's specific brand and style. 

Getting started 

Rollout pace 

Availability

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 
Note: Use this Help Center article to learn more about how to properly set image access so your users can use your custom backgrounds. 

Resources

Uncategorized

External label for Google Meet participants

What’s changing 

“External” labels will be available in Google Meet. Users will see a label in the top-left corner of their meeting screen indicating that participants who are external to the meeting host’s domain have joined the meeting. In the people panel, external participants will be denoted with the same icon. 

Getting started 

  • Admins: External labels will be on by default and can be configured in the Admin console at Apps > Google Workspace > Google Meet > Google Meet Safety Settings. Visit the Help Center to learn more about managing Meet settings for your users
  • End users: No end user action is required — you’ll see warning labels for external participants when configured by your admin. 

Rollout pace 

Availability 

  • Available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, Frontline, and Nonprofits customers 
  • Not available to users with personal Google Accounts 

 Resources

Uncategorized

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

March 24, 2023 update: Impact Assessment has been updated to a link to Guidance for investigating attacks using CVE-2023-23397 – Microsoft Security Blog.
March 23, 2023 update: See Releases for Microsoft Products below for clarification on product changes and defense in depth update availability.
Summary Summary Microsoft Threat Intelligence discovered limited, targeted abuse of a vulnerability in Microsoft Outlook for Windows that allows for new technology LAN manager (NTLM) credential theft to an untrusted network, such as the Internet.

Uncategorized

Introducing new Space Manager capabilities in Google Chat

What’s changing

Last year, we announced several improvements to spaces in Google Chat to help you better organize people, topics, and projects, which included introducing the space manager role. Currently, managers can: 
  • Remove and add participants
  • Assign or remove the space manager
  • Delete a space
  • Delete messages
  • Edit the space description
  • Update space access from restricted to discoverable or vice versa
Starting today, space managers will now have additional capabilities to ensure effective conversations take place in spaces: 
  • Space configuration: enables space managers to choose if members can change space details, such as name, icon, description, and guidelines, or turn Chat history on/off for the space. 
  • Member management: allows space managers to decide if members can add or remove members or groups to a space. 
  • Conversation moderation: authorizes space managers to determine whether members can use @all in a space. 

Getting started 

Rollout pace 

Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 
  • Not available to users with personal Google Accounts 

Resources