Selected Google-Workspace-Administrator Workspace Administrator Questions Answers

Access Admin Console: Log into your Google Workspace Admin Console.

Navigate to Reports: Go to the Reports section in the Admin Console.

Token Audit Log: Within the Reports, access the "Token Audit" log. This log provides details on OAuth tokens issued to applications by your users.

Review Applications: Review the list of applications that have been granted access to your Google Workspace data. This will include information about the scopes (types of data) that each application can access.

Compile List: Compile a list of all the applications from the token audit log. Include details about the data they have access to and the number of users using each application.

Export Data: You can export this data to a spreadsheet for further analysis and reporting to your chief compliance officer.

References

Google Support: Token audit log

To ensure that inbound messages from the third-party filtering product are not seen as a spam attack, you should list the IP addresses of the product as an Inbound Gateway. This configuration tells Gmail that the emails coming from these IP addresses are trusted and should not be flagged as spam due to the volume of mail being received.

References:

Google Workspace Admin Help - Configure an inbound mail gateway

Google Workspace Admin Help - Prevent email spoofing and spam using the Inbound Gateway setting

Access the Admin Console:

Log in to the Google Workspace Admin console at https://admin.google.com/ .

Configure Email Routing:

Navigate to "Apps" > "Google Workspace" > "Gmail" > "Default routing".

Set Up Split Delivery:

Create a new default routing rule.

Under "Add setting," click on "Routing."

In the "Add setting" box, under "Inbound," select "Configure" next to "Routing."

Under "Add setting," name your routing policy.

In the "Email messages to affect" section, specify the conditions for the rule (e.g., recipients in the new-company.com domain).

Route to On-Premises Server:

In the "Route" section, select "Modify message" > "Add more recipients."

Enter the on-premises email server information (e.g., SMTP relay server) to forward emails to the on-premises server.

Save the rule and ensure it is active.

Test the Configuration:

Send test emails to ensure that emails are correctly routed to the on-premises server as per the split delivery setup.

Monitor the email flow and make adjustments if necessary to ensure smooth operation during the peak season.

References

Google Workspace Admin Help: Set up routing for your domain or organization

Google Workspace Admin Help: Configure routing for mail in Google Workspace

To prevent external, inbound messages from known senders from being incorrectly classified as spam, add the sender's domain to an allowlist in the Admin console.

Access Gmail Settings in Admin Console:

Go to the Google Admin console.

Navigate to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware.

Add Approved Senders:

In the Spam settings, find the section for “Email whitelist” or “Approved senders”.

Click on “Configure” to add a new entry.

Specify the Sender’s Domain:

Enter the domain of the external sender that needs to be allowed.

Save the changes to update the whitelist.

Verify and Monitor:

Ensure that the settings are applied and monitor the spam filter to confirm that the known sender’s emails are no longer being flagged as spam.

By adding the sender’s domain to an allowlist, you instruct the spam filter to accept emails from this domain, reducing false positives.

References:

Prevent mail from being marked as spam

Approved sender list in Gmail