GAT supports a separate audit for Groups. The purpose of this audit is two-fold. It will report on the ownership, membership and access rights for each group, along with details like aliases, managers etc. It can also be used to detect and report new or changed groups. These are important security features.
An admin can easily have an overview of all groups based on the members.
You can select on each individual field and it will be redirected to the tab where result was gathered from. You can search and filter by a range of criteria
You can manage the groups directly from within GAT+ just export, edit and import.
You can also see every detail regarding the group right away. Just select the ‘eye’ icon and it will display all the details. Group details, list of members and events related to the group.
An admin can also perform other actions on the group selected, like show members, copy or delete the group.
You can also view the group members and last event by member of the group.
Events tab will display actions occurred to a group like by which user to what group and the event happened.
Last Used will display last actions performed into a group, based on last used in File, Email and Calendar.
One of the nice things about the General Audit Tool is that you can build detailed and complex searches. These searches can then be saved for use as audits, policy checks, or simply to be used again to save time.
In the screenshots below, we will be building a search for all documents owned by members of the group ‘sales’, however, we want to exclude the member of the group called ‘Robert’.
To achieve this we can go to Drive audit, in the Files tab and just apply the custom filter.
We select the Type of the search to be for User / Group / OU Search, we select the name of the group and the files owned by them, then we exclude documents where the owner is ‘Robert’, then simply select ‘Apply & Save’.
This will save this search for future references and we can apply this search again and edit.
We can simply export the data into a spreadsheet.
We can also create and schedule a report that can be run on a weekly or daily basis.
https://generalaudittool.com/wp-content/uploads/2017/10/1772-1.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-13 16:00:062019-03-13 17:01:11How to Save Your GAT Searches for Later Use
You can restore files for one user at a time on each user’s page.
You can select a date range to restore files from up to 25 days ago.
If a user provides others with access to any Drive item, when you restore that item, the access is not restored. The user can re-enable access as needed.
Unfortunately, the restoration tool is a little broad, allowing you only to select a date range for each user.
GAT can help you locate the files you need, identify if they were there in the first place and not just a share and allow you to greatly narrow the date range you might need to look at.
The metadata for Deleted files can be found by simple search in GAT+ (see below)
From the day you installed GAT, it is tracking not only the files in ‘Trash’ but also all files removed from ‘Trash’. Files removed from trash were up until now, permanently deleted, however, GAT always kept their metadata records for you to search.
When you click “Show stats for current filter” files are shown as 0, mind you the ‘0’ file count is only ‘0’ because by default the search is always on for ‘Docs not deleted’, which means in this positive search ‘files deleted’ is always zero.
Looking at all files deleted helps you identify who actually owned the missing files, something that is not always apparent to users of Google Drive. Last Updated date helps you identify the date they were deleted.
https://generalaudittool.com/wp-content/uploads/2017/10/OAYTJO0.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-08 03:24:252019-03-08 16:47:16How to Restore Deleted Files
Cut and paste into the ‘Gmail Search’ tab of Email audit. You may add or subtract from the list as appropriate, to a max of 1024 characters. Should you need a longer search string, use 2 searches.
‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV’ OR ‘CID’
You will notice the string above is starting inside a bracket. This is because the full string set of strings can also be enclosed in brackets as follows:
(‘Amex’ OR “American Express” OR ‘Mastercard’ OR ‘Visa’ OR ‘Discover’ OR “Diner’s Club” OR “Diners Club” OR ‘JCB’ OR ‘CCV2’ OR ‘CID’)
Allow some time for the search to finish, in particular for larger domains. Searches may be confined to users, groups or OU’s to improve on-screen interaction, domain-wide (and all another type) searches may be run as scheduled jobs.
In our case, we search for the whole domain and its sub-OU.
When the scan is finished click on the green button in actions to examine the returned results
This search ‘context’ remains in force for all subsequent filter operations. It can be further refined with any of the many other filters available.
Full-text search in the General Audit Tool happens without email extraction. This means your data never leaves your domain, the search is passed in for Google to complete. Only the metadata of emails with potential hits are passed back out. This is by far the most secure method of third-party testing for PCI compliance and means credit card details or other confidential information is not passed out to the third party and thus avoids lengthening the chain of vulnerability.
This method is also suitable for abusive language, bullying language or any other context searches.
https://generalaudittool.com/wp-content/uploads/2017/10/2755.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-07 01:27:332019-03-07 17:32:44Conduct Payment Card Industry Data Security Standard (PCI DSS) Compliance Testing
Using the G Suite Admin Console or Google Vault it’s a difficult task for a super admin to find all of the emails sent or received by the entire organization or sub-group of users in a clear and readable way. That’s why the Email auditing in GAT+ is so important. For any filter you create, you can see who was involved with sending or receiving of those emails.
From the GAT+ side-menu go to the email audit section.
While in the first tab.
Click on the ‘Apply custom filters’ button.
Add the dates to capture the previous 24 hour period.
In the search definition area, the following search parameters were applied.
Sent dateafter or equal MM/DD/YYYY HH:MM
Received datebefore or equal MM/DD/YYYY HH:MM
Once you have selected the look-back period, apply the filter. In the above example, we looked back one day, you can have your custom look back cover a date range you need to audit.
Now when the filter is applied, click on the ‘Sender/Receiver’ tab, the filter will be carried over to this area!
The first table will show you the number of emails sent from your domain’s users.
The second table shows the number of emails each local user received (including, cc’s and bcc’s).
The third table shows you all of the external senders and the number of emails they sent in the last 24 hours.
The fourth and last table will show you the external receivers and how many emails they received in the last 24 hours.
You can export each table to see further details.
https://generalaudittool.com/wp-content/uploads/2017/10/252.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-06 03:00:212019-03-06 10:24:06How to Find the Number of Emails Each User Sent and Received in a 24 Hour Period
Auditing for all Org Units(Only affects domains with GAT in a sub-OU)
In the beginning, Google recommended that to restrict app use to a select few, you should create an OU for those chosen to run the app and then make the app available only to those in that OU. General Audit Tool followed this procedure and this was our recommended method of restricting GAT access. With the arrival of OAuth2, applications in sub-OU’s only have authority for some audit features over the users in that sub-OU. This is impacting GAT’s ability to report domain-wide. To solve this problem we recommend you set the following.
For GAT+ to work properly and allow the Admin to Audit their domain. We recommend GAT to be installed domain-wide, and full access to be granted.
This will enable auditing of all users on the domain for details like Google+, Drive, Email etc. The access to the tool can be restricted by following the steps below.
On the GAT homepage (Old UI) select ‘Configure GAT’ option
Then at the bottom of this configuration tick the box under ‘Restrict GAT users’ and ‘Save’.
GAT will now only be available to Super Admins, security officers and delegated auditors. If you had GAT in a sub-OU, then in Google Admin panel you should move GAT from the sub-OU (‘/auditors’ for example) to the root OU (i.e. ‘/’). See here for more details.
See here to learn about Delegated Audits to auditors who are not Admin staff.
https://generalaudittool.com/wp-content/uploads/2017/09/O6XM490-1.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-06 02:00:252019-03-06 10:59:40How to Restrict the Audit Tool Use to a Select Few
When GAT+ is installed, our system begins to index all of the emails in every account covering a period of 28 days (4 weeks) prior to the install date. This helps us build up some statistics so you can view recent trends. We then index every email going forward indefinitely.
In cases where you need to search for emails older than 28 days from the date of GAT+ install you can use the real-time search called Gmail Search in GAT+.
Search the entirety of any users mailbox for any set of emails, from any time period, as long as the email is still there (not permanently deleted by the user).
You can exclude “chats” if you use “in:anywhere -in:chats” if you wish to narrow down the search to a specific period use the following search operators after:YYYY/MM/DD and/or before:YYYY/MM/DD. Alternatively, you can use older_than:5d or newer_than:30d.
So the full search term might look like this “in:anywhere -in:chats after:2019/03/01 before:2019/03/31 is:read”. View the full list of search operators available.
The search may take quite some time especially if you’re dealing with thousands of emails.
When the Start Search button is pressed, this will redirect you to the Recent tab. In this tab, you will see the status of all your email searches.
After the search completes, you can select the green check mark and all emails for this user will be displayed.
Once the results are shown, you can add and build new filters on the top of the current search. To find specific emails or examine the totality of that user’s activity.
To add additional filters on top of this real-time search, click on the Apply custom filter button.
One example of using the Apply custom filters in Gmail Search is to narrow down the above search to find only emails with more than 2 email attachments.
You can always return to Gmail Searches you had previously done and remove them from the listing.
In conclusion, Gmail Search provides a powerful alternative to scan based searches but may be slower as the email metadata is not already indexed. If your email audit does not require up to the minute information I would recommend sticking with scan based searches within the Emails tab.
https://generalaudittool.com/wp-content/uploads/2017/09/OCIGSW0.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-06 01:50:202019-03-11 10:24:03How to Find All Emails for a Gmail User
With the GAT+ you can audit and set policies for additional apps running in your Google Apps environment. These third-party G Suite apps are given permission to access user data via API access which users enable once installing those apps.
GAT+ provides two different audit areas to analyze this information.
In User audit, Application Tab.
In the Side Menu of GAT+ select the ‘Users’ audit and then the Applications Tab
You can then search for any user, group or OU to focus on a subset of users. This will list by email and name showing the number of apps each user has granted API access to. You can click on the Apps column heading to sort by the number of apps installed for each user. Clicking on the number in this column takes you directly through to the Applications audit section to view further details.
For more of an in-depth look of 3rd party apps navigate to Applications audit section.
The Applications tab within the Application audit section will display the name of the apps installed, the scope they’ve been given, scope risk score(where we give a score based on the risk involved) required by the application.
Low – Is where the applications require just the basic access, the medium is where more access is required.
High – Is where full access is required like access to drive content, email content, and directory contacts.
From this page, you can search for apps under a wide range of criteria. For any given app you can set a number of policy conditions, these are for both enforcement and classification.
Apps can be:
You can Ban an application for individual users by entering their email addresses or you can use Google Groups or Organisation Units to cover multiple users at once. A Ban policy will prevent the cloud-based application from gaining access to the API permission it once had. GAT+ will block these privileges from being accessed.
Note: Users can manually enable these permissions again once the app is launched. GAT+ will detect this and disable those permissions once more.
A single app can be both partially banned and partially trusted.
All other apps remain unclassified.
To create a policy for an application, click on the ‘+’ button.
The default policy setting is ‘Ban’. Select which users will be covered by this policy. When the policy is ready click ‘Save’ to have it enforced.
To Remove a policy, click the ‘bin’ at the end of each individually named policy to remove that policy.
https://generalaudittool.com/wp-content/uploads/2017/08/O730000-1.jpg6671000Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-03-04 05:00:002019-03-04 16:57:57Audit and Policy for Google Apps
With GAT+ tool you can analyse what events occurred in a particular folder or MyDrive of a user. Below you can see and follow all the instructions on how this can be achieved.
Go to Drive Audit in GAT+ then we apply a custom filter.
Search for the user in questions – as owner and the root folder:
This will give us the result of the owner and the main root folder.
Once the result is displayed we can go in select to see the content of the folder and its subfolders:
This will open all the subfolders in the user’s myDrive.
Here we can select different subfolder if we want a more specific search rather than a search on all of the contents in a user’s myDrive. To focus on a specific subfolder in a user’s myDrive simply do the same action again, click on the dropdown menu option next to the folder name and select the option ‘Show contents of this folder and its subfolders’.
In this use case, we select MyDrive and its subfolders. Selecting “Events” tab at the top will show us one page with the events occurred to the Folder/File.
To display all the events for the filter, we have to select ‘Apply custom filter’.
Then select ‘Filtered Files Search’, this will display all events when the filter is applied.
To narrow it down to display the Events for the last 2 months for example, we select date and search events after the date.
After this, we will be able to see all events happened to the file/folder.
We can also export the data as a Google Spreadsheet and investigate in further details
https://generalaudittool.com/wp-content/uploads/2018/01/shutterstock_349413722.jpg44036597Dalal Alshohaibhttps://generalaudittool.com/wp-content/uploads/2018/08/optimized-and-compressed-GAT-Logos-Headerpng-47-1.pngDalal Alshohaib2019-02-25 16:33:082019-02-25 16:33:09Audit events occured on a Folder
GAT Unlock is the most sophisticated security management mechanism for Google Apps available today. It works on the principle that access to documents, or change of ownership of documents, without the owner’s knowledge or permission can only be accomplished with the active input of at least two people in the organization. One of these will be the requestor who must be an Administrator, the other a Security Officer (or Verification Officer), who must be identified and verified through a senior executive in the organization.
This is an extra service on top of all GAT versions and for non-education domains comes with a limited cost. All license types must apply for this service if they require it. It does not automatically install nor can it be self configured.
Because of the sensitivity of documents held in the cloud ‘Unlock’ can not be self enabled and is available ‘on trial’ only by special request.
From introduction the service will be visible to domains and each domain Admin can apply to have it enabled. To avail of this service please email firstname.lastname@example.org with your request. The requesting email must contain the following 4 items.
The contact details of the Google Apps Administrator applying.
The name of the Security Officer(s), her/his position(s), email and phone number.
The contact details (email and phone number) for the person from whom the GAT team must seek confirmation before enabling this feature (See list below for minimum level of organization officer we expect to have to request approval from. Please send us their full contact details also and inform them they may receive contact from us.) This is required to verify the separate identities of both the Administrators and Security Officers.
The PO details for the requested service, see price list below. (Not required for education domains that have purchased GAT.)
There can be many Security Officers, and the service will be available to all Super Admins once enabled.
Administrators and Security Officers should remember the verification process is there to protect you, your domain data and your user’s privacy and rights, while also enabling you to act in the organization’s best interests.
When the ‘GAT Unlock’ service is enabled Administrators can generate access or change requests, but only Security Officers can approve them. An individual can be a member of both lists but cannot approve their own requests. The Security Officer list for all domains is maintained by GeneralAuditTool.com staff. A Security Officer can not generate a change or view request and have it approved by another Security Officer.
Why all this effort? We really respect your data security. We respect your company’s right to be protected. This is the highest security model available within the Google for Work environment.
‘GAT Unlock’ pricing and approval authority needed
From September 1st, 2016, GAT Unlock will be bundled at no extra cost for educational domains who subscribe to GAT+ Email at the educational rate of $0.50 per user per year.
How to use GAT Unlock
File Management – Changing ownership or file access rights
GAT Unlock is tightly integrated with the powerful search and filter options available in GAT+. This means you only have to do things once.
In this example we are going to find all the spreadsheets owned by the group ‘sales’ that are shared externally, then we will remove the external sharing and change the ownership (on all the selected files at once).
TIP: Always narrow the file request with a search first – saves time and makes approval simpler.
Step 1: Click on the ‘Apply custom filter’ button in Drive Audit.
Step 2: Select the following option:
For the filter type select User/Group/OU search, we will enter the ‘Sales’ group in this field ‘Local User/Group’, make sure to enter the full email address.
Click the checkbox option ‘Owned’, this will show all the files owned by ‘Sales’ group. Otherwise, it would show all of the files associated with ‘Sales’ group, were Sales shows up as Owner, Editor or Reader.
In the filter definition area, select the parameter Type equal to Spreadsheets and to add another search parameter click on ‘Add rule’ button and select ‘Sharing Flag’ to ‘Shared Out’. Selecting shared out will only focus on files leaving your domain.
Step 3: Next click on the ‘Toggle Selectable’ button, this will allow you to select files individually or all of them at the same time.
Note: You can not perform actions on a ‘Suspended’ account.
Step 4: Click on the button ‘File operation’ and then select the ‘File Management’ option.
Step 5: In this example, we are removing external access to the spreadsheets and making the manager the owner of all the files.
When you click on the ‘Send request’ button, an email is going to be sent to your security officer.
If the security officer approves your actions, they will be executed and you will be notified.
If permission is not granted by the security officer, you will also be notified and no actions will be taken.
Access Permissions Granted – How to silently copy or view files
We are going to use a powerful search feature inside of GAT+ Drive audit to identify the contents of documents we’re going to investigate. This feature is called the ‘File content text search’. It allows admins/delegated auditor to use a word or sentence to search through all of the files across the domain and to return documents which contain them.
Step 1: Click on the ‘Apply custom filter’ button.
Step 2: Enter the word or sentence to return files which contain them. Select the user’s account you want to search through you can leave this field blank to search your entire domain’s Drive or enter a user, Google Group or Org Unit to search through them only.
You can also use multiple rules in the definition section of the Apply custom filter. I used the Updated search parameter. Once you click on Apply button the search will begin.
It will take a few minutes depending on how many files you have across your domain.
Step 3: Select the files you are interested in, remember that these files contain the sentence “private and confidential”.
Step 4: Click on the ‘Files operation’ button and then select ‘Access permissions granted’.
Step 5: Next we will select a date in the future, we will have access to these files until this date. You have an option to write to your security officer explaining why you need access to these files.
Send the request to the Security Officer(s) for approval.
The following email will be sent to the Security Officer.
The Security Officer can click on the link in the email and will be taken to the approval area(Grant) in GAT+.
When the Security Officer grants access an email will be sent to the requesting Administrator/delegated auditor informing them. The Administrator from the ‘Access permission granted’ menu can see the full list of their access requests along with the time left for each request to remain valid.
Once the request is selected, the requestor can download documents or view the contents silently without the owners’ awareness.
Pre-approved Access for Admins to all Files for a range of Users
If your Super admins wish not to get Security Officer approval every time they want to make file permission changes or to view file contents, a security officer can give them pre-approval.
In the Security Officer section on the GAT+ sidebar menu, select ‘Pre-approved Access’ and then click on ‘+’ button to add a new pre-approved admin.
Once clicked a new ‘pop-up’ screen will appear.
Here the security officer can add the email address of the Super Admin, the OU over which they will have access, they can select a full OU tree and set approval access until a certain future date. In the above screenshot, I gave Anna (super admin) access to the entire organisation because I selected / and I covered the Sub-Org Units as well.
Multiple different grants can be given by the security officer, including several to the same Super Admin, each covering different scopes.
Changing Ownership of an entire folder tree
Another feature of ‘Unlock’ is that it enables an often requested task of moving an entire folder tree, root folder and sub-folders, from one or many owners to a new owner.
This task is completed with the File Management tab. Use the drop-down menu button next to the folder name to see the options. Click on ‘Apply permission change to this folder (recursive)’. When the File Management option menu appears enter the new owner’s email address. And make sure to remove the previous owner as editor.
Note: When changing ownership with GAT Unlock the previous owner is added automatically as an editor to the files he owned prior to your changes. Make sure to enter the previous owner into the field ‘Remove following users as Editors’ if you don’t want them to have that privilege by default before sending the request to your Security Officer.
This is an ideal feature for consolidating a shared folder structure, or handling leaving staff or students.
Delegating Access to an email account
GAT+ allows Admins to delegate access for a User account to another User for a certain period of hours. This may be for business purposes but it is also facilitates the fast search and viewing of all the account emails via another user’s browser.
BEFORE USING: Please ensure email delegation is allowed for users in your domain. Go to the G Suite Admin Console and under Apps > G Suite Apps > Settings for Gmail check if the email delegation box is allowed for your domain.
Launch the GAT+ tool, enter the User Audit section and click on the Email Info Tab.
In the Email Info Tab, select any user and click on the Actions button to add an email delegate to their account.
You have the ability to remove existing mail delegation which are already in place as well.
Here the Admin can select the account they wish to gain access to, then select the account they want to give this access to and finally select the number of hours they would like delegated access to be granted for. Once the request is sent, the Security Officer will still have to approve before the delegation is created.
Once granted the delegated account appears in the accounts drop down list when the profile picture is selected in Gmail.
The delegation will automatically be revoked after the requested time period.
Note: If during the period of delegation, the account under audit, logs into their Google account and goes to their email settings, then under ‘Accounts’ the account owner will see that the Admin has granted delegated access to the account.
In addition if the delegated user reads any unopened email in the audit account, this email will be marked as ‘read’.
Deleting Spam, Inappropriate or Accidental Emails
There are multiple reasons to have the ability to identify and remove emails which have been received by all or any of your domain users. Here are some unwanted scenarios:
An email is sent to the wrong user or group
An email contains inappropriate content
An email that contains sensitive information
An email which has gone pass spam filtering or is a phishing email.
GAT+ allows Admins to delete these emails from all accounts at once.
We recommend using ‘Gmail Search’ for tracking down these emails. It is a ‘real time’ search that is highly configurable (see ‘search tips’ link beside the search box). In the screenshot above we use the example search parameters
“SEO proposal” in:anywhere newer_than:180d”
This tells GAT+ to search in all folders, for all users and look for emails that contain the words “SEO proposal” which are also newer than 180 days. When the results come back, click on ‘Apply’.
Next, select the ‘Toggle Selectable’ button and select the emails you wish to view/download/delete.
Once the emails are selected, click on the ‘Access permissions granted’ button and send a request to your SO (security officer). Your SO will have to approve your request.
Before sending the request if you intend to delete the emails rather than just view or download them then check the ‘Request permission to remove’ box.
After doing that hit ‘send request’ and wait for approval to be returned from the Security Officer.
Once you have received an approval email, remember to refresh the list within the ‘Access permissions granted’ and click on the ‘Activate grant’ to display just your selected emails.
You can then delete one or all of the emails using the drop-down option in the Emails Operation button.
By default, you can send the emails to user’s trash folder on their Gmail but if you wish to permanently delete these emails then select ‘Delete permanently’.
In future when you search for these emails they will still be listed in our database but they will have a bin icon next to the subjects.
Pre-approved Access for Super Admins to all Emails
To enable pre-approval for Super Admins navigate to the Configuration section of GAT+ and enter the security officer area.
Once there click on the Pre-approved Tab and click on the plus icon “Add new pre-approved access”.
Your security officer will have to select you (super admin) to have pre-approval over users across your domain.
This is ideal for situations where Admins do not need to get constant approval to view/download or remove emails. An example would be in an education domain where the Super Admin would have full open access (view/download or remove emails) for all Student OU’s but would still have to get selective approval from the security officer to access an in the Staff or HR OU.
For a single OU level add a value like /Staff (Note, this will not grant access to the OU /Staff/IT unless “Sub Org. Units equals Yes!).
In the above screenshot I put Anna (Super Admin) to have pre-approved access to the entire domain by select / for the Org Unit and I made sure to cover all Sub-Org Units. / means the root User Org. Unit. She has access to remove and add email delegations as well because I enabled the last two option which are “Can remove?” and “Can add email delegation”.
The Admin should now see something like this when they click on ‘Access permissions granted’ in Email audit.
Every time admins enter the Email audit area they need to apply the Granted pre-approval privilege then carry out the search for the email(s) in question and next to each email there will be an action column visible.
Bulk Download or View Email Contents
The global live email search is under the ‘Gmail Search’ tab within email audit.
Here you can search for all the emails sent to or from a particular user on your domain. (You can also search for emails associated with groups or OUs of users.) The search can also take many flags, for example you could search for email sent to a particular user that was ‘Unread’, click on ‘Search tips’ to open a new page with all the flags you can use.
Because the entire domain is searched, it may take some time unless you narrow down the scope in which case I’m doing in the above screenshot. I narrowed down the search to a specific Google Group. The above example will look for all emails older than 1 day and that have been opened.
When the search is finished you can click on ‘Apply’ to see the table of the results.
When the results appear select some or all emails in the result table by using the ‘Toggle Selectable’ button then click on the Email Operation drop-down menu and click on ‘Access permissions granted’.
Click on ‘New Request’ to send this search to a Security Officer for their approval to allow you to read or download copies of these messages. Decide for how long you want to have access to these emails and enter a custom message to your Security Officer with your request.
The Security Officer will receive an email detailing the the access request being made. They can click on the link in the email to approve.
Once approved the Super Admin will receive an email in return notifying them of the SO decision.
It will look like this.
Once you receive this email, refresh the Current request list to see access grants that have been changed from pending to granted. These requests will now have a check mark beside them. Click on ‘Activate Grant’.
Each email can be read or downloaded individually by clicking on the Action button beside them.
To download all the emails select the ‘Toggle Selectable’ button and click on the top checkbox which will select every email within the result table. Right next to the ‘Toggle Selectable’ button click on ‘Email Operations’ drop-down menu and click on Download e-mails.
Downloading individual emails will occur almost instantaneously. Downloading all the emails takes some time. We have to retrieve the emails and add them to a zip as PDFs. Allow about 10 minutes for every 100mb of emails. To make it efficient we will create the download zip file on one of our servers and will create a link for you to bring down the zip to your own PC or server.
A password is generated and sent to your email address, use this password to be able to view the contents in the zip file because all of the PDFs will be password protected.
If the download is big, you can complete other audit tasks or grab a coffee. When you return to GAT+ go to the Admin Log in the Configuration section.
Non-Super Admin Auditors
This feature is ideal where Super Admins want to delegate the audit function to local managers or regional security personnel. GAT+ allows anyone to audit any range of users based on the model of Google Groups, Google Classrooms, and Org Units. It does not require passing on Google Admin authority. Selected auditors can have audit rights over individual users, Google Groups or Org Units. This allows you to have multiple auditors for a specified scope.
Auditors will have access to the auditing areas of GAT+ but will not have access to the Configuration sections.