Admin log event changes

    Google Workspace is updating the schema and event modeling for several log events. The improvements aim to make the logs more understandable, detailed, and precise.

    If you're using any legacy events, some of the updates might require changes to your existing queries, alerts, and reports. Both the new and old events will continue to be available for you to make the necessary changes.

    What’s changing?

    We’re introducing changes to Admin log events  that make them more comprehensible, granular, and accurate. These changes include modifications to some event names, event types, and log event frequency for the following Admin console settings: 

    Changes to Admin log events

    Expand all   |   Collapse all & go to top

    Admin console setting

    		 Security & Audit and investigation tool Reports API & Google SecOps BigQuery Export
    Account settings > Preferences > New features

    Toggle New App Featuresevent name is renamed to Toggle New App Features Preference.

    Value for New Valuechanges from Trueor Falseto Rapid releaseor Scheduled release.

    Descriptionvalue changes from New app features for your organization changed to value to The account setting of "New Features" was changed from value1 to value2 .

    The Old Valueattribute is introduced. Its values are Rapid releaseand Scheduled release.

    The New Featuresvalue is added to the Setting Categoryattribute.

    events[].name
    ADMIN_EVENTS_ TOGGLE_NEW_APP_
    FEATURES is renamed to ADMIN_EVENTS_
    TOGGLE_NEW_APP_
    FEATURES_
    PREFERENCE

    events[].parameters
    [].name=:new_value
    Values change from Trueor Falseto Rapid releaseor Scheduled release.

    events[].parameters
    [].name=:old_value
    This is a new parameter with the values Rapid releaseand Scheduled release.

    event_name
    ADMIN_EVENTS_
    TOGGLE_NEW_APP_
    FEATURES is renamed to ADMIN_EVENTS_
    TOGGLE_NEW_APP_
    FEATURES_
    PREFERENCE

    admin.new_value Values change from Trueor Falseto Rapid releaseor Scheduled release.

    admin.old_value
    This is a new parameter with the values Rapid releaseand Scheduled release.
    Security > Access and data control > Google Cloud session control > Reauthentication policy

    New Valueand Old Valueattributes for Session Control Settings Changerecords values for reauthentication frequency, idle session timeout, and reauthentication method in separate log events. Previously, all 3 settings were recorded in one log event.

    If any of the settings are unchanged, no log event is recorded for that setting.

    events[].name=
    SESSION_CONTROL_
    SETTINGS_CHANGE
    REAUTH_SETTING_
    OLD and REAUTH_SETTING_
    NEW record values for reauthentication frequency, idle session timeout, and reauthentication method in separate log events. Previously, all 3 settings were recorded in one log event.

    If any of the settings are unchanged, no log event is recorded for that setting.

    event_name
    SESSION_CONTROL_
    SETTINGS_CHANGE
    admin.reauth_ setting_old and
    Admin.reauth_ setting_new record values for reauthentication frequency, idle session timeout, and reauthentication method in separate log events. Previously, all 3 settings were recorded in one log event.

    If any of the settings are unchanged, no log event is recorded for that setting.
    App access control
    Reports API &  SecOps  events[].name
    & BigQuery Export
    event_name     		Security & Audit and
    investigation tool event name    		 New  events[].name event_name New Security & Audit and investigation tool event name
    DISALLOW_SERVICE_FOR_
    OAUTH2_ACCESS
    		 API Access Blocked CHANGE_API_ACCESS API Access Changed
    ALLOW_SERVICE_FOR_
    OAUTH2_ACCESS
    		 API Access Allowed CHANGE_API_ACCESS API Access Changed
    ADD_TO_BLOCKED_OAUTH2
    _APPS
    		 App Added to Blocked List CHANGE_APP_ACCESS App Configuration Changed
    ADD_TO_LIMITED_OAUTH2
    _APPS
    		 App Added to Limited List CHANGE_APP_ACCESS App Configuration Changed
    ADD_TO_TRUSTED_OAUTH2
    _APPS
    		 App Added to Trusted Allowlist CHANGE_APP_ACCESS App Configuration Changed
    ADD_TO_TRUSTED_BY_
    OAUTH_SCOPE_OAUTH2_
    APPS
    		 App added to Trusted by OAuth Scope list CHANGE_APP_ACCESS App Configuration Changed
    ADD_TO_CAA_EXEMPT
    _OAUTH2_APPS
    		 App allowlisted for exemption from API access blocks CHANGE_APP_ACCESS App Configuration Changed
    REMOVE_FROM_TRUSTED
    _OAUTH2_APPS
    		 App Removed from Trusted Allowlist CHANGE_APP_ACCESS App Configuration Changed
    REMOVE_FROM_CAA_
    EXEMPT_OAUTH2_APPS
    		 App no longer allowlisted for exemption from API access blocks CHANGE_APP_ACCESS App Configuration Changed
    REMOVE_FROM_BLOCKED
    _OAUTH2_APPS
    		 App Removed from Blocked List CHANGE_APP_ACCESS App Configuration Changed
    REMOVE_FROM_LIMITED
    _OAUTH2_APPS
    		 App removed from Limited list CHANGE_APP_ACCESS App Configuration Changed
    REMOVE_FROM_TRUSTED
    _BY_OAUTH_SCOPE_
    OAUTH2_APPS
    		 App removed from Trusted by OAuth Scope list CHANGE_APP_ACCESS App Configuration Changed
    BLOCK_ALL_THIRD_PARTY
    _API_ACCESS
    		 All third party API access blocked CHANGE_
    UNCONFIGURED_APPS
    _ACCESS    		 Unconfigured Apps Access Changed
    UNBLOCK_ALL_THIRD_
    PARTY_API_ACCESS
    		 All third party API access unblocked CHANGE_
    UNCONFIGURED_APPS
    _ACCESS    		 Unconfigured Apps Access Changed
    SIGN_IN_ONLY_THIRD_
    PARTY_API_ACCESS
    		 Allow Google Sign-in only third party API access CHANGE_
    UNCONFIGURED_APPS
    _ACCESS    		 Unconfigured Apps Access Changed
    UNDERAGE_BLOCK_ALL
    _THIRD_PARTY_API_
    ACCESS
    		 All third party API access blocked CHANGE_UNDERAGE
    _UNCONFIGURED_APPS
    _ACCESS    		 Under 18 Unconfigured Apps Access Changed
    UNDERAGE_SIGN_IN_
    ONLY_THIRD_PARTY_
    API_ACCESS
    		 Allow Google Sign-in only third party API access CHANGE_UNDERAGE
    _UNCONFIGURED_APPS
    _ACCESS    		 Under 18 Unconfigured Apps Access Changed
    Google Drive settings with inherited values

    Previously, Google Drive settings that were overridden from an inherited value or reverted to an inherited value used the same log event identifiers, with INHERIT_FROM_PARENT in the old value and new value attributes:

    • Security & Audit and investigation tool:The  Change Drive Settingevent name showed INHERIT_FROM_PARENT in Old valueand New value
    • Reports API & SecOps: events[].type=DOCS_SETTINGS , events[].name=CHANGE_DOCS_SETTING  showed INHERIT_FROM_PARENT in admin.old_value and admin.new_value
    • BigQuery Export: events_type=DOCS_SETTINGS , event_name=CHANGE_DOCS_SETTING showed INHERIT_FROM_PARENT in admin.old_value and admin.new_value
    The updated Admin log events use the following event identifiers instead of INHERIT_FROM_PARENT values:
    Tool Override an inherited value Change an existing value Revert to an inherited value
    Security & Audit and investigation tool Event name: Create
    Application Setting    		 Event name: Change
    Application Setting    		 Event name: Delete
    Application Setting
    Reports API & SecOps Event type: APPLICATION_SETTINGS
    Event name: CREATE_APPLICATION_ SETTING    		 Event type: APPLICATION_SETTINGS
    Event name: CHANGE_APPLICATION_ SETTING    		 Event type: APPLICATION_SETTINGS
    Event name: DELETE_APPLICATION_ SETTING
    BigQuery Export Event type: APPLICATION_SETTINGS
    Event name: CREATE_APPLICATION_ SETTING

    Event type: APPLICATION_SETTINGSEvent name: CHANGE_APPLICATION_ SETTING

    Event type: APPLICATION_SETTINGSEvent name: DELETE_APPLICATION_ SETTING
      Drive settings
      The table below lists updated log event information for the following Admin log event attributes and values:
      • Security & Audit and investigation tool: Setting name, Old value, New value
      • BigQuery Export: admin.setting_name , admin.old_value , admin.new_value
      • Reports API & SecOps: events[].parameters[].name=setting_name , events[].parameters[].name=OLD_VALUE or NEW_VALUE

      Old event

      Updated event

      Setting name 

      Old or new value

      Setting name 

      Old or new value

      SHARING_OUTSIDE_ DOMAIN

      SHARING_NOT_ ALLOWED_BUT_MAY _RECEIVE_FILES

      ExternalSharing external_sharing_mode

      DISALLOWED

      ExternalSharing allow_receiving_external _files

      true

      SHARING_NOT_ ALLOWED

      ExternalSharing external_sharing_mode

      DISALLOWED

      ExternalSharing allow_receiving_external _files

      false

      TRUSTED_DOMAINS_ ALLOWED_WITH_ WARNING_MAY_ RECEIVE _FILES_ FROM_ ANYONE

      ExternalSharing external_sharing_mode

      ALLOWLISTED_ DOMAINS

      ExternalSharing warn_for_sharing_ outside_allowlisted_ domains

      true

      ExternalSharing allow_receiving_files_ outside_allowlisted_ domains changed

      true

      TRUSTED_DOMAINS_ ALLOWED_WITH_ WARNING

      ExternalSharing external_sharing_mode

      ALLOWLISTED_ DOMAINS

      ExternalSharing warn_for _sharing_outside_ allowlisted_domains

      true

      ExternalSharing allow_ receiving_files_outside_ allowlisted_domains changed

      false

      TRUSTED_DOMAINS_ ALLOWED_AND_MAY_ RECEIVE_FILES_FROM _ANYONE

      ExternalSharing external_sharing_mode

      ALLOWLISTED_ DOMAINS

      ExternalSharing warn_ for_sharing_outside_ allowlisted_domains

      false

      ExternalSharing allow_ receiving_files_outside_ allowlisted_domains changed

      true

      TRUSTED_DOMAINS_ ALLOWED

      ExternalSharing external_sharing_mode

      ALLOWLISTED_ DOMAINS

      ExternalSharing warn_for_sharing _outside_allowlisted_ domains

      false

      ExternalSharing allow_receiving_files _outside_allowlisted_ domains changed

      false

      SHARING_ALLOWED_ WITH_WARNING

      ExternalSharing external_sharing_mode

      ALLOWED

      ExternalSharing warn_for_external_ sharing

      true

      SHARING_ALLOWED

      ExternalSharing external_sharing_mode

      ALLOWED

      ExternalSharing warn_for_external_ sharing

      false

      SHARING_INVITES_TO_ NON_GOOGLE_ ACCOUNTS

      NOT_ALLOWED

      ExternalSharing allow_non_google_ invites

      false

      ANONYMOUS_ PREVIEW

      ExternalSharing allow_non_google_ invites

      true

      PUBLISHING_TO_WEB


      NOT_ALLOWED

      ExternalSharing allow_publishing_files

      false

      ALLOWED

      true

      SHARING_ACCESS_ CHECKER_OPTIONS




      NAMED_PARTIES_ ONLY

      ExternalSharing access_checker_ suggestions



      RECIPIENTS_ONLY

      DOMAIN_OR_NAMED _PARTIES

      RECIPIENTS_OR_ AUDIENCE

      ALL

      RECIPIENTS_OR_ AUDIENCE_OR_ PUBLIC

      SHARING_TEAM_DRIVE _CROSS_DOMAIN_ OPTIONS




      CROSS_DOMAIN_ FROM_INTERNAL_OR _EXTERNAL

      ExternalSharing allowed_parties _for_distributing_ content



      ALL_ELIGIBLE_ USERS

      CROSS_DOMAIN_ FROM_INTERNAL_ ONLY

      ELIGIBLE_INTERNAL _USERS

      CROSS_DOMAIN_ MOVES_BLOCKED

      NONE

      DEFAULT_LINK_ SHARING_FOR_NEW _DOCS





      PRIVATE

      GeneralAccessDefault default_file_access





      PRIVATE_TO_OWNER

      PEOPLE_WITH_LINK

      PRIMARY_ AUDIENCE_WITH_ LINK

      PUBLIC

      PRIMARY_ AUDIENCE_WITH_ LINK_OR _SEARCH

      DOCS_OFFLINE_ ENABLED



      false

      DocsOffline enable_docs_offline


      false

      true

      true

      ENABLE_DRIVE_APPS

      false

      DriveSdk enable_drive_sdk_api _access

      false

      true

      true

      Gmail settings

      For allaffected settings in Reports API & SecOps:

      • events[].type EMAIL_SETTINGSis renamed to APPLICATION_SETTINGS
      • events[].parameters[].name= USER_DEFINED_SETTING_NAMEis moved to events[].parameters[].name= SETTING_METADATA.USER_DEFINED_NAME

      For allaffected settings in BigQuery Export:

      • event_type EMAIL_SETTINGSis renamed to APPLICATION_SETTINGS
      • admin.user_defined_setting_nameis moved to  admin.setting_metadata.user_defined_name

      Gmail setting

      		 Security & Audit and
      investigation tool      		 Reports API & SecOps BigQuery Export

      Mail delegation

      Change Email Settingis renamed to Change Application Setting

      ENABLE_SENDER_ ATTRIBUTIONis renamed to MailDelegation sender_attribution_ desired

      events[].name
      CHANGE_EMAIL_SETTING is renamed to CHANGE_APPLICATION
      _SETTING

      events[]. parameters[].name ENABLE_SENDER_ ATTRIBUTION is renamed to MailDelegation sender _attribution_desired

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_SENDER_ ATTRIBUTION is renamed to MailDelegation sender_attribution _desired

      Image URL proxy allowlist

      Change Email Settingis renamed to Change Application Setting

      NUMBER_OF_EMAIL _IMAGE_URL_ WHITELIST _PATTERNSis renamed to MailImage Proxy external _image_bypass_ pattern

      events[].name
      CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION
      _SETTING

      events[]. parameters[].name NUMBER_OF_EMAIL_ IMAGE_URL_WHITELIST _PATTERNS is renamed to MailImageProxy external _image_bypass_pattern

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name NUMBER_OF_EMAIL_ IMAGE_URL_WHITELIST _PATTERNS is renamed to MailImageProxy external_image_ bypass_pattern

      Compliance > Restrict delivery

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      RESTRICT_DELIVERYis renamed to RestrictDelivery rules walled_garden_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name RESTRICT_DELIVERY is renamed to RestrictDelivery rules walled_ garden_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL _SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name RESTRICT_DELIVERY is renamed to RestrictDelivery rules walled_garden_info or RuleState rule_state enabled

      Compliance > Comprehensive mail storage

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      COMPREHENSIVE_ MAIL _STORAGEis renamed to RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name COMPREHENSIVE_ MAIL_STORAGE is renamed to RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name COMPREHENSIVE_MAIL _STORAGE is renamed to RuleState rule_state enabled

      Spam, phishing, and malware > Inbound gateway

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      INBOUND_GATEWAYis renamed to RuleState rule_state enabledor InboundGateway {field}

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name INBOUND_GATEWAY is renamed to RuleState rule_state enabled or Inbound Gateway {field}

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name INBOUND_GATEWAY is renamed to RuleState rule_state enabled or InboundGateway {field}

      Routing > Email forwarding using recipient address map

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      ALIAS_TABLEis renamed to AliasTable rules alias_table_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name ALIAS_TABLE is renamed to AliasTable rules alias_table_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name ALIAS_TABLE is renamed to AliasTable rules alias_table_info or RuleState rule_state enabled

      Compliance > Content compliance

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      CONTENT_ COMPLIANCEis renamed to ContentCompliance rules content _compliance _infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name CONTENT_ COMPLIANCE is renamed to ContentCompliance rules content_ compliance_ info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING


      admin.setting_name
      CONTENT_ COMPLIANCE is renamed to ContentCompliance rules content_compliance _info or RuleState rule_state enabled

      Default Routing > Default Routing

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      DOMAIN_DEFAULTis renamed to DomainDefault rules domain_default_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name DOMAIN_DEFAULT is renamed to DomainDefault rules domain_default_info or RuleState rule_state enabled

      Event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name DOMAIN_DEFAULT is renamed to DomainDefault rules domain_default_info or RuleState rule_state enabled

      Routing > Routing

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      UNIFIED_MAIL_ ROUTINGis renamed to Routing rules routing_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name UNIFIED_MAIL_ ROUTING is renamed to Routing rules routing_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name UNIFIED_MAIL_ ROUTING is renamed to Routing rules routing_info or RuleState rule_state enabled

      Routing > Inbound email journal acceptance in Vault

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      INBOUND_EMAIL_ JOURNAL_ ACCEPTANCEis renamed to RuleState rule_state enabledor ExchangeJournal Ingestion {field}

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name INBOUND_ EMAIL_ JOURNAL_ ACCEPTANCE is renamed to RuleState rule_state enabled or ExchangeJournal Ingestion {field}

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name INBOUND_EMAIL_ JOURNAL _ACCEPTANCE is renamed to RuleState rule_state enabled or ExchangeJournal Ingestion {field}

      Blocked senders

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      BLOCKED_SENDERSis renamed to BlockedSenders rules blocked_senders_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name BLOCKED_SENDERS is renamed to BlockedSenders rules blocked_senders_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name BLOCKED_SENDERS is renamed to BlockedSenders rules blocked_senders_info or RuleState rule_state enabled

      Routing > Third-party email archiving

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      OUTBOUND_EMAIL_ JOURNAL_ GENERATIONis renamed to ExchangeJournal Generation rules exchange_journal_ generation _infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name OUTBOUND_EMAIL_ JOURNAL_ GENERATION is renamed to ExchangeJournal Generation rules exchange_journal _generation_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name OUTBOUND_EMAIL_ JOURNAL_GENERATION is renamed to ExchangeJournal Generation rules exchange_journal_ generation_info or RuleState rule_state enabled

      Routing > Non-Gmail mailbox

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      QUARANTINE_ SUMMARYis renamed to NonGmail Mailbox rules quarantine _summary _infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name QUARANTINE_ SUMMARY is renamed to NonGmailMailbox rules quarantine_summary _info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name QUARANTINE_ SUMMARY is renamed to NonGmailMailbox rules quarantine_summary_ info or RuleState rule_state enabled

      Routing > SMTP relay service

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      OUTBOUND_RELAYis renamed to RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name OUTBOUND_RELAY is renamed to RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name OUTBOUND_RELAY is renamed to RuleState rule_state enabled

      Spam, phishing, and malware > Security sandbox rules

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      SECURITY_SANDBOX_ RULEis renamed to DeepScanning rules deep_scanning_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name SECURITY_ SANDBOX_RULE is renamed to DeepScanning rules deep_scanning_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name SECURITY_SANDBOX_ RULE is renamed to DeepScanning rules deep_scanning_info or RuleState rule_state enabled

      Compliance > Secure transport (TLS) compliance

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      TLS_COMPLIANCEis renamed to TlsCompliance rules tls_compliance_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name TLS_ COMPLIANCE is renamed to TlsCompliance rules tls_compliance_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name TLS_COMPLIANCE is renamed to TlsCompliance rules tls_compliance_info or RuleState rule_state enabled

      Spam, phishing, and malware > Spam

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      SPAM_CONTROLis renamed to SpamOverride rules spam_override_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name SPAM_CONTROL is renamed to SpamOverride rules spam_override_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name SPAM_CONTROL is renamed to SpamOverride rules spam_override_info or RuleState rule_state enabled

      Compliance > Objectable content

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      OBJECTIONABLE_ CONTENTis renamed to Objectionable Content rules objectionable_content _infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name OBJECTIONABLE_ CONTENT is renamed to ObjectionableContent rules objectionable_ content_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name OBJECTIONABLE_ CONTENT is renamed to ObjectionableContent rules objectionable _content_ info or RuleState rule_state enabled

      Routing > Alternate secure route

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      ALTERNATE_SECURE _ROUTEis renamed to AlternateSecureRoute alternate_route_idor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name ALTERNATE_SECURE _ROUTE is renamed to AlternateSecure Route alternate_route_id or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name ALTERNATE_SECURE_ ROUTE is renamed to AlternateSecureRoute alternate_route_id or RuleState rule_state enabled

      Compliance > Attachment compliance

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      ATTACHMENT_ COMPLIANCEis renamed to Attachment Compliance rules attachment_ compliance_ infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name ATTACHMENT _COMPLIANCE was renamed to AttachmentCompliance rules attachment_compliance _info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name ATTACHMENT_ COMPLIANCE was renamed to AttachmentCompliance rules attachment_compliance _info or RuleState rule_state enabled

      Compliance > Restrict delivery for S/MIME

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      SMIME_RESTRICT_ DELIVERYis renamed to SmimeRestrict Delivery rules smime_restrict_ delivery_ infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name SMIME_RESTRICT_ DELIVERY is renamed to SmimeRestrictDelivery rules smime_restrict_ delivery_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name SMIME_RESTRICT_ DELIVERY is renamed to SmimeRestrictDelivery rules smime_restrict _delivery_info or RuleState rule_state enabled

      Hosts > Hosts

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      EMAIL_ROUTEis renamed to Mail DeliveryRoutes available_route receiving_route_info

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name EMAIL_ROUTE is renamed to MailDeliveryRoutes available_route receiving_route_info

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name EMAIL_ROUTE is renamed to MailDeliveryRoutes available_route receiving_route_info

      Compliance > Append footer

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      COMPLIANCE_FOOTERis renamed to AppendFooter rules append_footer_infoor RuleState rule_state enabled

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name COMPLIANCE_FOOTER is renamed to AppendFooter rules append_footer_info or RuleState rule_state enabled

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name COMPLIANCE_FOOTER is renamed to AppendFooter rules append_footer_info or RuleState rule_state enabled

      Routing > Outbound Gateway

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      EMAIL_ROUTEis renamed to MailDeliveryRoutes available_route receiving_route_info

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name EMAIL_ROUTE is renamed to MailDeliveryRoutes available_route receiving_route_info

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name EMAIL_ROUTE is renamed to MailDeliveryRoutes available_route receiving_route_info

      User Settings > Email read receipts

      Change Email Settingis renamed to Change Application Setting

      EMAIL_READ_ RECEIPTS_ALLOWED_ DESTINATIONSis renamed to ReadReceipts {field name}

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name EMAIL_READ_ RECEIPTS_ALLOWED _DESTINATIONS is renamed to ReadReceipts {field name}

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name EMAIL_READ_RECEIPTS _ALLOWED_ DESTINATIONS is renamed to ReadReceipts {field name}

      User Settings > Name Format

      Change Email Settingis renamed to Change Application Setting

      DEFAULT_NAME_ FORMATis renamed to NameFormat default_display_name _format

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name DEFAULT_NAME_ FORMAT is renamed to NameFormat default_ display_name_format

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name DEFAULT_NAME_ FORMAT is renamed to NameFormat default_display_name _format

      End User Access > Allow per user outbound gateways

      Change Email Settingis renamed to Change Application Setting

      ALLOW_NAME_ FORMAT_ CUSTOMIZATIONis renamed to PerUserOutbound Gateway enable_smtp_relay

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name ALLOW_NAME_FORMAT _CUSTOMIZATION is renamed to PerUserOutbound Gateway enable_smtp_relay

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ALLOW_NAME_FORMAT _CUSTOMIZATION is renamed to PerUserOutbound Gateway enable_smtp_relay

      End User Access > Pop and Imap access

      Change Email Settingis renamed to Change Application Setting

      IMAP_ACCESSis renamed to ImapSettings {field name}

      ENABLE_POP_ACCESSis renamed to PopSettings pop_disabled

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name IMAP_ACCESS is renamed to ImapSettings {field name}

      admin.setting_name ENABLE_POP_ACCESS is renamed to PopSettings pop_disabled

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name IMAP_ACCESS is renamed to ImapSettings {field name}

      admin.setting_name ENABLE_POP_ACCESS is renamed to PopSettings pop_disabled

      End User Access > Automatic Forwarding

      Change Email Settingis renamed to Change Application Setting

      ENABLE_EMAIL_ AUTOFORWARDINGis renamed to AutoForwarding auto_forwarding_ disabled

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name ENABLE_EMAIL _AUTOFORWARDING is renamed to AutoForwarding auto_ forwarding_disabled

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_EMAIL_ AUTOFORWARDING is renamed to AutoForwarding auto_forwarding_ disabled

      End User Access > Google Workspace Sync

      Change Email Settingis renamed to Change Application Setting

      ENABLE_OUTLOOK_ SYNCis renamed to MailSyncSettings enable_outlook_sync

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name ENABLE_OUTLOOK_ SYNC is renamed to MailSyncSettings enable_outlook_sync

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_OUTLOOK_ SYNC is renamed to MailSyncSettings enable_outlook_sync

      Setup > User email uploads

      Change Email Settingis renamed to Change Application Setting

      ENABLE_EMAIL_USER _IMPORTis renamed to MailAndContacts Import Settingscan _import_ mail_and_contacts

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name ENABLE_EMAIL_USER_ IMPORT is renamed to MailAndContactsImportSettings can_import_mail_and_ contacts

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_EMAIL_USER_ IMPORT is renamed to MailAndContactsImportSettings can_import_mail_and_ contacts

      User settings > Themes

      Change Email Settingis renamed to Change Application Setting

      ENABLE_GMAIL_ SKINSis renamed to MailFrontendSettings skin_desired

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name ENABLE_GMAIL_SKINS is renamed to Mail FrontendSettings skin_desired

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_GMAIL_SKINS is renamed to MailFrontendSettings skin_desired

      Compliance > Optical Character Recognition (OCR)

      Change Email Settingis renamed to Change Application Setting

      ENABLE_OPTICAL_ CHARACTER_ RECOGNITIONis renamed to OcrSettings ocr_enabled

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name
      ENABLE_OPTICAL_
      CHARACTER_ RECOGNITION is renamed to OcrSettings ocr_enabled

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name ENABLE_OPTICAL_ CHARACTER_ RECOGNITION is renamed to OcrSettings ocr_enabled

      Manage Quarantines

      Change Email Settingis renamed to Change Application Setting

      EMAIL_QUARANTINEis renamed to AdminQuarantine admin_quarantine_ info {field}

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      events[]. parameters[].name EMAIL_QUARANTINE is renamed to AdminQuarantine admin_quarantine _info {field}

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_APPLICATION _SETTING

      admin.setting_name EMAIL_QUARANTINE is renamed to AdminQuarantine admin_quarantine_info {field}

      Manage Google Workspace Marketplace allowlist access

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      ENABLE_G_SUITE_ MARKETPLACEis renamed to Apps Access Setting web_display_option

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name ENABLE_G_SUITE _MARKETPLACE is renamed to Apps Access Setting web_display_option

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name ENABLE_G_SUITE_ MARKETPLACE is renamed to Apps Access Setting web_display_option

      Google Workspace Marketplace Apps

      Change/Delete/Create Gmail Settingis renamed to Change/Delete/Create Application Setting

      The ENABLE_G_SUITE_ MARKETPLACEsetting name is renamed to Allowlist app_access

      events[].name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/ CREATE/DELETE_ APPLICATION_SETTING

      events[]. parameters[].name ENABLE_G_ SUITE_MARKETPLACE is renamed to Allowlist app_access

      event_name CHANGE/CREATE/ DELETE_GMAIL_ SETTING is renamed to CHANGE/CREATE/ DELETE_APPLICATION _SETTING

      admin.setting_name ENABLE_G_SUITE_ MARKETPLACE is renamed to Allowlist app_access

      User Settings > S/MIME

      Change Email Settingis renamed to Change Application Setting

      EMAIL_SMIMEis renamed to SMime status

      events[].name CHANGE_EMAIL_ SETTING is renamed to CHANGE_ APPLICATION_SETTING

      events[]. parameters[].name EMAIL_SMIME is renamed to SMime status

      event_name CHANGE_EMAIL_ SETTING is renamed to CHANGE_ APPLICATION_SETTING

      admin.setting_name EMAIL_SMIME is renamed to SMime status
      New Gmail parameters

      Parameter name

      Nested parameter
      Reports API & SecOps
      BigQuery Export
      SETTING_METADATA

      USER_DEFINED_NAME

      events[]. parameters[].name= SETTING_METADATA. USER_ DEFINED_NAME

      admin.setting_metadata .user_defined_name

      DESCRIPTION

      events[]. parameters[].name= SETTING_METADATA. DESCRIPTION

      admin.setting_metadata .description

      rule_key

      events[]. parameters[].name= SETTING_METADATA. RULE_KEY

      admin.setting_metadata .rule_key

      rule_type

      events[]. parameters[].name= SETTING_METADATA. RULE_TYPE

      admin.setting_metadata .rule_type

      New Gmail events

      Changes to the following Gmail settings ( Apps> Google Workspace> Settings for Gmail) in the Admin console will log an event in Admin log events: 

      • User Settings > S/MIME > Allow SHA-1 globally (not recommended)
      • Spam, phishing, and malware > Inbound gateway > Gateway IPs > Add/Delete IP addresses / ranges
      • Authenticate email > DKIM authentication > Start/Stop Authentication
      • Compliance > Email and chat auto-deletion > Automatically delete email and chat messages older than the specified number of days > Modify the labels to exclude

      Changes to the settings will be logged as follows: 

      • Security & Audit and investigation tool event:Change Application Setting
      • Reports API & SecOps: events[].name=CHANGE_APPLICATION_SETTING events[].type=APPLICATION_SETTINGS
      • BigQuery Export: event_name=CHANGE_APPLICATION_SETTING , event_type=APPLICATION_SETTINGS

      Was this helpful?

      How can we improve it?

      Need more help?

      Try these next steps:

      Post to the help community Get answers from community members
      Contact us Tell us more and we’ll help you get there
      true
      Start your free 14-day trial today

      Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today .

      Enable Dark Mode
      Search
      Clear search
      Close search
      Google apps
      Main menu
      1664601992988786566
      true
      Search Help Center
      false
      true
      true
      true
      true
      true
      73010
      false
      false
      false
      false
      Create a Mobile Website
      View Site in Mobile | Classic
      Share by: