can gmail admins read users emails n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Definitive Guide to Audit Your G Suite Users mailboxes PowerPoint Presentation
Download Presentation
Definitive Guide to Audit Your G Suite Users mailboxes

Loading in 2 Seconds...

play fullscreen
1 / 15

Definitive Guide to Audit Your G Suite Users mailboxes - PowerPoint PPT Presentation


  • 1 Views
  • Uploaded on

CAN G SUITE ADMIN ACCESS USERS EMAILS? If you are a G Suite Admin or even a User, am sure you would have this question, and the short answer to it is “YES”, in this detailed article I will show how its possible.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Definitive Guide to Audit Your G Suite Users mailboxes' - esmeriley4uin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
can gmail admins read users emails

Can Gmail Admins

read users emails?

Goldy Arora - G Suite Certified Administrator

your employer can access your emails in google

Your employer can access your emails in

Google Apps without password

If you are a G Suite Admin or even a User, am sure you would have this question, and the short answer to it is

“YES”, in this detailed article I will show how its possible.

Author – Goldy Arora – G Suite Certified Consultant

Monitor Your Users Emails in G Suite

In this video (or article below), i’ll show you how you can get bcc copy of your users/employees emails without

knowing their passwords in G Suite (Google Apps).

You should be a G Suite Administrator, and must be using G Suite Basic, Business, Government, Education or

Enterprise edition as it does not work for G Suite Free.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 1

Your employer can access your emails in

Google Apps without password

Article Overview-:

Article Overview-:

In this article you will see how being a G Suite Administrator you can get a

copy of your users sent and received emails without knowing their

passwords or putting forwarding in their mailboxes

Note-:

Note-: This option is primarily meant for auditing, you need to keep your

country law and organizational policy in mind before attempting this method

of getting access to your users emails.

For any feedback or query, feel free to write me

Scenario -:

Scenario -:

For auditing purpose you would like to track incoming and/or outgoing (including intra-domain) emails of one or

all of your Google Apps users, without asking or changing their password or putting a forwarding rule in their

mailboxes

Solution Explanation-:

Solution Explanation-:

To achieve this, you will create a server side rule in G Suite (formerly Google

Apps) which you can apply on either one user, or an OU or even at all users

This rule will state, that any message which contain @yourdomain.com in the

message header, then send its copy to the id which you define

System Requirements-:

System Requirements-:

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 2

Your employer can access your emails in

Google Apps without password

This solution will only work with Basic, Business, Education and Government edition of G Suite (Google Apps),

and not with free edition

Step 1 - Login to G Suite Control Panel

To achieve this, we need to login to our G Suite admin console, watch the video to see 3 possible ways to access

admin console.

Note-: I assume you have administration permission to perform this task, if not, then you can watch this

tutorial to see how to become G Suite Administrator or delegated administrator.

Step 2 - Navigate to APPS

Once you are logged into G Suite Control Panel, click on APPS icon from the Dashboard.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 3

Your employer can access your emails in

Google Apps without password

As we will be applying a server side to our Gmail application, which will get us bcc copy of all sent and received

emails of our users

Click on the GMAIL icon as shown in the screenshot

Step 4 - Click on Advance Settings

The rule we want to apply is a part of Gmail advance settings, go ahead and click on it

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 4

Your employer can access your emails in

Google Apps without password

Step 5 - Select Organization Unit

If you want to receive bcc copy of all the users in your domain, you can select the parent organization unit.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 5

Your employer can access your emails in

Google Apps without password

If you want to apply it on a speci?c function such as sales or accounting OR even only on a few users, you may

create a new organizational unit and put required users in it, here are instructions by Google for it.

After selecting right orgnaizational unit, scroll down to ?nd “Content Compliance” and click on “Con?gure” as

shown in the screenshot below

Step 6 - Define Rule's Scope

Adding a description for your rule is recommended to ensure other administrators in your domain can refer to it

and understand this rule’s objective in your absence

Select which emails you want to get as bcc for users, you can select any or all including inbound, outbound,

internal sending or recieving, for the sake of this example, am only considering inbound and outbound, and not

the intradoamin ones.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 6

Your employer can access your emails in

Google Apps without password

Step 7 - Define the expression

Lets define our condition, think of it like IF/Else statement-:

1. Select “If any of the following match the message”

2. Click on “Add” to add a condition statement

3. Click on “Advance Content Match”

4. Location should be “Full Headers”

5. Match Type should be “Contain Text”

6. Content should be “yourdomainanme.com” (you need to change yourdomainname.com to your actual

domain name)

7. Save your condition

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 7

Your employer can access your emails in

Google Apps without password

Explanation -: In this step, we have created a condition (IF statement) stating if “@yourdomain.com” is found in

the message header, then match the condition, now if your users either send or receive message through their

corporate id, @yourdomain.com will surely be there in the headers, as its not possible to send/receive without it

from/to their corporate id, however if your requirement is a bit complex, you may also use regex expressions to

define your criteria.

Step 8 - Who should get bcc?

1. Scroll down and click on “Add more recipients”

2. Click on Advance

3. Checkbox “Change Envelope Recipient”

4. Select “replace envelope recipient”

5. Enter the email id on which you would like to get bcc copy

6. Scroll below and follow the next step in this article

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 8

Your employer can access your emails in

Google Apps without password

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 9

Your employer can access your emails in

Google Apps without password

Step 9 - Prepend subject (recommended)

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 10

Your employer can access your emails in

Google Apps without password

1. In this step, we’ll de?ne a way to separate these bcc emails from your regular ones, so you can easily

identify them and filter/label them if required.

1. Click on “Prepend subject”

2. Add any thing you would like to prepend in the subject of these bcc emails, for example {{BCC}}

3. Now all theses bcc copies that you’ll get will have {{BCC}} in front of the subject line, which will help

you make filter in Gmail and put them under a label/folder.

4. Save your changes

Congratulations, you will now get a bcc copy of your users in the mailbox you put in your condition as shown in

above example)

feel free to put comments if you have any questions or feedback.

G Suite user email auditing FAQ

I have been usually asked these questions both from G Suite employers and user about possibilities of

auditing their Gmail for business accounts, so I thought to put there once for all, if you don’t ?nd the

answer, feel free to write to met at help at goldyarora.com

Can a google apps for business admin access email of a user?

G Suite Admin can not directly access users emails, however, Yes, he has following options to look at any users

emails-:

(i) Google Vault -:

(i) Google Vault -:

G Suite has different plans, and one of them is called “G Suite for Business” which comes an application called

“Google Vault“, which saves a copy of all users emails, on the record chat, group messages, ?les in Google Drive

and Team Drive.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 11

Your employer can access your emails in

Google Apps without password

So even if a user deletes his/her email or a ?le in Google Drive, you can login to Google Vault as an Admin and

search for users emails.

Please note -: above vault based solution to access your users email will not work with G Suite basic plan as

Google does not vault with it.

(ii) Email Delegation -:

(ii) Email Delegation -:

G Suite offers an email delegation feature where you a user can delegate his or her gmail mailbox to someone (e.g

a CXO delegating to executive assistant), this is usually done by a user, however G Suite Admin can also do it

via Google’s Email Settings API without even users noticing it.

Note-: Though G Suite Admins can setup email delegation behind the scenes, if you are a user you can go to your

delegation settings (Gmail –> Settings –> Accounts –> Grant Access to your account) and check if their account

is delegated to someone and can delete the delegation too.

(iii) G Suite Content Compliance Rule -:

(iii) G Suite Content Compliance Rule -:

G Suite Admin can also setup a rule in admin console to trigger a bcc copy of all (or required) users email as

shown in the video tutorial above, and this solution works with all G Suite paid plans.

(iv) G Suite Admin Audit API -:

(iv) G Suite Admin Audit API -:

In case if your requirement is not ful?lled by above solutions, you may consider putting a custom solution based

on your needs with G Suite Email Audit API. You also don’t need to start from scratch here, if you know a bit of

Google Apps Script, you can use this OAuth 2 library to easily use Audit API within Apps Script.

How about google apps login as another user, can i do that as an Admin??

NO, You can NOT login to any of your G Suite users account even if you have super administrator rights.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 12

Your employer can access your emails in

Google Apps without password

Only way to do that is to ?rst reset user’s password and then use that password to login to user account, but user

can easily figure that out as he / she won’t be able to login with the old password.

So if you are a G Suite Admin and really want to monitor your users emails, consider the solutions mentioned

above.

Is it legal or ethical for Gmail Admin to read user emails?

I have been working with G Suite partners and all my employers use G Suite (formerly Google Apps) for email

and collaboration.

I have this same question, and after asking a few of my employers and doing a bit of googling, I honestly don’t

have a clear answer on it.

Some people say that when you work for a business, its assumed that you are using business assets and they

retain the rights to look into anything if required.

Also, because am not a legal expert, I won’t really comment on this, but if you are a user, don’t hesitate to read

your employment contract, look at your state and/or country laws, or even reach out to your employer (I did

this) to ask it.

I have seen cases where due to legal investigation G Suite Admins put a legal hold on concerned user’s email box

(in Google Vault), so regardless of all, if you are a G Suite user, my recommendation would be to use your Gmail

assuming that your employer can access your emails.

Here are little known ways to save upto 50% on your G Suite monthly bill, follow them and I am con?dent you’ll

be able to save substantial amount of money with G Suite Business Promo Code.

Your employer can access your emails in Google Apps without password

your employer can access your emails in google 13

Your employer can access your emails in

Google Apps without password

For more advance G suite tips

Visit goldyarora.com

Visit goldyarora.com

Your employer can access your emails in Google Apps without password