What is GAT+?
GAT+ is a third party app developed for Google Workspace — It offers Super Admins powerful Google Workspace auditing and reporting for their domain.
GAT+ is an alternative to the ‘Reports’ feature within the Admin console.
GAT+ is included in all our pricing plans, and it’s the prerequisite tool for all other GAT products we offer.
When GAT+ is installed, it requires access to API permissions for each Google Workspace app (Each Workspace app has its own set of API permissions.)
GAT+ requires access to most of these permissions as it produces unique reports that are not found in the Admin console’s Reports section.
**Prerequisite: GAT+ needs to be installed from the Google Marketplace using a Google Super Admin account. Click here to learn more about the installation process.
**Availability: We offer an automatic 15 days free trial for GAT+, for all domains.
If you’ve trailed GAT in the past and would like to run a fresh trial again, please enquire through this form.
GAT+ Design Layout Explained
GAT Labs offers many products within different plans, you can access these products from the top right corner of each app.
That applies whether you’re viewing the App Launcher from within GAT+, GAT Flow or GAT Shield.
See Launching other Suite of products from within GAT+ for more information.
Side Menu Layout
The GAT+ Side Menu hosts all of the sections within the GAT+ tool.
Audit and Management
The Audit and Management section is home to all of GAT+’s auditing areas:
Users audit focuses on the following areas:
a. Basic tab – Overview of all users’ key settings, like which OU they were in when they last signed in.
b. Drive tab, and Drive Productivity tab – Overview of all files users have access to, and how they’re shared with different permissions.
The difference between ‘Drive tab’ and ‘Drive Productivity tab’ is: The Drive tab covers all files a user owns or has access to. Whereas, The Drive Productivity tab only focuses on the files a user has created/uploaded directly onto their own myDrive.
c. File Types tab – Shows audited information on all the different file types, and who owns the most number of files for each file type.
d. Quota tab – How much Google Drive quota (file storage in megabytes) is being used by each user.
e. Security tab – Shows security risks and insights for each user, ex: if they have 2FA turned off and when they failed to login.
f. Applications tab – Shows each 3rd Party App connected to a user’s Google account — Apps can access different permissions from Google accounts.
g. Calendars tab – Shows each Calendar the user has access to, and the number of future events the user is participating in.
h. Devices tab – Summarises the number of smartphones or ChromeOS devices connected to the user’s account.
i. Email Info tab – View Gmail settings in place for each user, see things like auto-forwarding policies and if someone has given Gmail delegation access to other users.
j. Meet tab – Summary of Google Meet calls for each user.
k. Events tab – The events a user has taken in relation to security — These logs can show when a user changed their password or changed their 2FA enrolment.
Users Audit Use Case Examples
2. Google Groups
a. Groups tab – In this tab, you’ll see all Google Groups within your Workspace domain.
Each Group will be displayed within the result table. You can find any Google Group using many filtering parameters.
You can modify any Group’s permissions or settings, see who is a member of that Group, or if a Group has members from outside your organization.
b. Group Members – In this tab, you’ll be able to easily see which users are in certain Google Groups.
You can add or remove any user from an existing Group.
c. Events tab – Shows all actions taken on Group settings or membership. Examples of action history: “New user added”, “User removed from Group”, “New Group Created”.
d. Last Used Address tab – GAT+ runs a metadata scan for each Google Group to audit the following:
- When an email was sent to the Group
- When a file was shared with the Group
- If Calendar events were sent to the Group
- When a user was last added to the Group
Based on that information you can easily decide if a Google Group is no longer needed.
Groups Audit Use Case Examples
3. Google Contacts
a. Contacts tab – This tab shows you all contacts across your entire organization — If they’ve been entered in contacts.google.com they’ll appear in the Contacts audit.
You can apply search parameters to find any contact. You can take action on these contacts, whether it’s to copy or delete them. You can also create contacts in user’s accounts.
Contacts Audit Use Case Examples
a. Classroom tab – You can view ALL Google Classrooms from this tab, i.e. Every single Classroom created by your Workspace domain users.
From here you can edit, delete or create any Google Classroom. You can also apply search parameters to find the Classroom you’re looking for.
Below are Some actions that are usually taken in this tab:
- Adding or removing Co-teachers to a Classroom
- Adding or removing students from a Classroom
- Creating new Classrooms
- Editing details of existing Classrooms
b. Classwork tab – The Classwork tab lists out every assignment and questions created by teachers within Google Classrooms. From this tab you can generate a report about all the work teachers have created for students.
c. Classwork Submissions tab – This tab shows all of the responses submitted by students to assigned assignments.
This tab covers all of the answers given by students. You can identify which students have not submitted any work for a particular assignment.
d. Teachers tab – Shows all Classrooms where a teacher is a participant. Whether that Classroom is Archived or Active. You can also see the number of assignments created by the teacher in the last 30 days.
e. Students tab – This tab lists out every single student from all of the Google Classrooms. It will also show the guardian information. Each student will be listed with the number of Active and Archived Classrooms they’re a participant at.
Classroom Audit Use Case Examples
f. Classes tab – This tab lists every single Google Classroom in a visual way. Showing details like Number of teachers and students, and number of classwork that has been published by teachers.
g. Class Info tab – Clicking on a classroom in the Classes tab will redirect you to the Class Info tab.
There you’ll find much more details on the Classroom, and if the GAT Shield extension has been deployed to students, you’ll be able to generate browsing stats.
h. Students Submission Summary tab – This tab summarizes student performance and provides an overall grade for the total number of submitted assignments for a particular Classroom.
You can use this tab to view student performance across all their Google Classrooms.
Classroom Insight Audit Use Case Examples
a. Applications tab – This tab lists all 3rd Party Apps which have been authorized to access different privileges from a users Google account.
It shows you what permissions 3rd Party Apps have access to and rates the risk of those privileges. You’ll also see how many users have authorized that app.
If you don’t approve of an App you can set up a policy to ban it from extracting data from their privileges.
b. Policies tab – In this tab you’ll see all Trusted or Banned App policies. These policies can cover all or some users, depending on their scopes.
c. Events tab – Each time a privilege is invoked by a 3rd Party App a record of the event is stored.
Application Audit Use Case Examples
6. ChromeOS Devices
ChromeOS Devices tab – In this tab you’ll see all enrolled Chromebooks within your domain. You’ll also see all their details. You can edit these details and take action on them.
A key feature in this tab is the ability to export the results to make changes within the Google Spreadsheet, then import the changes to make them final.
ChromeOS Devices Audit Use Case Examples
7. Mobile Devices
a. Mobile Devices tab – Leveraging Google Workspace Mobile Device Management features, the Mobile Device tab shows you all connected mobile devices, Android or iOS.
From this tab you can view all devices specs and details. You can also take actions on a device, like for example wipe an account of the device.
b. Apps tab – When Advanced Mobile Management is enabled in the Google Workspace Admin console and users are forced to install the Google Device Policy app you can report on all installed Apps on their mobile device.
This tab will then show you all installed Apps on each users’ device, and what privileges that app requires.
Mobile Devices Audit Use Case Examples
a. Files tab – Allows Super Admins or delegated auditors to apply custom search filters to find any file or folder within myDrives or Shared Drives for any Google account.
In this area, you’ll also find all actions you can take on these files.
b. File Content Search tab – This section leverages Google’s content search API. You can enter any string/character query, this search is then passed to Google to be performed.
It does not rely on GAT+ metadata scan mechanism. Once Google completes the search the answer is given back in real-time. From this section, you can also take any actions on the files returned by the search.
c. Files Deleted tab – Shows you all permanently deleted files. You can export the results of any filter you apply.
d. Shared Drive tab – In this tab you’ll find all root folder structures for a Shared Drive.
You can also manage the membership and settings of any Shared Drive and enter inside any Shared Drive if you wish to.
e. Events tab – This tab shows all event actions taken on files and folders. Each file or folder has an event record log.
In this tab, you can search for a user and all actions they’ve taken on a file or folder.
f. Folders Tree tab – This tab shows in a visual way all folder structures. You can clearly see subfolder levels within a root folder.
g. Group Sharing tab – This tab gives insight if members of a Google Group share files with members of another Google Group.
h. External Domains tab – This tab give insights on which domains files are being shared with.
It also shows you the amount of files shared out with external domains.
i. Domain Connection Graph tab – This tab is very similar to the External Domains tab, but it presents the information in a simple visual view.
You can also apply filters to see which domains have access to files on your domain.
j. External Users tab – This tab lists all external users who have access to files on your domain. It also shows you what these users can view and edit.
Drive Audit Use Case Examples
a. Emails tab – This tab allows Google Super Admins or Delegated auditors to apply any search filter to find any email within their domain.
The search can cover every Google account within the domain. As long as the email is not permanently deleted it will appear in the metadata scan.
From this tab, you can also take actions on the emails leveraging the GAT Unlock functionality.
b. Email Content Search tab – Within this tab, you can apply any string or character-based search. Your search parameters are passed to Google’s email content search API and results are returned in real-time.
This tab does not leverage GAT+ metadata scans. Within this tab you can also take any actions on the emails returned.
c. User Statistics tab – This tab gives insights into each user’s email activity. It shows every Google account and the number of emails they send and receive from their own email address, or if they used a Google Group email to send that email.
You can also quickly see in this tab which user is sending or receiving the most amount of emails and the person who is receiving the least amount of emails.
d. Groups Statistics tab – This tab shows Google Groups stats about emails sent and received by Google Groups. For each day you’ll see how many emails were sent or received, and how many emails included attachments.
e. External From/To tab – This tab shows every external email address that’s been receiving or sending emails to/from users on your domain.
f. Sender/Receiver tab – When you apply a filter within the Emails tab, click onto the ‘Sender/Receiver tab’ to get a breakdown of all of the ‘External Senders/Receivers’ and see a breakdown of all ‘Internal Senders/Receivers’ too.
This tab is super useful when you navigate from the Emails tab directly to the ‘Sender/Receiver tab’.
g. Domain Connections tab – This tab shows a list of domains that are sending emails to your domain.
It shows you the date of their first email interaction with your domain, as well as their most recent interaction with your domain.
h. Domain Connections Graph tab – This tab is very similar to the ‘Domain Connections tab’ but presents the information in a simple visual view.
You can apply filters to see which external domains send or receive the most amount of emails from your domain.
i. Mail domains tab – This tab shows a list of all domains your domain connects with, and whether these domains are Google Workspace domains or Office365 domains.
If they’re not Workspace or Office365 they’re categorized as “Other”, these could be self-hosted mail domains.
You’ll also be able to see when these domains first connected with you domain.
Email Audit Use Case Examples
10. Classic Sites
When you click on the Classic Site auditing area you’ll be redirected to an old design of GAT+ where you can audit Google’s Classic Sites.
These sites were hosted by Google. If you wish to audit the new version of Google Sites you’ll need to go to Drive audit. Since the new version of Google Site is stored on Google Drive you’ll find auditing metadata in Drive audit.
a. Calendars tab – In this tab you’ll see every user’s Primary and Secondary Calendar details.
From there you can modify and edit any user’s access to a Google Calendar.
You can change ownership, add new users or remove users from a Calendar permission.
The key feature here is that you can search using the filter functionality to find all Calendars a user has access to.
b. Calendar Events tab – In this tab you can find all Past or Future Calendar events. If you need to make changes to an upcoming future event you can do so from this tab too.
c. Calendar Resources tab – If you have defined Google Calendar Resources within your Workspace Admin console then you can search for these resources and find all associated Calendar events (past or future) in this tab.
e. Calendar Event Meetings tab – This tab focuses on Google Calendar events which include a Google Meet video conference link.
You’ll be able to view the duration of these Google Meet conference calls and participants of that meeting.
Calendar Audit Use Case Examples
a. Activity tab – This tab shows weekly and monthly Google Meet activity.
You can see Google Meet call entries and details for each user. You’ll be able to determine if any user had a Google Meet call, and how long it lasted for.
b. Timeline tab – This tab is a visual representation of the ‘Activity tab’. You’ll see visual entries on a timeline for each hour of the day. If a user has a call at a particular hour, you’ll see a colourful dot appearing on the timeline.
c. Activity Graph tab – For each Meet conference call you’ll have a Conference ID. You can use this Conference ID to find the call and see a visual representation of all its participants, and how long they stayed within the conferencing room.
d. Map tab – Users who report back their IP address to Google while they have a Google Meet call will appear on the Map and their location can be identified.
e. Meetings without organizers tab – This tab will show Google Meet Calls where the Organizer is not present or has left and users continued to stay within the room.
f. Meet cost tab – If you define the average hourly work rate for users within the GAT+ Configuration area then the Meet cost tab will show you a chart of the potential cost of a Google Meet call.
This is based on the concept that ”time is money”. So within a certain time range, you’ll see all of the potential spending for Google Meets.
g. Summary 30 days tab – This tab shows you many Google Meet activity charts in a visual way. It will also show you the total number of calls occurring each day, and the average time spent on each.
Meet Audit Use Case Examples
a. Channels tab – All users will be presented with the total number of YouTube videos they published, and how many of those videos are set to be viewed by people from outside of the company.
Clicking on any values within the table will redirect you to the ‘Videos tab’ so you can take action.
b. Videos tab – In this tab you’ll see more details on the YouTube video. From here you can also change the video’s visibility to Private or Unlisted, if the video was set to Public.
Youtube Audit Use Case Examples
14. User Logins
a. Events tab – This tab shows see all events related to Logins. You can identify who failed to enter their password correctly or who failed to pass the Login Challenge prompted to them.
If they were successful in Logging in the event will state ‘OK’, if they failed the event will state ‘Login Failure’. If Google has access to their IP, then a beacon will appear on the map.
b. Login IP tab – This tab focuses on the reported IP addresses and the Events reported from them. If IP is available a beacon will be placed on the map.
Users Login Audit Use Case Examples
15. One Click Reports
a. Reports tab – This tab lists a few useful report types available in GAT+.
By clicking on a link you’ll be redirected and a search filter will be applied in that audit section.
This allows you to quickly schedule that filter search if you choose to.
One Click Reports Use Case Examples
16. Google Workspace DLP
a. DLP Dashboard tab – This tab shows you charts and graphs of the Google DLP rules which were triggered. The DLP rules must be defined within your Admin console.
b. Drive Events tab – In this tab you’ll be able to view all triggered DLP events, and view if a file had PII (Personal Identifiable information) within it.
c. Drive Rules tab – This tab will list out all the DLP rules that you created within your Admin console.
Google Workspace DLP Use Case Examples
17. Roles & Privileges
a. Roles tab – This tab lists out all custom roles and standard roles within your Admin console.
Here you can quickly identify which users have which roles. The Google Workspace Super Admin role being the most important and most powerful role of course.
b. Privileges tab – In this tab you’ll see all privileges available and which roles use these privileges.
Roles & Privileges Use Case Examples
a. Alerts tab – Within the Configuration area of GAT+ you can develop near-real time alerts called Alert Rules.
If these alerts are triggered you’ll see the event details within this tab. You can then quickly identify which user triggered or violated the Alert Rule you have in place.
Alerts Use Case Examples
- Domain Info tab – This tab shows you Google license information and active user count, and GAT+ license type and the list of the nominated Security Officer(s).
You’ll also find a field to enter your primary contact details so the GAT support team can reach out to you if needed.
- Settings tab – This tab provides you with options to create custom tags which can later be assigned to Gmail email or Drive metadata.
If you have other secondary domains you can declare them as ”company-owned domains” so they don’t appear as external within the auditing reports.
- Date and Time tab – In this tab you’ll be able to configure the global settings for all users’ date and time.
- Scan Options tab – You can hide and not report metadata from certain auditing areas.
- Reports tab – The weekly activity report which is automatically generated by GAT+ can be disabled from this tab.
- Tasks tab – This tab will show all of the recurring scheduled metadata scans. It will show their status and health. You can manually force a metadata scan to be scheduled to run quicker than normal. A normal metadata scan should run every 10 hours.
- Average Cost Per Hour tab – You can declare the average hourly work rate for any employee. This will be used within the Meet auditing area.
The security officer area will only appear to users who have been nominated as Security Officer(s).
- Dashboard tab – This tab explains all the tabs available within the Security Officer area.
- Access Log tab – This tab shows if a Workspace Super Admin or a delegated auditor accessed file content or email content. It also shows if file sharing permissions were changed or emails were deleted.
- Access Permissions tab – In this tab you’ll see any requests coming from Workspace Super Admins or delegated auditors to view file or email content or to delete emails. Security Officers will have to decide what requests are approved or denied.
- File Management tab – Any requests to make changes to file-sharing permissions will be displayed in this tab. Security Officers will have to decide what requests are approved or denied.
- Email delegation tab – Email delegation requests will be displayed in this tab.
- Email Forwarding tab – Email forwarding change requests will be displayed in this tab.
- Copy Management tab – Requests to make duplicate copies of files will be displayed in this tab.
By default Google Workspace Super Admins are the only users able to access the GAT+ tool. If you wish to delegate GAT+ access to others then they’ll need to be declared as a Delegated Auditor(s).
Auditors tab – In this tab you can declare new Delegated Auditor roles and view existing roles.
Delegated Auditors Use Case Examples
Admin Log tab – All actions taken within the GAT+ tool appear as a log within the ‘Admin log’. This log is immutable and can not be deleted.
Schedule tab – Shows all scheduled reports that have been created. From here you can remove them, or assign an action to the scheduled reports.
Scheduled reports Use Case Examples
Alert Rules tab – In this tab you can create Alert Rules. Alert Rules policies that are near-real time.
They can trigger from 30 minutes to 2 hours after an incident occurs.
You can set up Alert Rules to trigger based on user activity, Drive sharing or Gmail settings changed.
Alert Rule Use Case Examples
- How to Set Alert Rules for Not Synchronised and Idle Mobile Devices
- How to alert or remove Google Drive files that contain email addresses
- Alert when 2FA is disabled for any user in your Google Workspace Domain
- Alert Logins from Users outside your City or Country
- Alert on Google Drive Shares to Specific Email Address
- How to Set Up Google Drive DLP Alerts for Shared Out Files
When you click on this option you’ll be redirected to the gatlabs.com website where we discuss GAT+ features and functionalities.
When you click on this option you’ll be redirected to the gatlabs.com website where you can select whether to see documentation, videos or a contact form.
Video Guides will redirect you to youtube.com
Will display a dialogue box that explains the version of GAT+.
GAT+ Key Features Explained
Apply filters within auditing areas
When you enter any auditing area in GAT+ you’ll be see the following icons:
The funnel icon – allows you to apply a filter search on the metadata. The metadata is usually unorganized and random unless you apply a filter to change that.
The funnel icon with x symbol – allows you to clear the search and to start a new filter search.
The ability to apply a filter is a key feature within the GAT+ tool. You can query any part of the metadata and look for unique parameters within the metadata.
Exporting the metadata to CSV or Google Spreadsheet
Once you’ve filtered and found the metadata you’re searching for it’s always a good idea to export the information to a Google Spreadsheet or CSV for record-keeping purposes.
In all auditing areas, there are going to be hidden columns from the metadata tables. If you wish to see more columns you need to define this. Some columns are hidden because there’s little space on the screen.
How often are API permissions evoked by GAT+?
GAT+ uses API permissions to extract metadata which is later indexed and worked on to produce powerful reports for the Super Admins within the GAT+ console.
GAT+ evokes a fresh metadata scan each 10 hours and pulls metadata from the Workspace APIs.
How is metadata secured?
GAT+ encrypts the metadata at rest with AES-256 algorithm encryption. Metadata is stored on GCP (Google Cloud Platform).
Who has access to GAT+?
The app appears on all users accounts because the super admin installs it Domain-wide. This is necessary to gather auditing reports for each user within the organization.
The only users who have access to the GAT+ interface are Workspace Super Admin privileged users.
Super Admins can give non Super admin access into the tool by creating Delegated Auditor roles, these are roles who have less privileges.