This article is for administrators. If you're a Gmail user, learn more about using Gmail confidential mode.
Gmail confidential mode is available in all Google Workspace editions.
With Gmail confidential mode, your users can help protect sensitive information from unauthorized or accidental sharing. Confidential mode messages don't have options to forward, copy, print, or download messages or attachments.
Confidential mode lets you:
- Set a message expiration date
- Revoke message access at any time
- Require a verification code by text to open messages
Confidential mode messages can't be scheduled for sending.
Important: Confidential mode helps prevent recipients from accidentally sharing messages. It can't prevent recipients from taking screenshots or photos of your messages or attachments. Recipients can also use malicious software applications to copy or download messages and attachments.
How Gmail processes confidential mode messages
Google Vault and confidential mode messages
Third-party archiving tools and confidential mode messages
Turn Gmail confidential mode on or off
You can turn Gmail confidential mode on or off for your entire domain, or for specific organizational units. When you disable confidential mode, users in your organization can't send Gmail messages in confidential mode.
To prevent users in your organization from receiving confidential mode messages, set up a compliance rule to block incoming confidential mode messages.
To turn Gmail confidential mode on or off for your organization:
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Apps > Google Workspace > Gmail > User settings.
Requires having the Gmail Settings administrator privilege.
- In User settings, scroll to Confidential mode.
- Uncheck or check the Enable confidential mode box.
- Save your changes.
Changes can take up to 24 hours but typically happen more quickly. Learn more
To turn Gmail confidential mode on or off for an organizational unit:
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Requires having the Gmail Settings administrator privilege.
- On the left, select the organizational unit.
- Scroll to Confidential mode and uncheck or check the Enable confidential mode box.
- Click Save.
Changes can take up to 24 hours but typically happen more quickly. Learn more
Block incoming confidential mode messages
To create a compliance rule to block incoming confidential mode messages from your domain, follow the instructions in this section.
Note: For detailed information about creating compliance rules for all types of content, see Set up rules for content compliance.
How messages trigger compliance rules
How confidential mode messages are quarantined
To block incoming confidential mode messages:
-
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
-
Go to Menu
Requires having the Gmail Settings administrator privilege.
- Point to the Content compliance setting and click Configure. If you already set up compliance rules for other types of mail, point to any rule and click Add another rule.
The Add setting dialog appears, where you'll enter a name, select the message type to match, and define what action to take based on the message.
- In the Add setting dialog, enter the following information:
- Enter a name for the rule.
- In the Email messages to affect, check the Inbound box.
- From Add expressions, choose If any of the following match the message.
- In Expressions, click Add, and then select Metadata match.
- From the Attribute drop-down, choose Gmail confidential mode, and for Match type, choose Message is in Gmail Confidential mode.
- Click Save.
- In the next section, which identifies what to do if the expressions match, choose Reject message.
- (Optional) Enter a custom rejection message that is automatically sent to the blocked message sender.
- Click Save.
Changes can take up to 24 hours but typically happen more quickly. Learn more
