Welcome to Google Vault! This guide will walk you through the steps to get Vault up and running for your organization.
- You must be a G Suite super administrator for your organization; only super administrators can complete the steps in this guide.
- Your organization has to purchase a G Suite edition that includes Vault. G Suite Basic organizations must purchase Vault licenses.
- Verify that your organization isn't managing email and chat message storage. If this feature is configured to automatically delete messages, it will interfere with Vault retention rules. You must sign in to the Admin console and change this setting to Do not delete email and chat messages automatically.
- Consider enabling comprehensive message storage. This setting ensures that a copy of all sent or received messages in your domain—including messages sent or received by non-Gmail mailboxes—is stored in the associated users' Gmail mailboxes
Click each step below to learn how to complete it.1. Assign Vault licenses (G Suite Basic only)
Vault is included with most G Suite editions, but it's an add-on for G Suite Basic customers. You can assign licenses to everyone (full-domain licensing) or to just a subset of people (partial-domain licensing).
- Consult with people in your organization who understand its business and legal requirements to decide who needs a Vault license.
- Follow the steps in the full-domain or partial-domain licensing article.
You can control who in your organization sees the Vault service in their account. Keep the following in mind:
- Turning Vault on or off has no effect on which accounts are archived by Vault. All user accounts with Vault licenses can be archived.
- This setting has no effect on which accounts can change retention rules, search for data, or perform other Vault functions. Users must have appropriate Vault privileges to work with Vault.
- If you choose ON for everyone, the Vault icon appears in everyone’s list of apps. Some users may be confused by the presence of an app that appears to be nonfunctional. If your domain has organizational units, we recommend you restrict access to organizational units that have Vault privileges.
To allow users to sign in to Vault:
- Sign in to the Admin console.
- On the dashboard, click Apps, then click G Suite.
- Click Vault and choose one of the following options:
- ON for everyone: everyone in your organization can access Vault.
- ON for some organizations: only organizational units that you specify can access Vault. Learn more about creating OUs.
- OFF: no one in your organization can access Vault.
Grant privileges to employees who you want to create retention rules, place holds, or perform investigations. This step is not mandatory for the initial setup of Vault.
Now that Google Vault is enabled and licenses have been assigned in the Admin console, sign in to Vault by doing the following:
- Go to https://ediscovery.google.com
- Sign in with your G Suite username and password.
Other authorized employees in your domain will sign in to Vault the same way after you've given them access.
Set default retention policies to control how long data is retained before being permanently expunged from user accounts and all Google systems. Your organization should have policies to cover the amount of time data should be retained. We recommend that you consult your organization's legal team when you set up retention rules.
Learn how retention works.
- In Vault, click Retention in the left navigation.
- Under Default retention rule, click a service, such as Drive or Gmail.
Note: Drive Enterprise customers can set retention rules only for Drive.
- Check the Set a default retention rule box.
- Choose how long to keep messages or files:
- Choose Indefinitely to permanently retain data. Click Save to create the default retention rule. You're done!
- Enter a number of days, from 0 to 36,500:
- Gmail, Groups, and Chat messages—days from when the message was sent.
- Drive—days from when the file was either created or last modified.
- Choose what to do with data past the duration you selected:
Vault immediately starts the process of purging data that exceeds the retention coverage period as soon as you submit a new rule. This can include data users expect to keep. Do not continue to the next step until you're sure the rule is configured correctly.
- Choose the first option to expunge just the messages or files that users have already deleted.
- Choose the second option to expunge all messages and files. This includes data that's in users' inboxes and Drives. It also includes data that has already been deleted.
- Click Continue.
- What happens after you set default retention rules: Unless a custom rule or hold applies, data is preserved according to the default retention rule.
- What happens when a user deletes a message or file: The message or file is removed from that user's account. However, when the default retention rule or a custom rule applies, the message or file is still available in Vault for the remainder of the retention period.
Google Vault is now up and running! Vault will preserve your domain's data as specified in the retention rules you configured. Learn more about the default retention rule and custom rules.