This page is updated as we add features, enhancements, and fixes to Google Vault.January 15, 2020: Protection for Google Chat and classic Hangouts messages
Gmail confidential mode
Gmail confidential mode lets users restrict recipients' access to sensitive email content. This feature is available to G Suite organizations that enable the feature and personal Gmail accounts.
When a user sends a confidential message, Gmail replaces the message body and attachments with a link. Only the subject and link are sent using SMTP.
Confidential mode messages sent by users in your domain
If your organization enables Gmail confidential mode, Vault can hold, retain, search, and export all confidential mode messages sent by users in your organization.
Confidential messages sent after November 30, 2018 are visible to Vault in the mailboxes of all internal senders and recipients. Messages are always available to Vault, even when the sender sets an expiration date or revokes recipients' access to confidential mode messages.
Confidential mode messages received from outside your domain
Even if your organization doesn't enable Gmail confidential mode, your users might receive confidential mode messages from other G Suite customers and from personal Gmail accounts.
You can hold, retain, search, and export message headers and subjects of external confidential messages. However, you can't search or export message content or attachments from external confidential messages.
Working with confidential mode messages
Vault supports confidential mode messages as follows:
- Vault returns internal confidential messages that match your search query. You have the option to hide confidential message content when you preview and to exclude confidential message content when you print or export messages.
- You can use
label:confidentialmodeto search for confidential messages. You can also use this label to apply holds and custom retention rules specifically to confidential messages.
Vault now fully supports Jamboard files that users have saved to their Drives:
- Holds and retention rules now cover jams that users have saved to Drive. Unsaved jams are discarded when the Jamboard session ends and are unavailable to Vault.
- You can search, preview, and export jams. Use
type:jamto search specifically for Jamboard files.
When you export Google Docs, Sheets, and Slides, Vault now generates a unique hash value for each file. You can use this new hash value to deduplicate file exports and to verify that the exported file is an exact copy of the custodian's source file.
How you search for a file controls how Vault generates the hash value:
- If your search includes a version date, it's used to generate the hash value.
- The last modified date is used when the search doesn't include a version date.
When comparing hash values among exports, keep the following in mind:
- If a file's content changes, its hash value also changes.
- If someone changes sharing permissions on a file but not the content, the hash value doesn't change.
- If you export a file multiple times and use different version dates, the hash values differ even if the file content is identical among the exports.
The source hash is one of the parameters included in the Vault XML file when you export from Drive. Learn more about Drive export metadata.
We've added more granular controls to retention rules:
- You can set custom Drive retention rules that expunge files a specified number of days after users move them to trash.
- You can set default and custom retention rules for Hangouts Meet recordings. Previously Meet recordings were subject to applicable Drive retention rules.
Important: The Meet retention feature adds a new settings page in Vault where you can enable retention for apps that store files in Drive. You must create retention rules for Hangouts Meet before you enable this setting. Learn more about how to avoid data loss while setting up retention for Hangouts Meet.
We've also added new features to make it easier and more efficient to search for data in Vault:
- Quickly perform multiple searches in a matter—after you start a search in Gmail or Groups, you can click the Search in new tab button to open a new search dialog in the same matter. Your initial search will complete in the first tab.
- Search status—while a search is in progress, Vault reports the time elapsed and the query parameters you entered.
- Improved count functionality—when you enter a query and click the Count button, Vault reports the number of matches and time elapsed. You can also download a CSV file that lists the accounts with messages that match your query.
Additionally, we've added new metadata fields to Hangouts Chat exports:
roomName—the name of the room or a comma-separated list of accounts that are members of a direct message (DM)
conversationType—room or DM
When you export messages from Hangouts Chat, Vault now combines multiple conversations into a single PST or mbox file. Before today, each conversation was exported in a separate file.
Additional Vault help topics:
You can now export Gmail, chat, and Groups messages as PST files. This feature makes it possible for you to review messages in Microsoft Outlook, as well as third-party litigation support tools that support this format.
Get more detailed metadata when exporting files from Drive
When you export files from Drive, the metadata includes information about users who have an indirect relationship to a document. Additionally, Vault gives you the option to determine what that relationship is.
Learn more about users with indirect access to files and your options when exporting from Drive.
Select a time zone during search and export operations
Previously Vault used Greenwich Mean Time (GMT) for all searches and added extra day to include results from earlier time zones. Vault now supports time zone selection for search and export operations. You can specify a time zone when searching for data, and then Vault determines the boundaries of dates for displaying and exporting results.
The new time zone setting affects only search and export operations.
Important: Organizations that span multiple time zones may see different search results compared to those delivered before this feature was released. Learn more about searching for data based on time zones.
Create custom retention rules for all shared drives in your domain
You can now create custom retention rules that cover all shared drives in your domain.
Set retention rules for specific Google Groups
You can now apply custom retention rules to specific Google Groups.
Full support for Google Drive, including shared drives
You can now set retention rules and place legal holds on files in Google Drive, making it a fully supported app in Vault.
You can now also search, export, set retention rules, and place legal holds on files stored in shared drives.
Note: Drive retention and holds work a bit differently than what you've grown accustomed to with Gmail retention and holds. We recommend you review these articles as you consider the hold and retention policies that work best for your organization:
Export point-in-time Google Drive files
Vault only searches the latest version of a file. However, you can now add a version date to your search to view and export Google files as they existed on that date. Versioning is supported in most Google file types:
Versioning isn't supported in Google Forms, Apps Script, or any non-Google file type.
Use Vault for Google Groups
Vault now works with Groups, meaning you can search, export, and set retention policies, and place legal holds on content in Groups.
- Download partial results—The messages and files that Vault retrieved up to that point are available for download. Also included is a CSV file that lists accounts that have not yet been exported.
- Continue an export—Vault resumes where it left off, retrieving additional messages and files for another 24 hours. You can continue an export as many times as necessary to retrieve all messages and files that match your search query.
If you do not download partial results or resume a paused export before 15 days have elapsed, the export is deleted.
- Assign hold privileges based on organizational units—Vault administrators can be limited to creating and managing holds for users within specific organizational units rather than an entire domain.
- Holds based on organizational units—Previously, you could create holds for specific user accounts or an entire domain. Now you can create holds that apply to all members of a specific organizational unit.
- More intuitive hold functionality—Previously, if you removed all accounts from a hold, Vault would apply the hold to all accounts in the domain. Now, you’re prompted to delete a hold if you try to remove all accounts.
- Enhanced user interface—The language and interface for applying holds is improved and is similar to the recently updated retention flow.
- Retention rule applies to deleted messages only—If you select this option, the rule only affects messages that have been deleted by users. This is the default option for new rules and is equivalent to adding label:^deleted to a custom retention rule.
- Retention rule applies to deleted messages and messages in user mailboxes—If you select this option, the rule applies to all messages except those that meet any custom rules or holds you specify. If you open an existing custom retention rule that uses label:^deleted, it has this option selected. However, your custom rule continues to work according to your original configuration, overrides the option, and only deleted messages are affected.
Remember: Vault is fully integrated with Gmail, and there is no separate archive. Choosing the second option above means that you want the rule to apply to all messages, whether users have marked the messages for deletion or not. This option can potentially delete messages that your users expect to keep. For example, if you set a default retention rule to retain messages for 365 days and select the second option (to apply to all messages), and you have no custom rules or holds, Vault deletes every message in your domain that is older than 1 year.
Vault now fully supports Hangouts chats. You can retain, hold, search, and export chats that occur within Hangouts with history turned on. Additionally, administrators can now control whether history is on or off.
Full Vault support is only available for Hangouts that take place after this date. For Hangouts that occurred before this feature was launched:
- only on-the-record chats can be searched, exported, and placed on hold
- retention policies are not properly applied to Hangouts messages
Vault previews and exports now include several additional pieces of information to help you analyze messages:
A G Suite admin can now restrict access to matters based on organizational units. If this is enabled, a Vault user can share matters only with members of the specified organizational units and their sub-units. Learn more about Vault privileges and how to assign them.
Vault no longer restricts how many accounts you can search for messages. Please note that you may experience delays when searching and counting over domains with more than 50,000 accounts.
Vault now reports additional information when messages in Gmail or files in Drive are unavailable for export. Learn more about error reports.
Vault for Drive
Vault's robust functionality now includes another data source—Drive—so that your organization can find even more business-critical content. Vault for Drive comes at no additional cost for Vault customers and works with existing Drive content in your users' accounts. Postini customers transitioning to Vault will also be able to use Vault for Drive at no additional cost once the transition is complete.
With Vault for Drive, here’s what you can do with all of your Drive content, including both Google documents (such as Docs, Sheets, Slides) and other stored files (like DOCX, PDF, and JPEG):
- Search for specific users’ Drive files.
- Preview search results in Vault to make sure you find just what you need.
- Create copies of search results and export them for future use.
Setting retention policies, creating holds, and conducting domain-wide searches for Drive content are not available at this time. Get started searching for files in Google Drive.
G Suite Business
G Suite Business is the enhanced office suite. In addition to everything available in G Suite Basic, it includes unlimited Google Drive storage and Google Vault for everyone in your organization, plus additional Drive administration, audit, and reporting features. Learn more about G Suite Business.
You can more easily exclude draft messages from searches, and when creating retention rules and holds.
The Manage Exports and Manage Searches privileges can now be granted to a user for an entire organization, or only for specific organizational units (OUs). For example, you can assign a Vault administrator the Manage Searches privilege for your whole organization and the Manage Exports privilege for one OU. Privileges are still assigned in the Admin console by your G Suite administrator.
The options for setting or modifying retention periods are now more clear, and we’ve added safeguards when setting a retention period for a specified number of days.
Vault users can now search for data within a specific organizational unit (OU), in addition to searching the entire domain or searching by user account. Searching within an OU reduces the number of irrelevant search results that a domain-wide search can produce, and eliminates the need to specify individual accounts. When performing a search within a matter, select Organization then select the OU you want to search. Accounts cannot be included in an OU-based search, but you can still optionally specify a date range and search terms.
Admins can now hold specific messages—for example, from a certain date or with certain terms—for indefinite preservation in Vault. Only messages that meet the specified parameters are preserved. Previously, Vault admins had to put an entire user account on hold to preserve messages in that account. Holding an entire account is still possible. Learn more about the two types of holds.
The preview function allows Vault admins to examine the content that a custom retention rule will retain once it is set. Admins no longer have to enter a username. When admins click the Preview button, Vault displays results based on what the admin selected—a specific OU or the whole domain. Previously, admins had to enter a username to preview the results of a custom rule. Learn more about retention rules.