Rencore
Connectors · Google Private Preview

Google Workspace

Rencore monitors Google Workspace across 22 governance policies, 12 reports, and 11 inventories, detecting Drive oversharing, group sprawl, and stale accounts automatically.

Digital Workplace
Published For IT Admin, Head of IT, CISO

Google Workspace is in private preview. Join the waiting list and we will reach out when access opens up.

Join the waiting list

Rencore Google Workspace governance is a set of 22 policies, 12 reports, 13 segments, and 11 inventories that continuously audit Google Drive, Docs, Sheets, Sites, Groups, and Chat. It detects files shared publicly via Drive links, groups with external members beyond policy, admin roles assigned without documented justification, and users deactivated in Entra ID who retain Google Workspace access.

64 governance capabilities: 11 inventories · 22 policies · 12 reports · 13 segments · 5 automations

Why govern Google Workspace with Rencore

  • Control Drive sharing

    Detect files shared publicly via link, documents accessible to anyone with the URL, and sharing patterns that bypass organizational data protection policies. Prioritize findings by file sensitivity.

  • Manage groups and membership

    Find groups with external members, groups without assigned owners, and chat spaces with stale membership. Reports show group activity trends and membership patterns.

  • Enforce user lifecycle

    Identify users deactivated in Entra ID who still have active Google Workspace access, admin roles assigned beyond policy, and accounts without recent sign-in activity.

  • Unify cross-platform governance

    Organizations using Google Workspace alongside Microsoft 365 get a single governance view. Rencore links Google users to M365 identities by email for consistent cross-platform oversight.

What Rencore discovers

Rencore automatically inventories these Google Workspace object types.

  • Google Workspace Tenant

    Top-level Google Workspace tenant; root container for users, groups, drives, and Chat spaces.

  • Google User

    Individual Google Workspace user account.

  • Google Org Unit

    Organizational unit within the Google Workspace tenant.

  • Google Shared Drive

    Shared (Team) Drive in Google Drive.

  • Google Drive File

    Any file in Google Drive; discriminated by mime type.

  • Google Doc

    Google Docs document (mimeType=application/vnd.google-apps.document).

Google Workspace inventory card in Rencore

How Google Workspace governance works in Rencore

Rencore connects to Google Workspace via Google Admin and Drive APIs, inventorying files, folders, sharing links, users, groups, admin roles, and chat spaces. It links Google users to M365 users by email for cross-platform identity governance. Policies run on every scan cycle and flag sharing, access, and lifecycle violations.

Who uses Google Workspace governance

IT administrators use it to maintain clean Drive sharing hygiene and manage group lifecycle. CISOs rely on external sharing policies to detect data exposure risks across Google and Microsoft platforms. Heads of IT use reports to compare governance posture between Google Workspace and Microsoft 365.

Getting started

Provide Rencore with Google Workspace Admin API credentials. All 22 policies activate on first scan, covering Drive, Groups, Chat, and user accounts. Rencore links Google users to Entra ID automatically.

Policies

22 governance rules that detect violations and risks.

Google Workspace policies card in Rencore

  • Drive file shared with anyone-with-link

    Detects active Drive files where the link grants access to anyone (any internet user).

    High External Access

  • Drive file shared outside the domain

    Detects active Drive files with at least one permission granted to users outside the tenant domain.

    High External Access

  • Shared Drive allows external members

    Detects Shared Drives where the domain-users-only restriction is disabled.

    High External Access

  • Shared Drive without domain restriction holds content

    Detects Shared Drives where the domain-users-only restriction is disabled and the drive contains files.

    High External Access

  • Admin with domain-wide delegation enabled

    Detects super admins that also have domain-wide delegation flagged.

    High Security

  • Google Group with external members

    Detects Google groups with at least one member outside the tenant domain.

    Medium External Access

Need a rule that isn't listed? Rencore's Policy Builder lets you create custom policies tailored to your organization. Learn more about the Policy Builder

Reports

12 analytics views and dashboards.

  • External Drive shares over time

    Count of externally shared Drive files created per month over the last 12 months.

    Line Chart · External Access

  • Drive files by Shared Drive

    Top 10 Shared Drives by file count.

    Bar Chart · Operation

  • Top Google groups by membership

    Top 10 Google groups ranked by direct member count.

    Bar Chart · Operation

  • Chat spaces by type

    Distribution of Chat spaces across SPACE, GROUP_CHAT and DIRECT_MESSAGE types.

    Donut Chart · Operation

  • 2-step verification adoption

    Active Google users by 2-step verification enrollment status.

    Donut Chart · Security

  • Top users by storage used

    Top 10 active Google users ranked by storage consumed.

    Bar Chart · Costs

Google Workspace reports card in Rencore

Automations

5 automated remediation workflows.

  • Remove Drive External Share

    Removes all anyone-with-link permissions from a Drive file after approval.

  • Delete Google Group

    Deletes a Google directory group after approval.

  • Delete Empty Shared Drive

    Deletes a Shared Drive that contains no files after approval.

  • Transfer Drive File Ownership

    Transfers ownership of a Drive file to a designated archive user after approval.

  • Delete Chat Space

    Deletes an inactive Google Chat space after approval.

Segments

13 data groupings for targeted filtering.

  • Externally shared Drive files

    Drive files with at least one permission granted outside the tenant domain.

  • Public Drive files

    Drive files marked as discoverable to anyone on the internet.

  • Suspended Google users

    Users marked as suspended in Google Workspace.

  • Google Workspace admins

    Users with admin privileges in Google Workspace.

  • Admins without 2-step verification

    Admin users who have not enrolled in 2-step verification.

  • Google groups with external members

    Google groups containing at least one member outside the tenant domain.

  • Empty Shared Drives

    Shared Drives that contain no files.

  • Inactive Chat spaces

    Named Chat spaces with fewer than 2 members.

  • Google users without 2-step verification

    Active Google users that have not enrolled in 2-step verification.

  • Stale Drive files (>365 days)

    Drive files not modified in the last 365 days.

  • Large Drive files (>500 MB)

    Drive files exceeding 500 MB in size.

  • High-storage Google users (>90%)

    Google users whose storage usage exceeds 90% of their assigned quota.

  • Shared Drives without domain restriction

    Shared Drives that allow non-domain members and contain at least one file.

Frequently asked questions

What governance areas does Rencore cover?
Rencore covers six governance pillars: visibility and inventory across all Microsoft 365 services, ready-to-go policies with over 100 pre-built governance checks, compliance and audit evidence collection for regulatory requirements, extensibility and customization through custom policies and automations, cross-department collaboration with shared dashboards and role-based access, and AI and Copilot readiness to prepare tenants for secure AI adoption.
What is Rencore governance?
Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.
How do Rencore policies work?
Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.

Trusted by

MAPALBAMVille de LuxembourgWACKERGRUNDFOSAMGENOsramLufthansaHoneywellThyssenKruppSunrisePattern

See Rencore in your tenant

Connect your environment in minutes and surface the governance findings that matter on day one.

Try Rencore for free Book a demo