Using the GAT Unlock functionality within the GAT+ tool you can review email content, delete, or bin emails.
Searching for Emails in Real-time (Doesn’t depend on Email metadata scan) #
Email Content Search tab #
The Email Content Search tab is a real-time search for email metadata, a Workspace Super Admin or a Delegated Auditor provides the search operators which will then be passed via the Google API to search across all users’ Gmail accounts.
There are multiple reasons to have the ability to identify and remove emails that have been received by all or any of your domain users. Here are some unwanted scenarios:
- An email is sent to the wrong user or group
- An email contains inappropriate content
- An email that contains sensitive information
- An email that has gone past spam filtering or is a phishing email.
GAT Unlock allows Super Admins or Delegated Auditors to delete these emails from all accounts at once.
We recommend using the ‘Email Content Search’ tab for tracking down these emails.
It is a ‘real-time’ search that is highly configurable (see the ‘search tips’ link beside the search box). In the screenshot above we use the example search operators.
“SEO proposal” in:anywhere newer_than:90d
When a search is done, if the result cannot be displayed in a timely manner, the search goes into “Previous searches / Unlock”.
You can access those searches by selecting ‘Previous searches / Unlock‘. All older or background searches will be displayed there.
Once completed, under the ‘Actions’ tab select the green checkmark to display the results.
When the results are displayed, select the emails you wish to view/download/delete then click the “Email operations” button and select “Create new access request”. This action will require the approval of your designated Security Officer (SO).
Requesting Access from Security Officer #
Once the emails are selected, click on the ‘Create access request’ button and send a request to your SO (Security Officer).
Your Security Officer will have to approve your request.
Before sending the request if you intend to remove the emails rather than just view or download them then check the ‘Allow removing emails’ box.
The SO will have to approve the requests for you to be able to take the below actions.
Procedure for the Security Officer #
All Security Officers will get an email to confirm a request is pending approval.
If the Security Officer clicks on the link in the email, they will be redirected to the GAT+ tool. Within the Access Permissions tab, they will see requests pending for actions on emails.
Note: You can not self-approve the request, only another Security officer account can approve if you happen to be a Super Admin or Delegated Auditor and a Security Officer.
Note: While you wait for approval from the Security officer, you might use the tool for other searches.
After Request Was Successfully Approved by Security Officer #
When you come back to the Email Content Search tab simply select “Previous searches / Unlock” select your search and the “Email operations” button will be displayed again.
You can then delete one or all of the emails using the drop-down option in the Emails Operation button.
All emails that fall under your approval will show a lock icon.
By default, you can send the emails to the user’s Trash folder on their Gmail but if you wish to permanently delete these emails then select ‘Remove emails – permanent’.
Restore deleted emails #
If emails are deleted permanently and done by mistake they can be resoted via the Admin console for 25 days from the day of deletion.
The process is explained in this Google article