Next Generation API Data Protection for Google Drive

Using API Data Protection involves configuring the API connection for your Google Drive app.

To use the Next Generation API Data Protection for Google Drive, you need to log in to your Google admin console, enter the Client ID and OAuth scopes, and authorize it. The following sections explain how to client ID and OAuth scopes and how to configure the connection.

Why you should move to Next Generation API Data Protection?

• Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.

• Ability to define threat protection policies.

• Unified inventory page, for threat hunting and forensic analysis.

• Ultra-low time to detect and remediate to non-compliant activities.

• Support for Google Drive badged labels as a policy condition.

Capability Differences Between Classic & Next Generation API Data Protection

Here is a list of feature parity for Google Drive between classic and Next Generation API Data Protection.

Feature	Sub-category	Classic	Next Generation
Instance Selection	-	Yes	Yes (multiple)
User Selection	Target all Teams Drive with Exception	Yes	Yes (manual process using Scan Options)
	Subset of Team Drives	Yes	Yes (manual process using Scan Options)
	User Profiles	Yes	Yes
	AD User Groups	Yes	Yes
	Exclude Users	Yes	Yes
	Exclude User Profiles	Yes	Yes
File Sharing	All Sharing Options	Yes	Yes
	Specific Sharing Options	Yes	Yes
	Private Sharing Options (Specific Sharing Options)	Yes	Yes
	Public Sharing Options (Specific Sharing Options)	Yes	Yes In Next Gen, public sharing is called Anonymous.
	Share Content Internally (Specific Sharing Options)	Yes	Yes
	Sharing Content to More than X Internal Collaborator (Specific Sharing Options)	Yes	Yes
	Sharing Content Externally (Specific Sharing Options)	Yes	Yes
	Sharing with All External Domains (Specific Sharing Options)	Yes	Yes
	Sharing with Specific External Domains (Specific Sharing Options)	Yes	Yes
	Sharing Content to More than X External Collaborator (Specific Sharing Options)	Yes	No
	Sharing Across Enterprise Organization (Specific Sharing Options)	Yes	Yes
	Sharing Enterprise shared with Everyone (Specific Sharing Options)	Yes	Yes
	Sharing Enterprise shared with Everyone Except External Users (Specific Sharing Options)	Yes	Yes
	Sharing Content with a Selected set of User Groups (Specific Sharing Options)	Yes	No
File Type to Scan	All File Type	Yes	Yes
	Specific File Type	Yes	Yes, file type list is similar to DLP file type list.
DLP	DLP Profiles	Yes	Yes (multiple)
	DLP Incidents	Yes	Yes
	DLP Quarantine	Yes	Yes
	Manual Remediation Action (Restrict Access) from Incidents	Yes	Yes
Quarantine	Quarantine Restore	Yes	No
Threat Protection	Threat Protection Feature in Instance Configuration	Yes	Yes
	Severity Based Action - Quarantine	Yes	No
	Severity Based Action - Remediation	Yes	No
Forensics	Google Drive as Forensic Store	Yes	Yes (classic API Data Protection instance as a forensic destination)
Inventory	Inventory Dashboard	Yes	Yes (with unified Inventory page)
	Inventory Details Panel (File Details, Sharing, Links, Recent Activities)	Yes	Partially available (File Details, Recent Activities, DLP Violation)
	Manual Actions for Remediation (Restrict Access)	Yes	Yes
Action	Alert	Yes	Yes
	Delete	Yes	Yes
	Legal Hold	Yes	No
	Encrypt	Yes	No
	IRM Protect	Yes	No
	Quarantine	Yes	Yes
	Disable Print & Download	Yes	No
	Change Ownership	Yes (to admin)	Yes (to any specific email)
	Restrict Access	Yes	Yes
	Restrict Access Owner Selected	Yes	Yes
	Restrict access - remove public links	Yes	Yes
	Restrict Access Internal User Selected	Yes	Yes
	Restrict Access to Remove Public Links	Yes	Yes
	Restrict Access to Remove Individual Users	Yes	Yes
	Restrict Access to Remove Organization Wide Links	Yes	Yes
REST API Support		Yes	No
Notifications	Email Notifications	Yes	Yes
Detection & Remediation	MTTD & MTTR (Mean time to detect/resolve)	Fast	Ultra-fast
Google Badged Label Support	-	No	Yes

• Configure Google Drive for the Next Generation API Data Protection