October 29, 2025
Enhanced admin audit log events
What’s changing
We are updating the schema and event modeling for several Admin audit log events, specifically some of the events related to account security, Gmail, and Drive settings, along with other admin-defined setting audit logs. These improvements aim to make the logs more understandable, detailed, and precise. A complete list of the updates can be found in the Help Center.
The updates involve changes to event names, event types, and the volume of these affected log events. Some legacy events may be redundant as a part of this change. If you're using any legacy events, some of the updates might require changes to your existing queries, alerts, and reports to get the full benefit of the changes. Both the new and old events will continue to be available for you to make the necessary changes.
Who’s impacted
Admins
Why it matters
Granular audit logs are critical to helping organizations investigate cybersecurity incidents and understand their data usage. The changes announced today expand the depth of analysis that can be performed.
Rollout pace
- Rapid and Scheduled release domains: Gradual rollout - up to 15 days for feature visibility starting October 29 2025
Getting started
- Admins: As the changes become available, you can get started with your analysis in either the Audit and Investigation tool.
- End users: There is no end user setting for this feature.
Availability
- Available for Google Workspace with Audit Log eligible licenses. To learn more about the Audit Log availability for your license types, please review this article.