Can anyone clarify if the impacted files are files in the domain that are published publicly and/or have "anyone with the link" enabled?

@dominik i think this may be a good idea for a recorded session too for workspaceadmins.org 😉 

We are also very curious about this change. We started a Google Support chat to confirm when the new URLs can be created and will there be a short time when both URL's work. We have used the sharing link feature for sharing things on our websites and heavily at our library, so we have hundreds if not thousands of links out there. The support specialist said that the URLs will not change until the Sept 13th date. But if that is correct, that means all of our links will break on the same day, with no chance to fix them during a grace period. Has anybody else had this confirmed this? We obviously want to enable this feature, but we also don't want to have all of our publicly shared links broken at once. 

A follow-up question: the message in Alert Center helpfully tells us how many files are shared, but is there any way to get a list of the files and their owners? Not really looking forward to dealing with 17k+ files during the summer when staff may not actually be around to fix their own links...

Admins can use the Alert Center to see how many users, folders, shared drives, and files are affected in your organization. Look for an alert with the subject “Security update for Drive.” There is no information provided on how admin can view the affected users and files

We have 360,000 items to manage... A lot are linked on public websites too.

I don't think this has been communicated well at all, I'm sure I'm not the only one with questions.

Some questions:

• If we choose to 'Remove the security update', will newly published files after September have the new link security anyway?
• If we choose to 'Remove the security update', can a user apply it manually to a file?
• Who would have permission to 'remove the security update' on a file (if the option 'Apply but users can remove it) - is it only the Owner, or can Editors do this?
• The document says "There’s no option to remove the security update from folders" - we have 23,000 public folders apparently, does this mean that every single one of those will break its published link, no matter what we do?
• Can a user find all their files & folders that they have shared to 'anyone with the link'?
• Can there not be an option like 'Remove the security update, but prompt users to review their files and apply to any that they don't want public?

I don't see that we realistically can do anything other than 'remove the security update' at this point.

• If we choose to 'Remove the security update', will newly published files after September have the new link security anyway?
  • Google has already given the number of affected files and folders. This means it is not going to affect any new files / folders gets created after this
• If we choose to 'Remove the security update', can a user apply it manually to a file?
  • As per the update that's a NO. Google will push the update after Sep 13 to the folders and files links remain same.
• Who would have permission to 'remove the security update' on a file (if the option 'Apply but users can remove it) - is it only the Owner, or can Editors do this?
  • My interactions with google recently on this says that if the user has capability to update this for any document they will see it under the update email or prompt in google drive
• The document says "There’s no option to remove the security update from folders" - we have 23,000 public folders apparently, does this mean that every single one of those will break its published link, no matter what we do?
  • Links for the folder will be changed and for whoever the access is lost they see a request access screen 
• Can a user find all their files & folders that they have shared to 'anyone with the link'?
  • When user is given option to update the security settings google says that they would see the affected files and folders in the drive UI. There is no mention of what type of files they would see etc.. are not mentioned in the update
• Can there not be an option like 'Remove the security update, but prompt users to review their files and apply to any that they don't want public?
  • Not possible as per the instructions provided here

Hope this helps

sharing this for all the GAM users here to validate information that Google provided. This obviously only scans items in user's My Drive, if you have Shared Drives affected, you will need to go through a few additional steps to get the list of shared drives and organizers (managers) and use that csv to iterate through the items in the shared drive.

gam config csv_output_row_filter "'linkShareMetadata.securityUpdateEligible:boolean:true'" auto_batch_min 1 redirect csv - multiprocess todrive all users print filelist fields id,title,permissions,owners.emailaddress,resourcekey,linksharemetadata,mimetype query "visibility='anyoneWithLink'"

Does anyone know how/if this will impact internally shared documents across the domain or group if the user has not previously accessed the file?

Hello ,

Can anyone share screenshots of this update looks at the user end? I mean how it provide an option apply the update or remove it etc

Thanks

VK

I can share the following comments from Google about the security update.

1. Is Google sending one email per item per user?

[Google] If you apply the security update before July 23, Drive will notify your impacted users so that they can see which files might have changes in access (/may have increased access requests). 

2. Is Google attaching a report of impacted files/folders/shared drive with URLs for each
owner to review their items?

[Google] No. Given the sensitive nature of this information, we aren’t providing a full list of
impacted files, shared drives, and users. You won't be able to determine what files are affected
at this time. However, after Sept 13, 2021, you can search for all files that have the security
update applied by using this advanced search query: ‘is:security_update_applied’ as well as
search for all files that have the security update removed, by using this advanced search query:
‘is:security_update_removed’.

3. How will users apply updates to their impacted folders/files? Will there be a one-click
apply/ don't apply solution (bulk update) for impacted files? Will Drive show a list of
impacted files?

[Google] You, as an Admin, can opt in to have your users choose when to apply these updates
for their own files by changing the “Security update” setting to “Apply security update to all
impacted files” and/or “allow users to remove/apply the security update from files they own or
manage. Opting into this setting will trigger a notification to end-users after July 23rd, 2021 at
which point they will be able to see their impacted files within Drive and can opt in/out for each file.

(no additional information provided on what the user would see to opt in or out for each file)

4. Regarding shared drives, who will be receiving notifications?
[Google] If you choose to opt into notifying your end users, only the manager of a
shared drive will be able to opt in/opt out of applying this security update to affected files.

So, if I have understood correctly, the update will apply automatically as of 13 Sept, however end users who are notified starting from Jul 26 can manually update the sharing links for the files they own which are affected by this update?

Would admins need to ensure that 'allow security update to all impacted files' is enabled for the above to take place, or will the setting 'Allow users to remove/apply the security update for files they own or manage' need to be enabled also? In an EDU environment, the second option is not recommended, and most tenants would want to have the update applied, and remove that decision making from the end user.

Does anyone know whether links to enter data into Google Forms will be affected?

I am hoping it will only be if we have shared the form for editing, not the links sent out to fill out the form. We have plenty of published Google Forms as well, across lots of different users.

FYI - I am noticing that some files are beginning to have a resource key appended to them- if I search in My Drive for 'is:security_update_applied' I get some files showing up, but definitely not all files shared as 'anyone with the link'. If I query the link it looks like "https://drive.google.com/file/d/<file ID>/view?usp=sharing&resourcekey=<resourcekey>".