You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
April 07, 2026
Managed workload identity and Workload Identity Federation custom constraints are available. For more information, see Custom organization policy constraints for managed workload identity and Custom organization policy constraints for Workload Identity Federation.
March 26, 2026
You can use Gemini Cloud Assist to create and test custom organization policy constraints. For more information, see Test custom constraints with Gemini Cloud Assist. This feature is in Preview.
February 15, 2026
Control of MCP use with organization policies is deprecated. After March 17,
2026, organization policies that use the gcp.managed.allowedMCPServices
constraint won't work, and you can control MCP use with Identity and Access Management deny
policies. For more information about controlling MCP use, see Control MCP use
with IAM.
February 09, 2026
Organization Policy Service custom constraints are available for some Network Connectivity resources. For more information, see Manage VPC resources by using custom organization policies.
February 02, 2026
Organization Policy Service custom constraints are available for some Artifact Analysis resources. For more information, see Use custom organization policies.
Organization Policy Service custom constraints are available for some Storage Transfer Service resources. For more information, see Custom organization policy constraints.
November 13, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Dataform resources. For more information, see Create custom organization policy constraints. This feature is generally available (GA).
November 11, 2025
The list of organization policy constraints that are enforced when an organization resource is created has changed. The following Google Cloud security baseline constraints are enforced for all organizations created on or after May 3, 2024:
constraints/iam.managed.disableServiceAccountKeyCreationconstraints/iam.managed.disableServiceAccountKeyUploadconstraints/iam.automaticIamGrantsForDefaultServiceAccountsconstraints/iam.allowedPolicyMemberDomainsconstraints/essentialcontacts.managed.allowedContactDomainsconstraints/compute.managed.restrictProtocolForwardingCreationForTypesconstraints/storage.uniformBucketLevelAccess
For more information, see Manage baseline constraints.
November 05, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some BigQuery resources. For more information, see Manage BigQuery resources using custom constraints. This feature is generally available (GA).
October 30, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Certificate Authority Service resources. For more information, see Manage Certificate Authority Service resources using custom constraints. This feature is generally available (GA).
You can use custom constraints with organization policies to provide more granular control over specific fields for managed workload identities. For more information, see Use custom organization policies for Managed workload identities. This feature is generally available (GA).
You can use custom constraints with organization policies to provide more granular control over specific fields for some BigQuery sharing resources. For more information, see Manage Sharing data exchanges and listings using custom constraints. This feature is in preview.
October 14, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Datastream resources. For more information, see Create custom organization policy constraints. This feature is generally available (GA).
October 10, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Application Integration resources. For more information, see Manage Application Integration resources using custom constraints. This feature is available in Preview.
October 06, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Dataform resources. For more information, see Create custom organization policy constraints. This feature is generally available (GA).
October 03, 2025
Select Workload Identity Federation resources let you use custom constraints to define your own restrictions on Google Cloud services. To learn which Workload Identity Federation resources support custom constraints and to view sample use cases, see Use custom organization policies for Workload Identity Federation.
This feature is available in General Availability.
September 18, 2025
Select Cloud Load Balancing resources let you use custom constraints to define your own restrictions on Google Cloud services. To learn which Cloud Load Balancing resources support custom constraints and to view sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
This feature is available in General Availability.
September 11, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Live Stream API resources. For more information, see Use custom constraints.
September 09, 2025
Preview: Eight new organization policy constraints are available to help you enforce security best practices for Compute Engine virtual machine (VM) instances.
These managed constraints simplify governance for common security scenarios and integrate with safe rollout tools like dry-run and simulation, letting you test their impact before enforcement.
The new constraints are as follows:
compute.managed.disableNestedVirtualizationcompute.managed.disableSerialPortAccesscompute.managed.disableSerialPortLoggingcompute.managed.disallowGlobalDnscompute.managed.requireOsConfigcompute.managed.requireOsLogincompute.managed.vmCanIpForwardcompute.managed.vmExternalIpAccess
These constraints can evaluate metadata values at the VM instance, project, or zonal level. For more information about these managed constraints, see the list of managed constraints.
September 08, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Cloud Deploy resources. For more information, see Use custom organization policies.
August 28, 2025
Certain organization policy managed
constraints
that were released on August 21, 2025 were not functioning as intended. The
Organization Policy Service evaluated these constraints as if the
effectiveInstanceMetadata field of the resources that they were enforced on
was empty, causing them to always evaluate to either allow or deny access to the
resource.
The following managed constraints were evaluated to always allow creation of resources where they were enforced:
constraints/compute.managed.disableGuestAttributesAccessconstraints/compute.managed.disableSerialPortAccessconstraints/compute.managed.disableSerialPortLogging
The following managed constraints were evaluated to always block creation of resources where they were enforced:
constraints/compute.managed.disallowGlobalDnsconstraints/compute.managed.requireOsConfigconstraints/compute.managed.requireOsLogin
This issue has been corrected, and these constraints now properly evaluate the
effectiveInstanceMetadata field to determine whether resource creation should
be allowed or blocked.
August 18, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Backup for GKE resources. For more information, see Manage Backup for GKE resources using custom constraints. This feature is generally available.
You can now use organization policy conditions to match a tag key. This lets you enable or disable enforcement against all resources with that tag key, regardless of what tag value is attached. For more information, see Scope organization policies with tags.
July 25, 2025
Organization policies in dry-run mode are reporting inconsistent results for the following managed constraints:
constraints/compute.managed.restrictProtocolForwardingCreationForTypesconstraints/iam.managed.allowedPolicyMembersconstraints/essentialcontacts.managed.allowedContactDomainsconstraints/compute.managed.blockPreviewFeatures
If a resource inherited an organization policy in dry-run mode that uses any of these managed constraints, that dry-run policy was evaluated without using the parameters specified in the live policy. Normally, an organization policy in dry-run mode that's inherited on a resource is overridden by the live organization policy set directly on that same resource. Not evaluating the live organization policy parameters in the inherited organization policy in dry-run mode led to inconsistent results.
Our engineering team is working to resolve this issue.
July 01, 2025
June 13, 2025
Custom organization policies are now generally available for some API keys. For more information, see Creating and managing custom constraints.
June 10, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for indexes and index endpoints in Vector Search. For more information, see Create custom constraints for Vector Search.
May 15, 2025
Support for creating custom organization policy constraints in Eventarc Advanced and for creating custom organization policy constraints in Eventarc Standard is generally available for some Eventarc resources.
May 12, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Cloud Quotas resources. For more information, see Use custom organization policies. This feature is available in Preview.
May 06, 2025
You can use custom constraints with organization policies to provide more granular control over specific fields for some Knowledge Catalog and data lineage resources. For more information, see Manage Knowledge Catalog resources using custom constraints and Manage data lineage resources using custom constraints. This feature is generally available (GA).
April 17, 2025
Custom organization policies are now generally available for Filestore. For more information, see Creating custom constraints for Filestore.
April 08, 2025
Custom organization policies are now generally available for Identity-Aware Proxy. For more information, see Use custom organization policies.
March 26, 2025
Custom organization policies are now available in Preview for Resource Manager. For more information, see Create custom constraints.
March 21, 2025
Custom organization policies are now generally available for Access Context Manager and VPC Service Controls. For more information, see Manage Access Context Manager resources with custom constraints and Create custom constraints for VPC Service Controls.
March 18, 2025
Custom organization policies are now generally available for Cloud Service Mesh. For more information, see Set up custom constraints.
March 17, 2025
You can enforce mandatory tags on resources using custom organization policies. When a user attempts to create a resource, the system checks for the presence of the mandatory tags. If any mandatory tag is missing or does not have a value, the resource creation is blocked. By defining mandatory tags within an organization policy, you can ensure that all newly created resources adhere to your organization's tagging standards. This feature is available in Preview.
For more information, see Enforcing mandatory tags on resources.
March 14, 2025
Custom organization policies are now generally available for Cloud Composer. For more information, see Create custom organization policy constraints.
February 27, 2025
Custom organization policies are now generally available for the Video Stitcher API. For more information, see Create custom constraints for the Video Stitcher API.
Custom organization policies are now generally available for Service Management. For more information, see Manage Service Management resources with custom constraints.
February 20, 2025
Custom organization policies are now generally available for Cloud Healthcare API. For more information, see Use custom organization policies.
February 19, 2025
Custom organization policies are now generally available for Essential Contacts. For more information, see Creating custom constraints for Essential Contacts.
February 14, 2025
Custom organization policies are now generally available for Cloud Logging. For more information, see Use custom organization policies.
February 13, 2025
Custom organization policies are now generally available for security posture resources. For more information, see Add a custom organization policy.
February 11, 2025
Custom organization policies are now generally available for Identity-Aware Proxy. For more information, see Use custom organization policies.
Custom organization policies are now generally available for Developer Connect. For more information, see Create custom organization policies.
Custom organization policies are now generally available for Cloud DNS. For more information, see Create custom organization policy constraints.
Custom organization policies are now generally available for Managed Service for Apache Spark. For more information, see Use custom constraints.
Custom organization policies are now generally available for Spanner. For more information, see Add a custom organization policy.
February 06, 2025
You can now create custom organization policies for Workflows. For more information, see Create custom organization policy constraints for Workflows.
February 05, 2025
You can now create custom organization policies for Cloud Monitoring alerting policies, notification channels, and snoozes. For more information, see Use custom organization policies.
January 21, 2025
You can use custom constraints with Organization Policy Service to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.
January 15, 2025
You can use custom constraints with Organization Policy Service to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.
December 19, 2024
The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.
You can use the iam.managed.allowedPolicyMembers managed organization policy
constraint to implement domain restricted sharing. For more information, see
Domain restricted sharing.
You can use custom constraints with Organization Policy Service to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.
December 17, 2024
You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).
December 16, 2024
Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.
This feature is available in General Availability.
December 09, 2024
You can use the
iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed
organization policy constraint to prevent default service accounts from being
granted the Editor (roles/editor) or Owner (roles/owner) roles. For more
information, see Prevent the Owner and Editor role from being granted to
default service
accounts.
Using Identity and Access Management attributes in custom organization policies is generally available. For more information, see Use custom organization policies.
December 06, 2024
October 29, 2024
Organization policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.
May 03, 2024
Starting on June 16, 2024, if you don't set a value for the iam.serviceAccountKeyExposure organization policy constraint, Google Cloud will default to the behavior described for DISABLE_KEY.
February 12, 2024
February 06, 2024
You can use the Google Cloud console with Policy Simulator for Organization Policy to test organization policies. This feature is available in Preview.
December 20, 2023
The dry-run feature for organization policy is now in General Availability.
December 12, 2023
Organization policy custom constraints allow you to configure customizable organization policies to prevent the misconfiguration of resources and help you meet your security and compliance goals. This feature is now in General Availability.
November 07, 2023
You can use the Google Cloud console to analyze organization policies. This feature is available in Preview.
July 27, 2023
Policy Simulator for Organization Policy allows you to test organization policies before they are enforced. This feature is available in Preview.
New organization policy constraints have launched into general availability to define service attachment controls for Private Service Connect consumers. For more information, see Manage security for Private Service Connect consumers.
July 26, 2023
Two automatically configured organization policy constraints have launched into general availability to provide advanced regulatory control for Assured Workloads. For more information, see Organization policy constraints.
New organization policy constraints have launched into general availability to define access and creation controls for Vertex AI Workbench notebooks and instances. For more information, see Organization policy constraints.
June 16, 2023
You can now monitor how custom constraints would impact your organization's workflows by setting custom constraints in dry-run mode.
April 18, 2023
You can now test organization policies using the Google Cloud console.
March 08, 2023
You can now test organization policies to monitor how policy changes would impact your workflows before they are enforced.
November 18, 2022
Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.
August 24, 2022
Organization policy custom constraints have launched into public preview. Custom constraints can allow or restrict access to API calls in the same way that predefined constraints do, but allow administrators to configure conditions based on request parameters and other metadata. For more information, see Create custom constraints.
August 02, 2022
Two organization policy constraints have launched into general availability to help ensure CMEK usage across an organization. For more information, see CMEK organization policies.
June 14, 2022
The following organization policy constraints to restrict resource creation of global security configuration have launched into general availability:
- Disable Creation of Google Cloud Armor Security Policies
- Disable Creation of global self-managed SSL Certificates
- Disable Global Load Balancing
- Disable Enabling Identity-Aware Proxy (IAP) on global resources
- Disable Enabling IAP on regional resources
May 04, 2022
The resource usage restriction organization policy constraint has launched into general availability.
September 20, 2021
The Organization Policy Service v2 API reference documentation is now available. For more information, see the API reference documentation.
August 09, 2021
You can now use the Google Cloud console to manage your organization policies with tags. For more information, see Scope organization policies with tags.
July 27, 2021
The organization policy constraints Allowed ingress settings and Allowed VPC egress settings for Cloud Run have launched into general availability.
March 16, 2021
The Organization Policy Service v2 API has launched into general availability.
- You can now apply conditions for the enforcement of organization policies. For more information, see Scope organization policies with tags.
- For more details about the v2 version of the API, see Create organization policies.
September 24, 2020
The organization policy constraints for Direct Path disablement have launched into beta.
August 26, 2020
The organization policy constraint for Cloud NAT has launched into beta.
August 19, 2020
The organization policies for restricting Cloud Interconnect usage have launched into beta.
The organization policy for restricting protocol forwarding creation has launched into general availability.
The organization policy for restricting Cloud Load Balancing creation has launched into general availability.
August 14, 2020
The organization policy for extending the maximum lifetime for OAuth 2.0 access tokens that you create for a service account has been launched into general availability.
July 20, 2020
The organization policy for enabling detailed Cloud Audit Logs has launched into general availability.
July 17, 2020
The organization policy for restricting protocol forwarding creation has launched into public beta.
July 01, 2020
The organization policy for restricting automatic Identity and Access Management permission grants to new service accounts has launched into general availability.
June 15, 2020
The organization policy for restricting peer IP addresses through a Cloud VPN tunnel has been launched into general availability.
April 10, 2020
The Organization Policy Service resource locations constraint has launched for general availability. This constraint allows you to define the location where your resources are created, providing important data location compliance tools. For more information, see the Restrict resource locations.
January 30, 2020
VPC Service Controls helps you to set up a secure perimeter to guard against data exfiltration. The VPC Service Controls organization policies have been launched into public beta.
January 10, 2020
The domain-restricted sharing organization policies have been launched into general availability.
September 12, 2019
The organization policies for service account management have been launched into general availability.
June 26, 2019
Resource location restriction constraint beta release
The Organization Policy Service resource locations constraint allows you to define the location where your resources are created. For more information, see the quickstart or the how-to guide.
October 11, 2018
Organization policy administrative UI beta release
The Organization Policy Service administrative UI allows you to create and manage organization policies in the Google Cloud console.
July 12, 2018
Service account restriction organization policy constraint beta release
The service account restriction constraint can be used to limit the usage of Identity and Access Management service accounts.
July 09, 2018
Domain restriction organization policy constraint beta release
The domain restriction constraint can be used to restrict the set of identities that can be used in Identity and Access Management policies.
July 27, 2017
Organization Policy Service General Availability
The Organization Policy Service gives you central, programmatic control over your organization's Google Cloud resources. It provides a simple mechanism for you to restrict allowed configurations across your entire cloud resource hierarchy.