Get started with the security health page

Some features in the security center—for example, data related to Gmail and Drive—are non available with Deject Identity Premium.

The security health folio allows you to monitor the configuration of your security-related Admin console settings—all from one location in the Google Admin console—and to make changes to those settings.

To view the security wellness page:

  2. On the Admin console Home page, go to Security and then Security health.

Loading times for the security wellness page vary depending on your configuration.

Notes:

  • Enterprise edition customers receive all security wellness settings. With Essentials and Deject Identity Premium Edition, you receive a subset of security health features. Meet the availability information in each settings department beneath for details.
  • Changes to Admin panel settings might take upwards to 24 hours earlier propagating to the security health folio. Changes made to the settings through the Admin console tin exist audited in the Admin Console inspect log.
  • Super admins can view all settings on the security health folio. Other admins need to be granted specific administrator privileges to view security health settings.

Condition cavalcade

View the number of organizational units for which a setting is enabled or disabled. On each row, the status for these settings is displayed. For example, Enabled for one org unit, or Disabled for x org units.

View organizational units with risky configurations

To view your Google Admin console settings and make changes, under Status, click the blue links (for instance,5 org units). This opens a window that displays a tree structure with a list of organizational units with risky configurations. Click any of the organizational units in this window to directly admission the security settings for that organizational unit. You can then make adjustments to your settings if needed.

Notation that organizational units that inherit setting status might also be affected by your changes. For more details, run into How the organizational structure works.

View security recommendations

Depending on the setting status, the far-right column displays a gray icon that yous can click for a list of security recommendations, or it displays a green checkbox to betoken a secure configuration. Click the greyness icons for more details and instructions.

Security health page

Security health settings

You can monitor the security health of the post-obit settings:

Category Setting
Gmail
  • Automatic electronic mail forwarding
  • Comprehensive mail storage
  • Bypassing spam filters for internal senders
  • Popular and IMAP access for users
  • DKIM
  • SPF record
  • DMARC
  • Approved senders without hallmark
  • Canonical domain senders
  • Email whitelist IPs
  • Add spam headers setting to all default routing rules
  • MX record configuration
  • MTA-STS configuration

Supported edition: Enterprise Plus, Education

  • Attachment rubber
  • Links and external images safety
  • Spoofing and authentication safety

Supported editions: Enterprise Plus

Drive

  • Drive sharing settings
  • Warning for out-of-domain sharing
  • Access Checker
  • Drive add-ons
  • Access to offline docs
  • Desktop access to Drive
  • File publishing on the web
  • Google sign-in requirement for external collaborators

Supported editions: Enterprise Plus, Pedagogy

Device direction

  • Blocking of compromised mobile devices
  • Mobile management
  • Mobile countersign requirements
  • Device encryption
  • Mobile inactivity reports
  • Machine account wipe
  • Application verification
  • Installation of mobile applications from unknown sources
  • External media storage

Supported editions: Enterprise, Education, Cloud Identity Premium

Security
  • Two-pace verification for users
  • Two-step verification for admins
  • Security key enforcement for admins

Supported editions: Enterprise, Teaching, Deject Identity Premium

  • Security key enforcement for users

Supported editions: Enterprise Plus

Hangouts

  • Hangouts out of domain alert

Supported edition: Enterprise Plus, Instruction

Groups

  • Groups cosmos and membership

Supported edition: Enterprise Plus, Education

Market apps

  • Google Workspace Marketplace applications usage

Supported edition: Enterprise Plus, Education

Agenda
  • Calendar sharing policy

Supported edition: Enterprise Plus, Teaching

  • Access to Calendar when offline

Supported editions: Enterprise Plus

Sites

  • Sites sharing policy

Supported edition: Enterprise Plus, Education

About making changes to your settings

Security considerations versus business needs
In add-on to security considerations and all-time practices, y'all may have business needs to enable or disable certain settings. Balance these priorities when evaluating the status of your settings.

Organizational units and inheritance
You tin can enable or disable settings for an organizational unit. You lot can likewise configure a child arrangement to override the setting in a parent organization; otherwise, the kid arrangement inherits the parent setting.

Limitations with multiple domains
You lot can't set up different policies or configuration settings for specific domains. All settings in the Google Admin console utilise to all domains that are part of your business relationship. For more information, see Limitations with multiple domains.

For more details and instructions about the security center, see About the security center.

Was this helpful?

How can nosotros amend it?