Some alerts are limited or unavailable if you’re using an external SSO ldP.
As your organization's administrator, you can receive email alerts when something important happens in your organization, such as a suspicious sign-in attempt, a compromised mobile device, or when another administrator changes settings. When you turn on an alert for an activity, you'll receive an email each time that activity happens, up to 25 emails in 2 hours.
Tip: If you’re using a personal account, you can see devices that have used your account.
You can edit the alerts described below from the Security rules page. From the Google Admin console, go to Security > Security rules, and view the rules that are categorized as the System defined rule type. For more details, see Create, edit, and view Security rules. See also Create, edit, and view Reporting rules.
User activity alerts
- Apps outage alert—new, updated, or resolved outage on the G Suite Status Dashboard (G Suite only)
- New user added
- Government-based attack
- Suspended user made active
- Suspicious login activity
- User deleted
- User granted Admin privilege
- User suspended
- User’s Admin privilege revoked
- User’s password changed
Mobile device activity alerts
- Device compromise update (also alerts when a device is no longer compromised)
- Suspicious mobile activity (any changes to device model, serial number, Wi-Fi MAC address, device policy app privilege, manufacturer, device brand, device hardware, or bootloader version on a user’s device)
Alerts for settings changed by other administrators
- Calendar settings changed (G Suite only)
- Drive settings changed (G Suite only)
- Gmail settings changed (G Suite only)
- Mobile settings changed (any mobile management settings are changed)