User reports: Security

View your users' account settings and exposure to security risks

As your organization's administrator, you can monitor your users' exposure to data compromise by opening a security report. Under User Reports, the Security report provides a comprehensive view of how people share and access data and whether they take appropriate security precautions. For example, you can review who installs external apps, shares numerous files, skips 2-Step Verification, and uses security keys.

Step 1: Open the security report

Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.
Go to Menu Reporting > User Reports > Security.
Requires having the Reports administrator privilege.

Step 2: Review the data

The Security report is based on the following user data.

Notes:

Depending on your Google Workspace edition, you might not have access to some of the activity reports.
Admin status is no longer available in reports. To view admin information in your Google Admin console (at admin.google.com), go to Account > Admin Roles > View Admins next to the relevant role. To view roles assigned to a specific user, you can also access admin information at Director > Users > User > Admin Roles and privileges or use the API.

Expand section | Collapse all & go to top

General

Report column	Description
External apps	Number of third-party applications authorized to access the user's data Note: To view application names for each user and revoke the access of external apps, go to View user security settings and revoke access
2-Step Verification enrollment	Lists if a user is enrolled in 2-Step Verification. Note: This data could be delayed up to 48 hours. To view real-time 2-Step Verification status for each user, go to View user security settings and revoke access.
2-Step Verification enforcement	Lists if a user is required to be enrolled in 2-Step Verification
Password length compliance	Whether the user is compliant or non-compliant with password-length requirements. For instructions on setting password requirements, go to Enforce and monitor users' password requirements. Note: If 'Unknown' appears, the user's password may have been set using a hash method. See When password policies don't apply.
Password strength	Whether the user has a strong or weak password based on the password requirements set by an administrator. For instructions on setting password requirements, go to Enforce and monitor users' password requirements. Note: If 'Unknown' appears, the user's password might have been set using a hash method. See When password policies don't apply.
User account status	User’s account status (Active, Blocked, or Suspended) A *blocked user* has violated the Terms of Service. Our system automatically suspends the user and marks them as Abusive. For more information, you can contact support. A suspended user has an account that has been temporarily disabled by an administrator. As an administrator, you can suspend a user temporarily without deleting the domain profile or associated information, such as documents and presentations. Suspended users can't sign in until an administrator restores a suspended user. Note: The Active user account status includes soft-deleted users.
Less secure apps access	Whether the user can block or allow less secure app access to their own accounts (Allowed or Denied)
Security keys enrolled	Total number of security keys enrolled by the users of this domain

Gmail

Report column	Description
Gmail (POP) - last used time	Last time the user used a Post Office Protocol (POP) access Gmail
Gmail (IMAP) - last used time	Last time the user used Internet Message Access Protocol (IMAP) mail server access Gmail
Gmail (Web) - last used time	Last time the user used web-based Gmail. Note that this timestamp is not synced with the Last Login timestamp

Drive

Report column	Description
External shares	Number of external file sharing events performed by the user
Internal shares	Number of internal file sharing events performed by the user
Public	Number of file sharing events performed by users in the domain that are made publicly available
Anyone with link	Number of file sharing events performed by users in the domain that are available to anyone with the link
Anyone in domain with link shares	Number of file sharing events performed by users in the domain that are shared with anyone in the domain with the link
Anyone in domain shares	Number of file sharing events performed by users in the domain that are visible to anyone in the domain
Outside domain	Number of file sharing events performed by users in the domain shared explicitly with individuals or groups outside the domain
Within domain shares	Number of file sharing events performed by users in the domain shared explicitly with a user or group in the domain
Private shares	Number of Drive files that are not shared at all

Step 3: Customize the data in the report

Open your report as described above.
Click Settings .
(Optional) To add columns to the chart, next to Add new column, click the Down arrow and select options from the list.
(Optional) To remove an item from the chart, next to that item, click Remove .
(Optional) To rearrange columns, drag and drop an item to a new position.
Click Save.