Get started with the security health page

The security health page allows you to monitor the configuration of your security-related Admin console settings—all from one location in the Google Admin console—and to make changes to those settings.

To view the security health page:

  1. Sign in to your Google Admin console at admin.google.com.
    Be sure to sign in using your administrator account, and not your personal Gmail account.
  2. Click Security.
  3. Click Security health.

Loading times for the security health page vary depending on your configuration.

Important: Changes to Admin console settings might take up to 24 hours before propagating to the security health page. Changes made to the settings through the Admin console can be audited in the Admin Console audit log.

Status column

View the number of organizational units for which a setting is enabled or disabled. On each row, the status for these settings is displayed. For example, Enabled for 1 org unit, or Disabled for 10 org units.

View organizational units with risky configurations

To view your Google Admin console settings and make changes, under Status, click the blue links (for example, 5 org units). This opens a window that displays a tree structure with a list of organizational units with risky configurations. Click any of the org units in this window to directly access the security settings for that org unit. You can then make adjustments to your settings if needed.

Note that organizational units that inherit setting status might also be affected by your changes. For more details, see How the organizational structure works.

View security recommendations

Depending on the setting status, the far-right column displays a gray icon that you can click for a list of security recommendations, or it displays a green checkbox to indicate a secure configuration. Click the gray icons for more details and instructions.

Security health page

Security health page

Security health settings

You can monitor the security health of the following settings:

Category Setting

Gmail

  • Automatic email forwarding
  • Comprehensive mail storage
  • Bypassing spam filters for internal senders
  • POP and IMAP access for users
  • DKIM
  • SPF record
  • DMARC
  • Approved senders without authentication
  • Approved domain senders
  • Email whitelist IPs
  • Add spam headers setting to all default routing rules
  • MX record configuration

Drive

  • Drive sharing settings
  • Warning for out-of-domain sharing
  • Access Checker
  • Drive add-ons
  • Access to offline docs
  • Desktop access to Drive
  • File publishing on the web 
  • Google sign-in requirement for external collaborators

Device management

  • Blocking of compromised mobile devices
  • Mobile management
  • Mobile password requirements
  • Device encryption
  • Device inactivity reports
  • Auto account wipe
  • Mobile application verification
  • Installation of mobile applications from unknown sources
  • External media storage

Security

  • Two-step verification for users
  • Two-step verification for admins

Hangouts

  • Hangouts out of domain warning

Groups

  • Groups creation and membership

Marketplace apps

  • G Suite Marketplace applications usage

Calendar

  • Calendar sharing policy

Sites

  • Sites sharing policy

About making changes to your settings

Security considerations versus business needs
In addition to security considerations and best practices, you may have business needs to enable or disable certain settings. Balance these priorities when evaluating the status of your settings.

Organizational units and inheritance
You can enable or disable settings for an organizational unit. You can also configure a child organization to override the setting in a parent organization; otherwise, the child organization inherits the parent setting.

Limitations with multiple domains
You can't set different policies or configuration settings for specific domains. All settings in the Google Admin console apply to all domains that are part of your account. For more information, see Limitations with multiple domains.

For more details and instructions about the security center, see About the security center.

Was this article helpful?
How can we improve it?