About the security center

The security center provides advanced security information and analytics, and added visibility and control into security issues affecting your domain. 

The security center expands on advanced settings in the Google Admin console to surface your security data through insightful, customizable reports that you can share with colleagues in your organization. Administrators can also monitor the configuration of Google Admin console settings from the security health page. Additionally, admins can use the investigation tool to identify, triage, and take action on security and privacy issues in your domain.

See the sections below for more details:

Note:

  • You must be an administrator with a G Suite Enterprise, G Suite Enterprise for Education, Drive Enterprise, or Cloud Identity Premium Edition license to access the security center. With Drive Enterprise or Cloud Identity Premium Edition, you receive a subset of security center reports on the security dashboard. See the edition sections below for a list of the security reports available for each edition. 
  • You must have the necessary privileges to access the security center. See Admin privileges for the security center.

Security dashboard and reports

The security dashboard includes an overview of data from several security center reports. For details and instructions, see the list of reports below, and see Security dashboard.

G Suite Enterprise

The following charts are displayed on the security dashboard for G Suite Enterprise customers:

  • File exposure—Insight into how your domain's data is being exposed through file sharing
  • Authentication—Number of messages that meet, or don't meet, email authentication and policy standards like DMARC, DKIM, and SPF. This report also includes details such as the number of messages by sender domain and the number of messages by IP address.
  • Custom settings—Overview of the volume of inbound messages that were affected by custom Gmail settings, broken down by agreement or disagreement with the Gmail spam filter
  • Encryption—Number of messages encrypted, or not encrypted, using Transport Layer Security (TLS), and other insights related to message encryption
  • Message delivery—Number of messages that were blocked from entering the domain, or that were accepted into the domain, because of your Gmail settings or the Gmail spam filter
  • Spam filter—Overview of the volume of messages sent to the spam folder versus those placed in users’ inboxes
  • User reports—Number of messages that users marked as Spam, Not spam, or phishing
  • Attachments from untrusted senders—Number of messages with attachments from untrusted senders
  • Spoofing—Number of messages showing evidence of potential spoofing
  • Failed device login attempts—Details of failed login attempts on your corporate devices (under advanced management) during a specified time range
  • Compromised device events—Details of compromised device events (under advanced management) during a specified time range.
  • Suspicious device activities—Details of suspicious activities on your corporate devices (under advanced management) during a specified time range
  • OAuth grant activity—OAuth grant activity by app, by scope, and by user
  • OAuth grants to new apps—Number of OAuth grants to new apps

Drive Enterprise

The following charts are displayed on the security dashboard for Drive Enterprise customers:

  • File exposure—Insight into how your domain's data is being exposed through file sharing
  • OAuth grant activity—OAuth grant activity by app, by scope, and by user
  • OAuth grants to new apps—Number of OAuth grants to new apps

Note: The charts related to email security (Authentication, Spam filter, and others) that appear on the security dashboard are not enabled for Drive Enterprise customers.

Cloud Identity Premium Edition

The following charts are displayed on the security dashboard for Cloud Identity Premium customers:

  • Failed device login attempts—Details of failed login attempts on your corporate devices (under advanced management) during a specified time range
  • Compromised device events—Details of compromised device events (under advanced management) during a specified time range.
  • Suspicious device activities—Details of suspicious activities on your corporate devices (under advanced management) during a specified time range
  • OAuth grant activity—OAuth grant activity by app, by scope, and by user
  • OAuth grants to new apps—Number of OAuth grants to new apps

For more details and instructions, see Security dashboard.

Security health page

The security health page enables you to monitor the configuration of your Admin console settings from one location. For example, you can check the status of settings like automatic email forwarding, device encryption, Drive sharing settings, and much more. 

The security health page provides visibility into your Admin console settings to help you better understand and manage security risks. If needed, you can make adjustments to your domain’s settings based on general security guidelines and best practices, while balancing these guidelines with your organization’s business needs and risk management policy.

Note: G Suite Enterprise customers receive all security health settings, while Drive Enterprise and Cloud Identity Premium customers receive a subset of security health settings. For details and instructions, see Get started with the security health page.

Investigation tool

Use the security investigation tool to identify, triage, and take action on security and privacy issues in your domain.

You can use the investigation tool to:

  • Access data about devices.
  • Access device log data to get a clear view of the devices and applications being used to access your data.
  • Access data about Gmail messages. 
  • Access Gmail log data to find and erase malicious emails, mark emails as spam or phishing, or send emails to users’ inboxes.
  • Access Drive log data to investigate file sharing in your organization, investigate the creation and deletion of documents, investigate who accessed documents, and more.

For more details and instructions, see About the security investigation tool.

Was this article helpful?
How can we improve it?