About the security center

The security center provides advanced security information and analytics, and added visibility and control into security issues affecting your domain. 

The security center expands on advanced settings in the Google Admin console to surface your security data through insightful, customizable reports that you can share with colleagues in your organization. Administrators can also monitor the configuration of Google Admin console settings from the security health page. Additionally, admins can use the investigation tool to identify, triage, and take action on security and privacy issues in your domain.

See the sections below for more details:


  • You must be an administrator with a G Suite Enterprise, G Suite Enterprise for Education, Drive Enterprise, or Cloud Identity Premium Edition license to access the security center. With Drive Enterprise or Cloud Identity Premium Edition, you receive a subset of security center reports on the security dashboard. See the edition sections below for a list of the security reports available for each edition. 
  • You must have the necessary privileges to access the security center. See Admin privileges for the security center.

Security dashboard and reports

On the security dashboard, you can see an overview of data from several security center reports. The reports and charts you see depend on what type of managed Google Account you have (details below). 

Chart What it tells you... G Suite Enterprise and Enterprise for Education Drive Enterprise Cloud Identity Premium
File exposure What does external file sharing look like for the domain?
Authentication   How many messages were authenticated?
Custom settings How many messages were affected by your custom settings?
DLP incidents How often are DLP rules violated in relation to severity?
Top policy incidents What and when are the top incidents based on policies?
Encryption How many messages were encrypted?
Message delivery What does inbound message volume look like?
Spam filter How are incoming messages and potential phishing emails being routed?
User reports How are users marking their emails?
Failed device password attempts How many times were there failed password attempts on devices?
Compromised device events What compromised device events have been detected?
Suspicious device activities What suspicious device activities have been detected?
OAuth scope grants by product What does OAuth scope grants look like by product?
OAuth grant activity Which apps have had the highest change in OAuth grant activity?
OAuth grants to new apps Which new apps have been granted OAuth tokens?
Attachments from untrusted senders Which messages have attachments from untrusted senders?
Spoofing Which messages show evidence of potential spoofing?

Security health page

The security health page enables you to monitor the configuration of your Admin console settings from one location. For example, you can check the status of settings like automatic email forwarding, device encryption, Drive sharing settings, and much more. 

The security health page provides visibility into your Admin console settings to help you better understand and manage security risks. If needed, you can make adjustments to your domain’s settings based on general security guidelines and best practices, while balancing these guidelines with your organization’s business needs and risk management policy.

Note: G Suite Enterprise customers receive all security health settings, while Drive Enterprise and Cloud Identity Premium customers receive a subset of security health settings. For details and instructions, see Get started with the security health page.

Investigation tool

Use the security investigation tool to identify, triage, and take action on security and privacy issues in your domain.

You can use the investigation tool to:

  • Access data about devices.
  • Access device log data to get a clear view of the devices and applications being used to access your data.
  • Access data about Gmail messages. 
  • Access Gmail log data to find and erase malicious emails, mark emails as spam or phishing, or send emails to users’ inboxes.
  • Access Drive log data to investigate file sharing in your organization, investigate the creation and deletion of documents, investigate who accessed documents, and more.

For more details and instructions, see About the security investigation tool.

Was this article helpful?
How can we improve it?