Monitor the health of your Groups settings

Security health page

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, and Drive Enterprise editions. Compare editions

From the security health page, you can monitor the configuration of the Groups creation and membership setting.

Groups creation and membership

You can set sharing options for your domain(s) for Google Groups by enabling or disabling public access, and by allowing or disallowing users to create groups. 

For more details, see the table below.

Setting Groups creation and membership

Specifies whether the Groups sharing option is configured for your domain(s) so that access to Groups is set to private, and so that only domain administrators can create groups


Make sure access to Groups is set to private, and that only domain administrators can create groups. This reduces the risk of data leaks.

How to make sure access to Groups is set to private, and that only domain admins can create groups

  1. In the Google Admin console, go to Apps > G Suite > Groups for Business > Sharing settings.
  2. In the Outside this domain - access to groups section, select Private.
  3. In the Creating groups section, select Only domain admins can create groups.

For more details and instructions, see Set sharing options.

Note: Even when access to Groups is set to private, it’s still possible for group members to receive email from users outside of the domain. To reduce the risk of email Spoofing and Phishing/whaling, you can disable incoming email from outside the domain (it will be put in a moderation queue to be approved by the group owner if the setting is disabled). Uncheck the Group owners can allow incoming email from outside this domain box (for more details, see Set sharing options).

Effect on your users

You users can’t create Groups (only domain admins can), and only users within the domain can access Groups. Note: The effects of changing this setting are not retroactive: In other words, a group that includes external members will continue including them even after the access has been set to private.

Was this helpful?
How can we improve it?