View and manage security rules

As a G Suite administrator, you can set up rules in the Google Admin console. To configure a rule, you set up conditions for the rule, and specify what actions to perform when the conditions are met. A rule is simply a way of saying, if x happens, automatically do y.

Multiple rule types are viewable from different locations in the Google Admin console, including Activity rules, System defined rules, and Reporting rules. Google is implementing a new rule structure by migrating the different rule types in the Admin console to Security > Security rules.  

For details on how security rules work and how to access the security rules page, see the sections below.

View the security rules page

To view the security rules page:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. At the top, click Menu Menu and select Security and then Security rules

The Security rules page includes the following details for each rule:

  • Name—Name and description for the rule
  • Alerts—Specifies whether an alert is on or off
  • Actions—Specifies the actions that are triggered if the conditions of a rule are met; for example, to quarantine a message, mark it as spam, delete the message, or send email notifications
  • Rule type—Specifies the rule type; for example, an activity rule, reporting rule, or system defined rule (see the section below for more details)
  • Last modified—Date and time when the rule was created, or when changes were last made to the rule

About rule types

  • Activity rules—These are custom rules by a domain administrator that are created using the security investigation tool. With these rules, you can automate actions that happen in response to activity within your domain.
  • Reporting rules—Custom rules by a domain administrator. Previously called Custom reporting alerts, these alerts are now managed through the Reporting rule type on the Security rules page. You can use these rules to be notified of specific activity within your domain. 
  • System defined rules—Default rules supplied by Google. You can use these rules to be notified of specific activity within your domain.

Create new rules from the security rules page

You can create new security rules directly from the security rules page:

  1. Click ADD NEW ACTIVITY RULE in the upper-right corner of the page.
    Note: New reporting rules are still created within the Reporting > Audit section of the Admin console.
  2. Follow the instructions in the rule-creation wizard.
Was this helpful?
How can we improve it?