Google Workspace Now Alerts of Critical Changes to Admin Accounts
Google Workspace (formerly G Suite) has been updated to notify admins of highly sensitive changes to configurations, including those made to single sign-on (SSO) profiles and admin accounts.
These newly added alerts are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.
According to Google, the alerts and the associated email notifications are enabled by default, and admins cannot turn them off.
“These additional intelligent alerts will closely monitor several sensitive actions, making it easier for admins to stay on top of high risk changes to their environment and potentially malicious actions being taken by bad actors,” Google said.
“For each alert, admins and super admins will receive an email notification with key information regarding the event. Once the alert is received, admins can use the security investigation tool to further investigate the incident.”
The complete list of newly added alerts includes:
- Changes to the primary admin
- Password reset for super admins: when a password was reset for a super admin account.
- SSO profile added: when a third-party SSO profile has been added and enabled for your organization.
- SSO profile updated: when a third-party SSO profile has been updated for your organization.
- SSO profile deleted: when a third-party SSO profile has been deleted for your organization.
Google has already started rolling out the alerts to Rapid Release and Scheduled Release domains beginning on June 28, 2022.
While they can’t turn off the notifications, admins can find more about configuring which users should receive email alerts, the alert center and viewing alert details, and admin audit logs from the Help Center.
The company added on Tuesday that it plans to include more automated notifications to the Alert Center to inform admins of high-risk actions that could affect their organization’s security.
Google has further secured Workspace customers from attacks with the rollout of new Google Drive warning banners in January to alert users of potentially suspicious files threat actors could use for malware delivery and phishing attacks.
One year ago, in June 2021, the company also added new Google Drive phishing and malware protections for enterprises that automatically tag all suspicious files, making them only visible to owners and admins.
As a direct result of this new capability, potentially malicious documents can no longer be shared within the organization to deliver malicious payloads or redirect users to phishing sites.
This drastically reduces the number of Google Workspace users impacted by malicious attacks abusing Google Drive for phishing and malware delivery.