What’s changing
Today, we’re announcing the beta of Google’s Advanced Protection Program for G Suite customers. With Advanced Protection Program for enterprise, you’ll be able to enforce a set of enhanced security policies for employees in your organization that are most at risk for targeted attacks. These policies include:- Requiring the use of security keys for maximum protection against phishing.
- Automatically blocking access to non-whitelisted third-party apps.
- Enhanced email scanning for threats.
- Download protections for certain file types when signed into Google Chrome.
Who’s impacted
Admins and end usersWhy you’d use it
While the individual policies currently included in the Advanced Protection Program are available to G Suite users outside of this beta, the Advanced Protection Program beta offers a simple bundle of our strongest account security settings for your organization’s high-risk users.Some users who would benefit from the protections of Advanced Protection are:
- IT admins,
- Executives,
- Employees in regulated or high-risk verticals such as finance or government.
How to get started
- Admins: Turn the beta on by going to Admin console > Security > Advanced Protection Program and select “Enrollment is enabled” for one or more organizational units (OUs).
- End users: Once the program is enabled in your domain, users in those OUs specified by their admin can enroll in the Advanced Protection Program by going to g.co/advancedprotection.
- Note that users will need two security keys to complete enrollment.
Additional details
Once the beta is enabled for their domain, users will be able to opt in at g.co/advancedprotection. We’ll automatically enforce a specific set of policies for the users you identify as most at risk:- Requiring the use of security keys. Physical security keys, such as our Titan Security Keys, go further than traditional 2-Step Verification to help secure accounts against phishing and account takeovers.
- Automatically blocking access to high-risk third-party apps. When a user signs up for new apps or services, they’re sometimes asked to give access to high-risk data in their G Suite account. Advanced Protection allows only Google apps and select third-party apps, including those whitelisted by G Suite admins, to access high-risk user data.
- Note: Third party apps that do not require high-risk scopes to function will not be automatically blocked by Advanced Protection. However, they can be blocked through a separate admin policy.
- Enhanced email scanning. Incoming email will have all available screening for phishing attempts, viruses, and attachments with malicious content.
- Stricter account recovery. Users who lose both of their security keys will need admin help to regain access to their accounts on new devices. This prevents automated recovery flows from becoming an attack vector.
- Download protections in Google Chrome. We’re adding a new feature in Google Chrome that will reduce a user’s exposure to potentially risky downloads. When signed into Chrome, users will receive a warning that indicates that Safe Browsing could not verify whether a file is safe. This will signal to users to proceed with caution and check the reputation of the source of the file to further validate the legitimacy of the file.
Find out more about the policies enforced in the Advanced Protection Program at g.co/advancedprotection.
Helpful links
- Google Cloud Blog: New protections for users, data, and apps in the cloud
- Google Advanced Protection Program
- Help Center: Advanced Protection Program for enterprise
- Help Center: Use a security key for 2-step verification (2SV)
- Help Center: Additional information on the Titan Security Key
- Help Center: Whitelist connected apps
- Help Center: Block specific API scopes
Availability
G Suite editions- Available to all G Suite editions
Beta sign-up
- The beta is available to all customers. To turn the beta on by going to Admin console > Security > Advanced Protection Program and select “Enrollment is enabled.”
Stay up to date with G Suite launches