Additional one-click recommended actions in the Alert Center

Quick summary 

In the Alert Center, Admins will see new, additional one-click recommended actions for certain events: 

• Device wipeout: for “device compromised” and “suspicious device activity” alerts. If the admin feels blocking the device is not sufficient to protect the data at risk, they can can remotely wipe out the data of the device.
  
  
• Quarantine email: for alerts such as malware detected post delivery, user phishing reported, suspicious message reported, and more. Once in quarantine, admins can take additional actions such as delivering the message to the intended recipient or denying message delivery.

Recommended actions help Admins quickly triage, take action, and remedy various incidents without leaving the Alert Center. To learn more about recommended actions, use this article in our Help Center and see this post on the Google Workspace Updates blog. 

Getting started 

• Admins: Visit the Help Center to learn more about taking action in response to alerts. 
• End users: There is no end user impact. 

Rollout pace 

• Rapid Release and Scheduled Release domains: This feature is available now for all users. 

Availability 

• Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
• Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

• Google Workspace Admin Help: Recommended actions - take action in response to alerts 
• Google Workspace Admin Help: About the Alert Center 
• Google Workspace Updates Blog: One-click recommended actions in the Alert Center