Wednesday, August 23, 2023

Stronger protection for additional sensitive actions taken in Gmail

Update

[September 28, 2023] Rollout has resumed. 
[September 8, 2023] We have paused rollout for this feature while we evaluate performance and quality. We will provide an update once rollout resumes.


What’s changing

Last year, we introduced stronger safeguards around sensitive actions taken in your Google Workspace accounts. We’re extending these protections to sensitive actions taken in Gmail, specifically actions related to: 
  • Filters: creating a new filter, editing an existing filter, or importing filters. 
  • Forwarding: Adding a new forwarding address from the Forwarding and POP/IMAP settings. 
  • IMAP access: Enabling the IMAP access status from the settings. (Workspace admins control whether this setting is visible to end users or not) 

When these actions are taken, Google will evaluate the session attempting the action, and if it’s deemed risky, it will be challenged with a “Verify it’s you” prompt. Through a second and trusted factor, such as a 2-step verification code, users can confirm the validity of the action. If a verification challenge is failed or not completed, users are sent a “Critical security alert” notification on trusted devices.

If a risky action is taken, you'll be prompted with a "Verify it's you" challenge.



Additional details

Note that this feature only supports users that use Google as their identity provider and actions taken within Google products. SAML users are not supported at this time. See below for more information.

Getting started

Rollout pace


Availability

  • Available to all Google Workspace customers and users with personal Google Accounts 

Resources