• Device wipeout: for “device compromised” and “suspicious device activity” alerts. If the admin feels blocking the device is not sufficient to protect the data at risk, they can can remotely wipe out the data of the device.
  
  
• Quarantine email: for alerts such as malware detected post delivery, user phishing reported, suspicious message reported, and more. Once in quarantine, admins can take additional actions such as delivering the message to the intended recipient or denying message delivery.

• Admins: Visit the Help Center to learn more about taking action in response to alerts. 
• End users: There is no end user impact. 

• Rapid Release and Scheduled Release domains: This feature is available now for all users. 

• Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
• Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

• Google Workspace Admin Help: Recommended actions - take action in response to alerts 
• Google Workspace Admin Help: About the Alert Center 
• Google Workspace Updates Blog: One-click recommended actions in the Alert Center

Source: Google Workspace Updates