Additional one-click recommended actions in the Alert Center

Quick summary 

In the Alert Center, Admins will see new, additional one-click recommended actions for certain events: 

  • Device wipeout: for “device compromised” and “suspicious device activity” alerts. If the admin feels blocking the device is not sufficient to protect the data at risk, they can can remotely wipe out the data of the device.

  • Quarantine email: for alerts such as malware detected post delivery, user phishing reported, suspicious message reported, and more. Once in quarantine, admins can take additional actions such as delivering the message to the intended recipient or denying message delivery.

Recommended actions help Admins quickly triage, take action, and remedy various incidents without leaving the Alert Center. To learn more about recommended actions, use this article in our Help Center and see this post on the Google Workspace Updates blog

Getting started 

Rollout pace 


  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers