We’re adding new tools to help admins identify suspicious activity and see the impact of security policy changes. G Suite admins have an important role in protecting their users’ accounts and ensuring their organization’s security. To succeed, they need visibility into user account actions. That’s why we’re adding reports in the G Suite Admin console that surface more information on user account activity.
Monitor suspicious account behavior
G Suite admins can use the reports to audit and set alerts for critical user actions including:
Filter actions taken by a specific user account
Visibility into these actions will help admins identify suspicious account behavior and detect when user accounts may have been compromised. For example, an admin might see that a user has recently changed both their password and their password recovery info. This can be a sign of a hijacker taking over the account. Using these reports an admin could track time and IP address of the changes to see if it seems suspicious. Depending on their investigation, they could then take appropriate action (eg: password reset, disable 2-step verification) to restore the user account.
Visit the Help Center to find out how to monitor user account activity and set alerts for suspicious actions.
See the impact of security policy changes
The new reports can also be used to provide visibility into an organization's security initiatives. For example, an admin could monitor the progress of a domain-wide initiative to increase the adoption of two-step verification.
To see this report, go to the Admin console > Reports > Audit > Users Accounts.
Filter actions by date and type
Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release
Editions:
Available to all G Suite editions
Rollout pace:
Gradual rollout (up to 15 days for feature visibility)
Impact:
Admins only
Action:
Admin action suggested/FYI
More Information
Help Center: User Accounts audit log
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates
Monitor suspicious account behavior
G Suite admins can use the reports to audit and set alerts for critical user actions including:
- Password changes
- Two-step verification enabling or disabling
- Account recovery info changes (phone number, security questions, and recovery email)
Filter actions taken by a specific user account
Visibility into these actions will help admins identify suspicious account behavior and detect when user accounts may have been compromised. For example, an admin might see that a user has recently changed both their password and their password recovery info. This can be a sign of a hijacker taking over the account. Using these reports an admin could track time and IP address of the changes to see if it seems suspicious. Depending on their investigation, they could then take appropriate action (eg: password reset, disable 2-step verification) to restore the user account.
Visit the Help Center to find out how to monitor user account activity and set alerts for suspicious actions.
See the impact of security policy changes
The new reports can also be used to provide visibility into an organization's security initiatives. For example, an admin could monitor the progress of a domain-wide initiative to increase the adoption of two-step verification.
To see this report, go to the Admin console > Reports > Audit > Users Accounts.
Filter actions by date and type
Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release
Editions:
Available to all G Suite editions
Rollout pace:
Gradual rollout (up to 15 days for feature visibility)
Impact:
Admins only
Action:
Admin action suggested/FYI
More Information
Help Center: User Accounts audit log
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates