Defend high-risk users with the Advanced Protection Program for enterprise beta

What’s changing

Today, Google is announcing the beta of Google’s Advanced Protection Program for G Suite customers. With Advanced Protection Program for enterprise, you’ll be able to enforce a set of enhanced security policies for employees in your organization that are most at risk for targeted attacks. These policies include:

  • Requiring the use of security keys for maximum protection against phishing.
  • Automatically blocking access to non-whitelisted third-party apps.
  • Enhanced email scanning for threats.
  • Download protections for certain file types when signed into Google Chrome.

Advanced Protection for enterprise will be rolling out in beta over the next several days. See below for more details on how to get started.

Who’s impacted

Admins and end users

Why you’d use it

While the individual policies currently included in the Advanced Protection Program are available to G Suite users outside of this beta, the Advanced Protection Program beta offers a simple bundle of our strongest account security settings for your organization’s high-risk users.

Some users who would benefit from the protections of Advanced Protection are:

  • IT admins,
  • Executives,
  • Employees in regulated or high-risk verticals such as finance or government.

How to get started

  • Admins: Turn the beta on by going to Admin console > Security > Advanced Protection Program and select “Enrollment is enabled” for one or more organizational units (OUs).
  • End users: Once the program is enabled in your domain, users in those OUs specified by their admin can enroll in the Advanced Protection Program by going to g.co/advancedprotection.
    • Note that users will need two security keys to complete enrollment.

Additional details

Once the beta is enabled for their domain, users will be able to opt in at g.co/advancedprotection. Google will automatically enforce a specific set of policies for the users you identify as most at risk:

  • Requiring the use of security keys. Physical security keys, such as our Titan Security Keys, go further than traditional 2-Step Verification to help secure accounts against phishing and account takeovers.
  • Automatically blocking access to high-risk third-party apps. When a user signs up for new apps or services, they’re sometimes asked to give access to high-risk data in their G Suite account. Advanced Protection allows only Google apps and select third-party apps, including those whitelisted by G Suite admins, to access high-risk user data.
    • Note: Third party apps that do not require high-risk scopes to function will not be automatically blocked by Advanced Protection. However, they can be blocked through a separate admin policy.
  • Enhanced email scanning. Incoming email will have all available screening for phishing attempts, viruses, and attachments with malicious content.
  • Stricter account recovery. Users who lose both of their security keys will need admin help to regain access to their accounts on new devices. This prevents automated recovery flows from becoming an attack vector.
  • Download protections in Google Chrome. Google is adding a new feature in Google Chrome that will reduce a user’s exposure to potentially risky downloads. When signed into Chrome, users will receive a warning that indicates that Safe Browsing could not verify whether a file is safe. This will signal to users to proceed with caution and check the reputation of the source of the file to further validate the legitimacy of the file.

Find out more about the policies enforced in the Advanced Protection Program at g.co/advancedprotection.

Helpful links

Availability

G Suite editions 

  • Available to all G Suite editions

Beta sign-up 

  • The beta is available to all customers. To turn the beta on by going to Admin console > Security > Advanced Protection Program and select “Enrollment is enabled.”