Prevent ‘High Risk’ Apps from accessing your G Suite APIs

Here’s how to prevent ‘High risk’ apps from accessing your Google domain. You can create a BAN policy to remove the scope permissions that 3rd party application has access to.
 Select  “Scope risk score” to sort on this column and see all “High” risk apps.

Click on the ‘Add Policy’ button under the Actions column.
Select BAN, then you will have few options to apply this policy to a Users/Groups or OUs. You can cover multiple users/groups or OUs.
Then Add the User/Grou/OU and click “Save”.

 Once a policy is in place, it does not guarantee a permanent BAN the 3rd party applications you have selected because users can launch the 3rd party application and they will be prompted to enable those permissions scopes again. Although GAT+ will realize these permissions have been enabled again and will automatically block them again. You are reducing the risks to your domain when you use this feature.
You can view BAN and TRUSTED 3rd party application policies which are already being enforced by different Super Admins by clicking on ‘Application Policies’ tab.
Under the “Actions” we can either edit or remove the applied plicies.