The Advanced Protection Program for the enterprise is now generally available. It was previously available in beta.
Admins and end users
Why you’d use it
The Advanced Protection Program for the enterprise enforces a specific set of high security policies for employees in your organization that are most at risk for targeted attacks. Targeted attacks describe sophisticated, low volume handcrafted attacks that are often carried out by highly motivated professional or government backed groups. Employees at risk of targeted attacks that may benefit from the program include, for example, IT admins, executives, and employees in regulated industries such as finance or government.
The individual policies currently included in the Advanced Protection Program are also available to Google Workspace admins and users outside of the program. However, the Advanced Protection Program for the enterprise offers a simple bundle of Google’s strongest account security settings for your organization’s high-risk users, and the program is constantly evolving to ensure these users continue to have Google’s strongest account security in place.
How to get started
Policies enforced for users in the Advanced Protection Program
Policies enforced for users in the program include:
Requirements for users in the Advanced Protection Program
The Advanced Protection Program is available for all users in all Google Workspace and Cloud Identity organizations unless admins turn it off for some or all users. When users enroll in the Advanced Protection program, they will need:
Details and requirements will be explained to users as they enroll themselves in the program at g.co/advancedprotection.
New default: Allow security codes without remote access
In the beta, you had an option to allow or not allow the use of security codes for your users who sign up for the Advanced Protection Program. Now, Google is adding a new option in addition to the previous two. The new option, allow security codes without remote access, will mean users can only use security codes they generate on the same device or local network.This new option, allow security codes without remote access, will be the default for new and existing users. So any users who were not allowed to use security codes during the beta will be allowed to use security codes without remote access when general availability rolls out to your domain. Note that if you chose ‘allow security codes’ in the beta, that choice will persist when the GA version rolls out to your domain.
If you want to change this for all or some users, go to Admin Console > Security > Advanced Protection Program and choose between:
See Google’s Help Center for more information on the new Security Code options.
Admins can allow or prevent their users from being able to opt-in to Advanced Protection
Google Workspace editions
On/off by default?