Featured launch: Advanced protection for businesses goes public to help protect users from risk

11/12/2019

Table of contents

What’s changing

Advanced protection program for businesses has been widely released. Previously released beta version.

Featured launch: Advanced protection for businesses goes public to help protect users from risk

Who’s impacted

Admins and end users

Why do you use

Advanced Protection for Business enforces a specific set of high-security policies for employees in your organization who are at highest risk for targeted attacks. Targeted attacks describe sophisticated, low-volume manual attacks typically carried out by professional or government-backed groups. Employees at risk of targeted attacks may benefit from the program, for example, IT administrators, executives, and employees in regulated industries such as finance or government.

The individual policies available in the Advanced Protection Program are also available to G Suite admins and users outside of the program. However, Advanced Protection for Business provides the strongest and easiest-to-use account security settings for your organization's high-risk users, and it continually evolves to ensuring these users continue to have the strongest account security from Google.

How to get started

Admins:
- By default, all users will be able to enroll in the program. Admins can turn it off for users per OU at Admin console > Security > Advanced Protection Program.
- Learn more at this
End users: When enabled, users can complete self-registration by visiting g.co/advancedprotection and click Get Started

Additional details

Policies are enforced for users in the Advanced Protection Program

Policies enforced for users in the program include:

Requires the use of security keys (like Titan Security Key) for maximum protection against phishing.
Automatically block most third-party apps' access to Drive and Gmail data if they're not explicitly trusted by the administrator.
Advanced Email scanning for threats.
Download protections from Google Safe Browsing for certain file types when signed in to Google Chrome with the same identity.

Learn more at this

Requirements for users in the Advanced Protection Program

Advanced Protection is available to all users in all G Suite organizations (Google Workspace customers) and Cloud Identity unless the administrator turns it off for some or all users. When users enroll in Advanced Protection, they will need:

To register two security keys (one as a backup)
To sign back in on all their devices with a password and security key. They will be required to log out of all devices upon registration.

New default: Allow security tokens without remote access

In beta, you have the option to allow or disallow the use of security codes for users enrolled in the Advanced Protection Program. Now, Google has added a new option in addition to the previous two options. The new option, allowing security codes without remote access, means users can only use security codes they generate on the same device or local network.

This new option, which allows security codes without remote access, will be the default for new and existing users. Therefore, any users who were not allowed to use security codes in the beta will be allowed to use security codes without remote access when general availability is rolled out to your domain. Note that if you select 'allow security tokens in the beta version, that selection will persist when the GA version appears on your domain.

If you want to change this for all or some users, go here Admin console > Security > Advanced Protection Program and choose one of the following options: