Here’s how to prevent ‘High risk’ apps from accessing your Google domain
Select “Scope risk score” to sort on this column and see all “High” risk apps.
Select BAN, then you will have few options to apply this policy to a Users/Groups or OUs.
Then Add the User/Grou/OU.
NOTE: Once a policy is in place, it does not guarantee a permanent BAN the 3rd party applications you have selectedbecause users can launch the 3rd party application and they will be prompted to enable those permissions scopes again.
When a user whom the ban is in place try to install or run the app again, they will be rejected as soon as Google notifies GAT+ that the new app is being installed.
Note: GAT+ checks the Ban and if there are Trust apps then they will be used to remove users from the Ban.
For example: If you ban an app for /Sales team, but trust the app for just one user who is part of the /Sales team, the ban rule will skip this account.
You can view BAN and TRUSTED 3rd party application policies which are already being enforced by different Super Admins by clicking on the ‘Application Policies’ tab.
Under the “Actions” we can either edit or remove the applied policies.
Admin can easily check which application has been revoked or authorized, by what user and when.
Note: In some cases, the user can log in, because the revoke action comes after the fact, but the app can not use any API after that. It depends on the app behavior