Stay organized with collections
Save and categorize content based on your preferences.
Security Mandatory Service Announcements (MSA) inform customers about important
security updates or changes that are required for continued use of Google Cloud
services.
Who receives Security MSAs
Advisory Notifications contacts different users depending on whether the notification is sent to an organization or project.
Organization contacts
Advisory Notifications integrates with
Essential Contacts to identify which users should receive
notifications. Essential Contacts lets you control who receives
notifications by providing a list of contacts. Security MSAs are sent to
contacts in the Security and All categories at the organization level.
For more information, see
Managing contacts for notifications.
If you haven't configured Essential Contacts,
Advisory Notifications sends notifications to the default
contacts, which are determined by Identity and Access Management roles.
If you have granted the Organization Administrator role (roles/resourcemanager.organizationAdmin) to one or more users,
only they are contacted. If you haven't granted the Organization
Administrator role to any user, then Advisory Notifications moves on to the
next role in the hierarchy and determines if one or more users have been granted
the Owner basic role (roles/owner) on any project owned by the organization. If
any are found, only they are contacted. Finally, if you haven't granted
the Organization Administrator or Project Owner role to any user,
Advisory Notifications contacts any user who has been granted
the Billing Account Administrator role (roles/billing.admin) on any billing account owned by the
organization.
Project contacts
When a notification is sent to a project, Advisory Notifications contacts Identity and Access Management roles in the following order. If one or more users have been granted
the Owner basic role (roles/owner) on the project, only they are contacted. Otherwise, if no users have been granted
the Project Owner role,
Advisory Notifications contacts any users who have been granted
the Billing Account Administrator role (roles/billing.admin) on the billing account associated with the
project, if it exists.
Opting out
Security MSAs are mandatory. You cannot opt out of receiving these notifications.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eSecurity Mandatory Service Announcements (MSAs) are critical security updates or changes that Google Cloud customers must follow to maintain service use.\u003c/p\u003e\n"],["\u003cp\u003eSecurity MSAs are sent to specific contacts within organizations and projects, determined by roles and the Essential Contacts settings.\u003c/p\u003e\n"],["\u003cp\u003eAt the organization level, Security MSAs are sent to contacts in the "Security" and "All" categories, with the system using default contacts based on roles like Organization Administrator, Project Owner, or Billing Account Administrator, if Essential Contacts aren't set.\u003c/p\u003e\n"],["\u003cp\u003eAt the project level, Security MSAs are sent to users with the Project Owner role, or if no such role exists, to users with the Billing Account Administrator role.\u003c/p\u003e\n"],["\u003cp\u003eReceiving Security MSAs is mandatory, and users cannot opt out of these notifications.\u003c/p\u003e\n"]]],[],null,["# Overview of Security MSAs\n\nSecurity Mandatory Service Announcements (MSA) inform customers about important\nsecurity updates or changes that are required for continued use of Google Cloud\nservices.\n\nWho receives Security MSAs\n--------------------------\n\nAdvisory Notifications contacts different users depending on whether the notification is sent to an organization or project.\n\n### Organization contacts\n\nAdvisory Notifications integrates with\nEssential Contacts to identify which users should receive\nnotifications. Essential Contacts lets you control who receives\nnotifications by providing a list of contacts. Security MSAs are sent to\ncontacts in the **Security** and **All** categories at the organization level.\nFor more information, see\n[Managing contacts for notifications](/resource-manager/docs/managing-notification-contacts).\n\nIf you haven't configured Essential Contacts,\nAdvisory Notifications sends notifications to the default\ncontacts, which are determined by Identity and Access Management roles.\n\nIf you have granted the **Organization Administrator** role (`roles/resourcemanager.organizationAdmin`) to one or more users,\nonly they are contacted. If you haven't granted the **Organization\nAdministrator** role to any user, then Advisory Notifications moves on to the\nnext role in the hierarchy and determines if one or more users have been granted\nthe **Owner** basic role (`roles/owner`) on any project owned by the organization. If\nany are found, only they are contacted. Finally, if you haven't granted\nthe **Organization Administrator** or **Project Owner** role to any user,\nAdvisory Notifications contacts any user who has been granted\nthe **Billing Account Administrator** role (`roles/billing.admin`) on any billing account owned by the\norganization.\n\n### Project contacts\n\nWhen a notification is sent to a project, Advisory Notifications contacts Identity and Access Management roles in the following order. If one or more users have been granted\nthe **Owner** basic role (`roles/owner`) on the project, only they are contacted. Otherwise, if no users have been granted\nthe **Project Owner** role,\nAdvisory Notifications contacts any users who have been granted\nthe **Billing Account Administrator** role (`roles/billing.admin`) on the billing account associated with the\nproject, if it exists.\n\n### Opting out\n\nSecurity MSAs are mandatory. You cannot opt out of receiving these notifications.\n\nWhat's next\n-----------\n\n- Learn how to [view notifications](/advisory-notifications/docs/quickstart)."]]
