While auditing user accounts in the Google Admin console, you find that several users have been using their corporate Google Workspace accounts to sign in to third-party apps. You need to ensure that OAuth access is restricted to only trusted and necessary applications to reduce the security risks. What action should you take?