Set up guide: Deploy company-owned devices in Google endpoint management

You can manage all your company-owned devices—mobile devices, laptops, desktops—in one place in your Google Workspace Admin console. Company-owned devices are devices that your organization purchased through a reseller or device vendor, and your company secures and manages these assets for your employees.

The setup process for all platforms is mostly the same, but each platform can be a little different. The following steps provide a guide to get you set up with devices and management policies, for all your device platforms.

Set up company-owned devices (all platforms)

Open all

Step 1. Sign up for enterprise management services
Platform Required subscriptions
Android A Google Workspace edition that supports advanced mobile management and enterprise Google endpoint management features. Learn more
iPhones and iPads
  • A Google Workspace edition that supports advanced mobile management and enterprise Google endpoint management features. Learn more
  • An account to sign in to your organization's Apple Business Manager or Apple School Manager.
Chromebooks Sign up for Chrome Enterprise
Mac, Windows, and Linux

At minimum, a Google Workspace edition that supports fundamental Google endpoint management features. Learn more

To use Windows device management, a Google Workspace edition that supports enterprise Google endpoint management features. Learn more

Step 2. Source devices
Platform How to get devices
Android Learn how to get Android devices or enroll devices you already have in Source Android devices
iPhones and iPads

For easiest management, buy iOS devices for your organization through an authorized Apple retailer. To find an authorized Apple retailer, contact Apple Support.

Chromebooks

Learn how to get Chrome Enterprise Chromebooks in About Chrome device management.

To use standalone Chrome OS devices, buy a Chrome Enterprise Upgrade or Chrome Education Upgrade for each device.

Mac, Windows, and Linux You can use any Mac, Windows, or Linux devices. However, to manage company-owned Windows devices with enhanced desktop security for Windows, review the requirements.
Step 3. Enroll devices
Platform How to enroll devices
Android

To get the most management options, we recommend that you add company owned devices to the inventory directly.

If you use zero-touch enrollment or let the user assign device ownership to your company, you have fewer options. Learn more

iPhones and iPads

If you bought devices through an authorized Apple retailer, the devices are automatically linked to your Apple Business Manager or Apple School Manager.

Then, set up company-owned iOS device management.

Chromebooks Enroll Chrome devices. You can also mass enroll Chromebooks or use zero-touch enrollment.
Mac, Windows, and Linux Add company owned devices to the inventory
Step 4. Set device management policies
Platform How to set policies
Android
  1. Turn on advanced mobile management and apply the recommended settings in step 4.
  2. Set Android policies available only for company owned devices:
    • Networks—For example, block changes to VPN and Bluetooth settings
    • Device features—For example, block copying data to and from SD cards
    • Lock screen features—For example, block notification details on the lock screen and block Smart Lock
  3. Review the Device management security checklist for mobile devices.
iPhones and iPads
  1. Turn on advanced mobile management and apply the recommended settings in step 4.
  2. Set iOS policies available only for company owned devices:
    • Device features—For example, don't let users change their account settings or do a factory reset.
    • Networks—For example, block changes to VPN and Bluetooth settings
    • Authentication—For example, block password sharing and changes to Touch ID and Face ID settings.
    • Connections—Block connections to USB devices and computers without a supervision host certificate.
  3. Review the Device management security checklist for mobile devices.
Chromebooks

Overview: Managing Chrome device policies

Mac, Windows, and Linux

Review the Device management security checklist for computers.

For Windows 10 devices:

  1. Set up Windows device management.
  2. Add custom settings to set security, hardware, and privacy policies.
Step 5. Set app policies
Platform How to manage apps
Android
  1. Control what apps users can install with Android settings.
  2. Allow or block system apps.
  3. To manage public and internal apps, add them to the Web and mobile apps list. Learn how
iPhones and iPads
  1. Control what apps users can install and remove with iOS settings.
  2. Allow or block Apple apps.
  3. Allow or block system apps.
  4. To manage public apps, add them to the Web and mobile apps list. Learn how
Chromebooks

You can control what apps are available on devices, including which users they're available to and if they're force installed. You can also control which apps and extensions users can install.

Windows
  1. Set up Windows device management.
  2. To set software policies, add custom settings.
  3. Block apps by adding custom settings.
Step 6. (Optional) Set access control

To prevent users from using Google apps with their work account on personal devices, you can set Context-Aware Access levels to allow work account access only on company-owned devices. Learn more

For Android devices, you can allow work account access only on company-owned devices. Set a device management rule to block personal Android devices from syncing work data. Learn more

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false