Set up advanced mobile management

If you have the legacy free edition of G Suite, upgrade to G Suite Basic to get this feature. 

Use advanced management if you want more control over access to your organization's data. You can restrict device features like notifications on the lock screen, require device encryption, manage apps on Android and Apple iOS devices, and wipe data from a device. 

To manage iOS devices, you must set up an Apple Push Certificate.

Android and iOS users are prompted to install a device policy app, and iOS users might be prompted to install a configuration profile, so that you can manage their devices.

Step 1. Turn on advanced mobile management

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click Settingsand thenSetup.
  4. Click Mobile Management.
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Select Advanced.
  7. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
  8. If you see a message that you need to enable sync on mobile, click Go to Sync on Mobile. Check the boxes for the devices you want to allow to synchronize work data and click Save.
  9. If you want to manage iOS devices and apps, create an Apple push certificate. You need to renew this certificate annually.

Step 2. Set up password and approval requirements

Before you begin: Tell users you will manage the mobile devices they use for work. Let them know about the policies you set, including password requirements.

  1. Set password requirements for managed mobile devices. You can set the password length, require special characters, and set an expiration.
  2. To screen devices before they can access work data, require admin approval for mobile devices.

Step 3. Set up company-owned mobile devices

This feature is available with G Suite Enterprise, G Suite Enterprise for Education, G Suite Enterprise Essentials, and Cloud Identity Premium editions.

The company-owned inventory of Android devices is also supported in G Suite Business.

Skip this step if you don't have company-owned devices.

For Android:

  1. Make an inventory of company-owned devices.
  2. Deploy Android devices with zero-touch enrollment.

For iOS: 

Step 4. Protect your organization's data

To make your organization's data more secure, enable advanced management settings as needed or required for your organization.

Recommended settings

Advanced settings (all mobile devices)

  • Block compromised devices
  • Block devices that are not Android CTS compliant 
  • Require device encryption

Android settings

  • Auto-wipe devices that don't sync within a specified period
  • Don't allow application verification to be turned off
  • Don't allow USB file transfer
  • Don't allow apps from unknown sources
  • Don't allow notification details on lock screen
  • Don't allow trust agents (under lock screen settings)

iOS settings

  • Don't allow notification details on lock screen
  • Don't allow managed apps to store data iCloud
  • Require encryption for backups if you allow device backups

Next steps

Google, G Suite, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?