Set up advanced mobile management

Supported editions for this feature: Business Plus; Enterprise; Education and Enterprise for Education; G Suite Basic and Business; Cloud Identity Premium.  Compare your edition

Use advanced management if you want more control over access to your organization's data. You can restrict device features like notifications on the lock screen, require device encryption, manage apps on Android devices, iPhones, and iPads, and wipe data from a device. 

Requirements

Step 1. Turn on advanced mobile management

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click Settingsand thenSetup.
  4. Click Mobile Management.
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Select Advanced.
  7. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
  8. If you get a message that you need to enable sync on mobile, click Go to Sync on Mobile. Check the boxes for the devices you want to allow to synchronize work data and click Save.
  9. If you want to manage iOS devices and apps, create an Apple push certificate. You need to renew this certificate annually.

Step 2. Set up password and approval requirements

Before you begin: Tell users you'll manage the mobile devices they use for work. Let them know about the policies you set, including password requirements.

  1. Set password requirements for managed mobile devices. You can set the password length, require special characters, and set an expiration.
  2. To screen devices before they can access work data, require admin approval for mobile devices.

Step 3. Set up company-owned mobile devices

Skip this step if you don't have company-owned devices.

For Android

Supported editions for this feature: Business Plus; Enterprise; Enterprise for Education; G Suite Business; Cloud Identity Premium.  Compare your edition

  1. Make an inventory of company-owned devices.
  2. Deploy Android devices with zero-touch enrollment.

For iOS

Supported editions for this feature: Enterprise; Enterprise for Education; Cloud Identity Premium.  Compare your edition

 

Step 4. Protect your organization's data

To make your organization's data more secure, enable advanced management settings as needed or required for your organization.

Recommended settings

Advanced settings (all mobile devices)

  • Block compromised devices
  • Block devices that are not Android CTS compliant 
  • Require device encryption

Android settings

  • Auto-wipe devices that don't sync within a specified period
  • Don't allow application verification to be turned off
  • Don't allow USB file transfer
  • Don't allow apps from unknown sources
  • Don't allow notification details on lock screen
  • Don't allow trust agents (under lock screen settings)

iOS settings

  • Don't allow notification details on lock screen
  • Don't allow managed apps to store data iCloud
  • Require encryption for backups if you allow device backups

Next steps


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue