Protect corporate data on mobile devices

As an administrator, you can help protect corporate data on users’ personal mobile devices and on your organization’s company-owned devices by enrolling the devices for management. Users get secure access to their corporate email, apps, documents, and more. You can set and monitor policies to keep the devices (and data) safe.

Make sure devices are protected

Protect data on managed mobile devices by making sure that users set a screen lock or password for their device. If you use advanced management, you can define a password type and strength, specify the minimum number of characters, lock the device, reset the device's password, and more. If a password doesn’t meet your requirements, corporate data will stop synchronizing to the device. For details, see Apply password settings for mobile devices.

Note:  Locking a device and resetting the device's password are only available with Cloud Identity Premium edition.  For details. see Apply settings for Android mobile devices.

Wipe corporate data from missing devices

Mobile devices can store corporate information and give access to a user’s corporate account. If a device goes missing or an employee leaves your organization, you can remotely wipe corporate data from the device. You can also give users the option to wipe their own devices. For details, see Remove corporate data from a mobile device

Prevent unwanted access to a user's account

If Google suspects that an unauthorized person is trying to access a user's account, we present them with an extra security question or challenge. When you use Google endpoint management, we might ask users to verify their identity with their managed mobile device (the device they normally use to access their corporate account). Setting up extra challenges significantly reduces the chance of an unauthorized person breaking in to user accounts. For more information, see Verify a user’s identity with a login challenge

Make sure devices are encrypted

Advanced management only

Encryption stores data in a form that can be read only when a device is unlocked. Unlocking the device decrypts the data. This adds protection if a device is lost or stolen. For details, see Require device encryption.

Apply device restrictions

Advanced management only

You can restrict how users share and backup data on Android and Apple® iOS® devices. For example, on Android, you can prevent USB file transfers and on iOS devices, you can stop backups to personal cloud storage. You can also restrict access to some device and network settings. For example, you can turn off the device’s camera and prevent Android users from changing their Wi-Fi settings. For more information, see:

Block compromised devices

Advanced management only

Stop a user’s corporate account from syncing with Android and Apple iOS devices that might be compromised. A device becomes compromised when it’s jailbroken or rooted—processes that remove restrictions on a device. Compromised devices can indicate a potential security threat. For details, see Block compromised devices

Block noncompliant devices

Advanced management only

When a device falls out of compliance with your organization’s policies, you can automatically block it from accessing corporate data and notify the user. For example, if you enforce a minimum password length of 6 characters and a user changes their device password to 5 characters, the device is not compliant because it doesn’t adhere to your password policy. For details, see Device compliance status.

Was this helpful?
How can we improve it?