What's new in Google endpoint management

This page is updated as we add features, enhancements, and fixes to Google endpoint management. For Google Credential Provider for Windows (GCPW) updates, go to What's new in GCPW.

Note: Features are typically available to customers within several days of release, but rollouts can take longer.

January 6, 2022: Learn if managed Android devices are out of date

You can now search for Android devices that have security or operating system updates available, but not installed. In the devices list, you can filter by Pending updates.

On a device’s details page, an icon is added next to the operating system if an update is available. Point to the icon to see when the update was available.

Available for Android devices under advanced mobile management.

Learn more:

December 14, 2021: Set up digital certificates for computers with endpoint verification

You can now add and assign digital certificates for computers with endpoint verification in your Google Admin console. You can use the certificates to control app access by setting an advanced access level for Context-Aware Access.

Learn more:

October 26, 2021: Manage private iOS apps in your Google Admin console

You can now add and manage private iOS apps for exclusive use by your organization. You add private apps in the Web and mobile apps list, the same place you already manage public iOS apps. When you add a private iOS app, the app is automatically set as managed and available for users to install with the Google Device Policy app. You can update the app by uploading a new version and it’s automatically updated on users’ devices.

For details, see Manage private iOS apps.

October 4, 2021: Android 12 changes some Google endpoint management features

Android 12 is now available. In Google endpoint management, you’ll find the following changes for devices with Android 12 and under advanced mobile management:

  • Personal devices with a work profile will report an enrollment-specific ID instead of serial number. IMEI and Wi-Fi MAC address aren’t reported.
  • Devices must enroll using Android Device Policy, not the Google Apps Device Policy app.

For details and resources, see Android 12 and Google endpoint management.

May 19, 2021: Allow Google Drive for desktop only for company-owned devices

The option to block Drive for desktop (formerly Drive File Stream) on personal devices is now generally available. When turned on, Drive for desktop is available only on company-owned devices. Learn more

May 11, 2021: Block file sharing from work to personal accounts on iOS devices

You can now prevent users from sharing a work file in Gmail, Drive, Docs, Sheets and Slides to a personal account in another app. This closes a loophole in the existing iOS data protection setting. Learn more

April 22, 2021: Manage mobile app access with Context-Aware Access

You can now define Context-Aware Access levels to block user access to apps on Android and iOS devices that don’t meet minimum OS version requirements. You can also apply Context-Aware Access levels to Google mobile apps, not just Google web apps. For example, you can block access to Google apps on personal mobile devices.

Learn more:

December 10, 2020: Block mobile devices under basic mobile management

You can now block and unblock mobile devices under basic mobile management. This update gives you more control over which users and devices can access work data.

For details, see Approve, block, unblock or delete a device.

December 7, 2020: New page for Device management rules

Device management rules have a new and improved page. Rule setup is more intuitive and it’s easier to review your existing rules.

If your organization already has device management rules, they’ll be automatically migrated to the new page. The migration window starts the week of December 7, 2020.

  • Before migration: Until your rules are migrated, you can use only the current rules management page.
  • During migration: You won’t be able to create or edit rules in the current page, or use the new page. We expect migration to take no more than 1 day for each organization.
  • After migration: Use the new page to manage your rules. The current page will be shut down after migration is complete for all organizations.

If your organization doesn’t have device management rules, you can use the new page whenever you’re ready to make your device management more automatic.

For details, see Automate mobile management tasks with rules.

November 23, 2020: Updates to Google endpoint management settings

You can now configure advanced device policies and Android settings in a clean, modern interface in your Admin console. With this update:

  • Set up settings, including mobile management and device approvals, password settings, and advanced settings are now under Universal settings.
  • We improved the descriptions for many Android settings.
  • Android-specific settings that were under Advanced settings are now in Android settings. These include Google Play private apps and CTS compliance.
  • Android-specific app management settings that were under App management are now in Android settings. These include Allowed apps and system apps.

Learn more:

November 2, 2020: Use third-party partners for management and threat defense
You can now integrate supported third-party partners (those that are part of the BeyondCorp Alliance) with Google endpoint management. These integrations allow you to expand and complement your Google Workspace or Cloud Identity services with enterprise mobility management (EMM) providers and mobile threat defense services.You can enable third-party services for select organizational units, and see the status of the service for each device. Learn more

To consolidate third-party service management, we moved the Android EMM set up from Security settings to the new Third-party integrations settings. Learn more

October 22, 2020: Manage Android apps and iOS apps in the same place

You can now manage all mobile apps, including public iOS and Android apps, Android private apps, and Android system apps, in one location in your Admin console. Learn more

September 24, 2020: See which apps are installed on Windows 10 devices

You can now get a list of all apps installed on Windows 10 devices that you manage with Windows device management. The list includes when the app was first installed, the current version, and publisher. Use this information to identify devices that have malicious or untrusted apps on them. Learn more

July 21, 2020: Manage company-owned iOS devices
You can now manage company-owned iPads and iPhones through Google endpoint management, letting you manage all your organization's devices in one place. You set up company-owned iOS device management as an integration between Google and your existing Apple Business Manager or Apple School Manager account. Learn more
When you enroll devices in supervised mode, you can manage dozens of new device settings in the Admin console. These options include controls on access to apps, networks, data security, and authentication. Learn more
You can see details about the device's enrollment status in the company owned inventory. Learn more
July 15, 2020: Faster sync for Windows device management settings

In most cases, it now takes only a few minutes after you save your settings to push them to internet-connected Windows devices under Windows device management. However, it can take up to 6 hours.

April 20, 2020: New management options for Windows 10 devices

You can now manage Windows 10 device sign in and settings with enhanced desktop security for Windows.

To let users sign in to Windows 10 computers with their work Google Account, you can now enable GCPW. GCPW includes 2-step verification and login challenges. Users can also access G Suite services and other single sign-on (SSO) apps without the need to re-enter their Google credentials. Learn more

For more control over company-owned Windows 10 computers, you can now use Windows device management. You can set users' administrative permission level for Windows. You can also apply Windows security, network, hardware, and software settings. Learn more

March 16, 2020: Data exfiltration protection on iOS
A new iOS setting, Data protection, lets you allow or block the movement of work data between mobile apps. When allowed, users can copy content from a Google app (Gmail, Drive, Docs, Sheets, and Slides) in their work account to a Google app in their personal account or a third-party app. Learn more
March 16, 2020: Distribute certificates to mobile devices

You can now control user access to your organization’s Wi-Fi networks, internal apps, and internal websites on mobile devices by distributing device certificates from your on-premises Certificate Authority (CA). Learn more

March 13, 2020: Endpoint verification no longer requires the native helper app

To make endpoint verification easier to deploy for your organization, users no longer need the native helper app on their Windows, Mac, or Linux computers. They still need the Chrome extension, which you can force install or let users install. Learn more

March 2, 2020: Updates to iOS mobile management settings

To make iOS mobile management easier, we updated the following settings:

  • The Managed Apps settings are now Data sharing.

  • Apple push certificates management is now under iOS settings. The setup process follows a new, simpler flow. Learn more

September 16, 2019: New Android Device Policy app

Android Device Policy is an Android management app that replaces the Google Apps Device Policy app. It still enforces your organization’s policies to protect corporate data, but it also allows Google to automatically add new security features.

New Android Device Policy features

  • Zero-touch enrollment—Deploy company-owned devices in bulk without manually setting up each device. Learn more
  • Advanced password management—Set advanced password requirements. For example, disallow repeating or sequential characters. Learn more
  • Advanced VPN management—Specify an app to be an Always On VPN. Learn more
  • Lock screen feature management—Disable notifications, trust agents, fingerprint unlocks, and keyguard features on fully managed devices. Learn more

Changes to existing features

  • Remote device wipe—The data that’s removed depends on device ownership:
    • If ownership of the device is company-owned, all data is wiped from the device and the device is factory reset.
    • If the device is personally owned and has a work profile, only the work profile is wiped, leaving personal data untouched.
    For more information, see Remove corporate data from a device
  • Auto Wipe setting—Applies when a device falls out of sync and when devices don’t adhere to your organization’s policies, such as a weak device password. For details, see Autowipe.
  • Device policy app icon—Android Device Policy is more tightly integrated into the operating system, so users won’t see a device policy app icon. For details, see About Android Device Policy.
  • Policy conflict prevention—Users can only add one G Suite account to a device. This prevents conflicts that would arise if more than one managed account with different device-management policies were added to a device. 
  • Work profile setup—Personal Android devices that are used in your organization need to set up a work profile. You cannot disable the work profile setup.

Check which management app is on a device

You can see which app is managing a device in the Google Admin console. 

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. Go to Menu ""and then"" Devicesand thenOverview.

  3. Click Mobile devices to see your managed mobile devices.
  4. Click the row of the device you want to view details for. 
  5. Click Device security
    The device’s management is listed under User agent. 

Related topics

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center