This page is updated as we add features, enhancements, and fixes to Google endpoint management.
Note: Features are typically available to customers within several days of launch, but rollouts can take longer.
April 20, 2020: New management options for Windows 10 devicesTo let users sign in to Windows 10 computers with their work Google Account, you can now enable Google Credential Provider for Windows (GCPW). GCPW includes 2-step verification and login challenges. Users can also access G Suite services and other single sign-on (SSO) apps without the need to re-enter their Google credentials. Learn more
For more control over company-owned Windows 10 computers, you can now use enhanced desktop security. You can set users' administrative permission level for Windows. You can also apply Windows security, network, hardware, and software settings. Learn more
You can now control user access to your organization’s Wi-Fi networks, internal apps, and internal websites on mobile devices by distributing device certificates from your on-premises Certificate Authority (CA). Learn more
To make endpoint verification easier to deploy for your organization, users no longer need the native helper app on their Windows®, Mac®, or Linux® computers. They still need the Chrome extension, which you can force install or let users install. Learn more
To make iOS mobile management easier, we updated the following settings:
-
The Managed Apps settings are now Data sharing.
-
Apple push certificates management is now under iOS settings. The setup process follows a new, simpler flow. Learn more
Android Device Policy is an Android management app that replaces the Google Apps Device Policy app. It still enforces your organization’s policies to protect corporate data, but it also allows Google to automatically add new security features.
New Android Device Policy features
- Zero-touch enrollment—Deploy company-owned devices in bulk without manually setting up each device. Learn more
- Advanced password management—Set advanced password requirements. For example, disallow repeating or sequential characters. Learn more
- Advanced VPN management—Specify an app to be an Always On VPN. Learn more
- Lock screen feature management—Disable notifications, trust agents, fingerprint unlocks, and keyguard features on fully managed devices. Learn more
Changes to existing features
- Remote device wipe—The data that’s removed depends on device ownership:
- If ownership of the device is company-owned, all data is wiped from the device and the device is factory reset.
- If the device is personally owned and has a work profile, only the work profile is wiped, leaving personal data untouched.
- Auto Wipe setting—Applies when a device falls out of sync and when devices don’t adhere to your organization’s policies, such as a weak device password. For details, see Autowipe.
- Device policy app icon—Android Device Policy is more tightly integrated into the operating system, so users won’t see a device policy app icon. For details, see About Android Device Policy.
- Policy conflict prevention—Users can only add one G Suite account to a device. This prevents conflicts that would arise if more than one managed account with different device-management policies were added to a device.
- Work profile setup—Personal Android devices that are used in your organization need to set up a work profile. You cannot disable the work profile setup.
Check which management app is on a device
You can see which app is managing a device in the Google Admin console.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
From the Admin console Home page, go to Devices.
- Click Mobile devices to see your managed mobile devices.
- Click the row of the device you want to view details for.
- Click Device security.
The device’s management is listed under User agent.
