Transition your organization off Google Sync

Google Sync uses Microsoft Exchange ActiveSync to let your users synchronize their work mail, contacts, and calendars to platform-specific and third-party apps on their mobile devices. For example, iPhone and iPad users can sign in with Microsoft Exchange to get their work Gmail messages in the Apple Mail app and Google calendar events in Apple Calendar.

Starting in March 2025, Google Workspace accounts will no longer support Google Sync. For exact dates, visit Google Workspace Updates. You should transition your organization off Google Sync. To check which devices in your organization use Google Sync, in your Google Admin console, go to Devicesand thenMobile & Endpointsand thenDevices. At the top of the page, click + Add a filter and select Typeand thenGoogle Sync.

Security risks with Google Sync

Google Sync doesn’t support OAuth authentication, 2-factor authentication, or security keys, which leaves your organization’s data less secure. With more secure alternatives available, we recommend that you transition off Google Sync as soon as possible, ahead of the less secure app access shutdown.

What you can do

You can switch to Google apps (such as Gmail) for work. If you want to continue using third-party apps, many support user sign-in with a Google Account instead of Microsoft Exchange. To allow users to sign in with their work account, you can configure your app management settings to allow data syncing for specific apps or use Google endpoint management to push account information to specific platforms.

These instructions focus on how to set up Google Workspace so your users can access their work mail, calendar events, and contacts in Apple iOS apps. We recommend that Android users switch to the Gmail app. To use a third-party app that supports Google OAuth, you can trust the app. If the third-party app doesn’t support Google OAuth, contact the app developer.

Before you begin

Test the transition on a small number of users first. To do this, create a test organizational unit and apply the settings only to that organizational unit. 

Step 1: Turn on IMAP

Do this if you want users to sync mail to the Apple Mail app.

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. In the Admin console, go to Menu and then Appsand thenGoogle Workspaceand thenGmailand thenEnd User Access.
  3. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  4. Click POP and IMAP access.
  5. Check the Enable IMAP access for all users box.
  6. (Optional) To allow users to sync only with Apple iOS Mail, select Restrict which mail clients users can use and enter the client ID: 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com
    Important: With this option, users can sync mail only with Apple iOS Mail. For more information, see Turn POP & IMAP on or off for users.
  7. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Changes can take up to 24 hours but typically happen more quickly. Learn more

Step 2: Sync mail, calendar, and contacts in Apple iOS apps

Do this if your organization uses advanced mobile management through Google endpoint management. Otherwise, continue to Step 3.

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand theniOS.
  3. Click Account Configurationsand thenGoogle Account.
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Select Auto push configuration.

  6. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

To sync their mail, contacts, and calendar events, users must download the Google Device Policy app and the Google mobile device management configuration profile. Learn more

Step 3: Have users remove and re-add their work account

Devices under basic mobile management

Users can remove their work account from their device and re-add it with Google instead of Microsoft Exchange. For details, see Set up Google Workspace on an iOS device

Devices under advanced mobile management

Ask users of iOS devices to complete these steps: 

  1. Open the Google Device Policy app .
  2. If the app isn’t already on the device, install it. For details, see Use the iOS Google Device Policy app.
  3. Tap Menu  and make sure the user’s Google Workspace account is set up. 
  4. In iOS Settings, delete the Exchange account. Depending on the iOS version, open the iOS Settings app and do one of the following:
    • Tap Mailand thenAccountsand thenExchangeand thenDelete Account.
    • Tap Passwords & Accountsand thenExchangeand thenDelete Account.
  5. Open the iOS Mail app and check that the work account is added and mail is syncing to the app. 

Step 4: Turn off Google Sync

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenUniversal.
  3. Click Data Accessand thenGoogle Sync
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Uncheck Allow work data to sync via ActiveSync.
  6. Click Save.

Other options

Sync calendar and contacts in Apple iOS apps, use Gmail app for mail

First, disable IMAP so that users can only get their mail in the Gmail app:

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. In the Admin console, go to Menu and then Appsand thenGoogle Workspaceand thenGmailand thenEnd User Access.
  3. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  4. Click POP and IMAP access.
  5. Uncheck the Enable IMAP access for all users box.
  6. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Now, allow calendar and contacts data to sync:

  1. In the Admin console, go to Menu and then Securityand thenAccess and data controland thenAPI controls.
  2. Click Manage third-party app access.
  3. Click Add app and choose OAuth app name or client ID for how you want to search for the mail client.
  4. Enter 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com
  5. Click Search, select iOS, and click Select.
  6. Leave the access level set to trusted.
  7. To let users get messages on their iOS device in the Gmail app when IMAP is off:
    1. If you use a third-party mobile device management (MDM) service, set it to push the Google Account payload profile. If you use Google endpoint management, turn on Push Google Account configuration (see instructions in the next section).
    2. Users must use the iOS Gmail app and sign in with their managed Google Account. They should leave Apple Calendar and Apple Contacts turned on, but turn off Apple Mail. If they try to sign in to Apple Mail with their work account, the sign-in fails silently.

 


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Main menu
3498846860221301926
true
Search Help Center
true
true
true
true
true
73010
false
false