Transition your organization off Google Sync

Google Sync uses Microsoft Exchange ActiveSync to let your users synchronize their work mail, contacts, and calendars to platform-specific and third-party apps on their mobile devices. For example, iPhone and iPad users can sign in with Microsoft Exchange to get their work Gmail messages in the Apple Mail app and Google calendar events in Apple Calendar.

Starting March 14, 2025, Google Workspace accounts will no longer support Google Sync. You should transition your organization off Google Sync. To check which devices in your organization use Google Sync, in your Google Admin console, go to DevicesMobile & EndpointsDevices. At the top of the page, click + Add a filter and select TypeGoogle Sync.

Security risks with Google Sync

Google Sync doesn’t support OAuth authentication, 2-factor authentication, or security keys, which leaves your organization’s data less secure. With more secure alternatives available, we recommend that you transition off Google Sync as soon as possible, ahead of the less secure app access shutdown.

What you can do

You can switch to Google apps (such as Gmail) for work. If you want to continue using third-party apps, many support user sign-in with a Google Account instead of Microsoft Exchange. To allow users to sign in with their work account, you can configure your app management settings to allow data syncing for specific apps or use Google endpoint management to push account information to specific platforms.

These instructions focus on how to set up Google Workspace so your users can access their work mail, calendar events, and contacts in Apple iOS apps. We recommend that Android users switch to the Gmail app. To use a third-party app that supports Google OAuth, you can trust the app. If the third-party app doesn’t support Google OAuth, contact the app developer.

Before you begin

Test the transition on a small number of users first. To do this, create a test organizational unit and apply the settings only to that organizational unit. 

Step 1: Turn on IMAP

Do this if you want users to sync mail to the Apple Mail app.

1. Sign in with an administrator account to the Google Admin console.

   If you aren’t using an administrator account, you can’t access the Admin console.

2. Go to Menu  Apps > Google Workspace > Gmail > End User Access.

   Requires having the Gmail Settings administrator privilege.

3. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
4. Click POP and IMAP access.
5. Check the Enable IMAP access for all users box.
6. (Optional) To allow users to sync only with Apple iOS Mail, select Restrict which mail clients users can use and enter the client ID: 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com
   Important: With this option, users can sync mail only with Apple iOS Mail. For more information, see Turn POP & IMAP on or off for users.
7. Click Save. Or, you might click Override for an organizational unit.

   To later restore the inherited value, click Inherit. 

Step 2: Sync mail, calendar, and contacts in Apple iOS apps

Do this if your organization uses advanced mobile management through Google endpoint management. Otherwise, continue to Step 3.

1. Sign in with an administrator account to the Google Admin console.

   If you aren’t using an administrator account, you can’t access the Admin console.

2. Go to  Menu  Devices > Mobile & endpoints > Settings > iOS.

   Requires having the Services and devices administrator privilege.

3. Click Account ConfigurationsGoogle Account.
4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
5. Select Auto push configuration.

6. Click Save. Or, you might click Override for an organizational unit.

   To later restore the inherited value, click Inherit. 

To sync their mail, contacts, and calendar events, users must download the Google Device Policy app and the Google mobile device management configuration profile. Learn more

Step 3: Have users remove and re-add their work account

Devices under basic mobile management

Users can remove their work account from their device and re-add it with Google instead of Microsoft Exchange. For details, see Set up Google Workspace on an iOS device. 

Devices under advanced mobile management

Ask users of iOS devices to complete these steps: 

1. Open the Google Device Policy app .
2. If the app isn’t already on the device, install it. For details, see Use the iOS Google Device Policy app.
3. Tap Menu  and make sure the user’s Google Workspace account is set up. 
4. In iOS Settings, delete the Exchange account. Depending on the iOS version, open the iOS Settings app and do one of the following:
   • Tap MailAccountsExchangeDelete Account.
   • Tap Passwords & AccountsExchangeDelete Account.
5. Open the iOS Mail app and check that the work account is added and mail is syncing to the app. 

Step 4: Turn off Google Sync

1. Sign in with an administrator account to the Google Admin console.

   If you aren’t using an administrator account, you can’t access the Admin console.

2. Go to  Menu  Devices > Mobile & endpoints > Settings > Universal.

   Requires having the Mobile Device Management administrator privilege.

3. Click Data AccessGoogle Sync. 
4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
5. Uncheck Allow work data to sync via ActiveSync.
6. Click Save.

Other options