Set up advanced mobile management

This feature isn't available in the free edition of Cloud Identity.

Use advanced management if you want more control over access to your organization's data. You can restrict device features like notifications on the lock screen, require device encryption, manage apps on Android and Apple® iOS® devices, and wipe data from a device. 

To manage Apple iOS devices, you must set up an Apple Push Certificate.

Android and iOS users are prompted to install a device policy app, and iOS users might be prompted to install a configuration profile, so that you can manage their devices.

Step 1. Turn on advanced mobile management

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click Setup.
  4. Click Mobile Management.
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Select Advanced.
  7. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
  8. If you see a message that you need to enable sync on mobile, click Go to Sync on Mobile. Check the boxes for the devices you want to allow to synchronize work data and click Save.
  9. If you want to manage iOS devices and apps, create an Apple push certificate. You need to renew this certificate annually.

Step 2. Set up password and approval requirements

Before  you begin: Tell users you will manage the mobile devices they use for work. Let them know about the policies you set, including password requirements.

  1. Set password requirements for managed mobile devices. You can set the password length, require special characters, and set an expiration.
  2. To screen devices before they can access work data, require admin approval for mobile devices.

Step 3. Set up company-owned devices

This feature is only available with G Suite Enterprise and G Suite Enterprise for Education.

Skip this step if you don't have company-owned devices.

  1. Make an inventory of company-owned devices.
  2. Deploy Android devices with zero-touch enrollment.

Step 4. Protect your organization's data

To make your organization's data more secure, enable advanced management settings as needed or required for your organization.

Recommended settings

Advanced settings (all mobile devices)

  • Block compromised devices
  • Block devices that are not Android CTS compliant 
  • Require device encryption

Android settings

  • Auto-wipe devices that don't sync within a specified period
  • Don't allow application verification to be turned off
  • Don't allow USB file transfer
  • Don't allow apps from unknown sources
  • Don't allow notification details on lock screen
  • Don't allow trust agents (under lock screen settings)

iOS settings

  • Don't allow notification details on lock screen
  • Don't allow managed apps to store data iCloud
  • Require encryption for backups if you allow device backups

Next steps

 

 

 

 

 

Was this helpful?
How can we improve it?