Use Android with managed Google domains

Managed Google domains allow customers to use multiple Google products in their organization. The Google Admin console allows IT admins to manage these products.

Some products such as Google Workspace and Cloud Identity include security and management capabilities for Android as part of Google endpoint management. Alternatively, you can use a third-party enterprise mobility management (EMM) provider.

Use Google endpoint management

Note: Google endpoint management is included in most editions of Google Workspace and Cloud Identity. If your managed Google domain does not include this feature, you may need to upgrade your plan.

When you set up Google endpoint management, you can choose basic or advanced management. You can also customize management for different device platforms.

  • Use basic management if you want to secure devices with a screen lock or passcode, remotely wipe corporate accounts from devices, and manage Android apps.
  • Use advanced management for more control over device policies and passwords, to keep work and personal apps separate, and for the ability to wipe all data from devices.

Compare mobile management features.

To use Google endpoint management as your EMM provider:

  1. Set up basic mobile device management or advanced mobile device management.
  2. Source devices.

Use a third-party Android EMM provider

Instead of Google endpoint management, you can use a third-party Android EMM provider with your managed Google domain. Third-party EMM providers support the similar features to advanced Google endpoint management.

Multiple EMM providers can now be bound to a single managed Google domain. This enables different EMM providers to manage distinct sets of users. Each provider can be configured with different settings, and used to manage devices of different user organizational units (OUs) by enabling the desired EMM provider for that organizational unit.

Step 1: Select a third-party EMM provider

Use the Enterprise Solutions Directory to find a third-party EMM provider for your organization. Android Enterprise Recommended providers meet an advanced set of enterprise requirements.

From 2024, all new Android Enterprise customers will be provided with a managed Google domain when enabling Android management through their chosen EMM provider.

After completing the Android Enterprise registration process, your chosen EMM provided will be automatically bound to their managed Google domain - step 2 below can be skipped.

Step 2: Bind a third-party EMM provider

Use the Enterprise Solutions Directory to find a third-party EMM provider for your organization. Android Enterprise Recommended providers meet an advanced set of enterprise requirements.

From 2024, all new Android Enterprise customers will be provided with a managed Google domain when enabling Android management through their chosen EMM provider. After completing the Android Enterprise registration process, your chosen EMM provided will be automatically bound to their managed Google domain - step 2 below can be skipped.

If your organization has an existing managed Google domain, you can allow a third-party EMM provider to manage Android devices in your organization. After you select a third-party EMM provider, follow their instructions to enable Android Enterprise management and bind to your existing managed Google domain. You can then enable the EMM provider for selected organizational units using the Google admin console.

Before you begin: If you used Google endpoint management as your EMM, set mobile device management for the organizational units you want to manage with the third-party EMM to “Basic”. Learn how

After you add a third-party EMM provider:

  • You can’t manage Android apps for any organizational unit through the Admin console.
    • Note: If you previously used Google endpoint management to manage apps, those apps are unmanaged until you enable the provider for organizational units.
  • You can still use basic mobile management in Google endpoint management to manage device security for any organizational units that you don’t enable the EMM provider for.
  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenThird-party integrations.
  3. Click Android EMMand thenManage EMM providers.
  4. If a token is present in the token generator, copy the token. Otherwise, click Generate Token to create a new token and copy it.
  5. Go to the EMM provider’s website and share the token. Your EMM provider should provide the remaining setup instructions.
  6. After the provider has your token, the provider is listed in the table.

  7. Close the Manage EMM providers dialog to return to the settings page.
The EMM provider is now listed on the Android EMM setting card. To enable the provider for your users, go on to the next step.

Step 3: Enable the EMM provider

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenThird-party integrations.
  3. Click Android EMM.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Check the Enable third-party Android mobile management box.
  6. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.

Next: Step 2. Source devices

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
13106950073825235098
true
Search Help Center
true
true
true
true
true
108584