How to use Mobile Management

Step 1: Access Google Apps Mobile Management: Sign in to your Google Admin console, at https://admin.google.com. Go to Device management

Note: If Chrome Management is enabled, go to Device management > Mobile to access Mobile Management.

Step 2 (optional): Enforce mobile settings for specific organizations by assigning users to organizational units on the Device management page. For iOS devices, follow the steps in the Apple Push Certificate Setup Flow.

Step 3: Set the mobile settings you want to enforce for your entire organization or for each organizational unit. Learn more at Configure mobile device settings.

Step 4: Send your users an email using this email template to inform them about the device policies you're going to enforce and to instruct Android users to download the Device Policy app.

Step 5 (optional): If you've selected Enable device activation, devices that register after activation is enabled will need to be approved before they can start syncing with your domain. For iOS devices, this feature will only work if Enforce policies for iOS devices is enabled in Step 2.

Devices are now synced to users' Google Apps accounts. You can delete, block, remote wipe or wipe a device at any time. After a device is blocked, mobile apps will continue to run for not more than 60 minutes as the authorization token is valid for that duration. You can also view and export user device information on the Managed devices page. Note that Account Wipeis not supported for iOS devices.

How to deploy device policies with Mobile Management

Here are two common scenarios administrators use to deploy Google Apps Mobile Management:

Simple Setup

This is the most flexible option, which ensures all your users can sync to Google Apps with little setup. Use simple setup if the following apply to your organization:

  • Chief priority is for all your users to be able to use Google Apps on their mobile devices.
  • Your organization doesn't have rigorous policies around enforcing passwords on devices, approving devices, encrypting devices, and doesn't need to enforce mobile security policies.

If these criteria apply to your organization: On the Device management settings page, select Enable Android Sync for users and Enable iOS Sync for users. Keep the rest of the device policies unselected.

Advanced Setup

This is for organizations that need to enforce rigorous device policies. Use advanced setup if the following apply for your organization:

  • Require users to set passwords on their devices and automatically lock their device if it's been idle for a period of time.
  • Require users to have their devices approved by an administrator before being able to access their Google Apps data from their device.
  • Be able to remotely wipe your users' device if they lose it.
  • Set different types of mobile policies for different organizational units. For example, you may want to require employees in Finance and Accounting to have encrypted devices whereas you could set different security policies for general employees.
  • Audit applications users have installed on their Android devices that access Google Apps data.
  • Export information about how many of your users are using Android and Google Sync devices in a spreadsheet.

If these criteria apply to your organization: On the Device management settings page, select Enforce policies on Android devices and Enforce policies on Google Sync devices and Enforce policies on iOS devices and enable the advanced mobile settings. Apple Push Certificate Setup is needed for enforcing policies on iOS devices. Learn more about setting up your Apple Push Certificate.

Note: Before you enable settings such as Encryption on Android, check Configure mobile device settings to make sure your users' devices support the settings.