Summary
This document outlines the process for setting up advanced mobile management in Google Workspace for supported editions. The steps include turning on advanced mobile management, setting password and approval requirements, configuring company-owned devices, and securing organizational data using various recommended settings for Android and iOS. Administrators are provided with links for further details and next steps.
Action Items
- (as needed) – Administrator: Sign in to Admin console and enable advanced mobile management for appropriate organizational units.
- (as needed) – Administrator: Set or update password requirements and device approval processes for managed mobile devices.
- (as needed) – Administrator: Set up an Apple push certificate if managing iOS devices.
- (as needed) – Administrator: Inventory company-owned devices and deploy via zero-touch enrollment (Android) or configure iOS management.
- (as ongoing best practice) – Administrator: Apply recommended data protection and compliance settings for mobile devices.
Enabling Advanced Mobile Management
- Confirm device and user license requirements are met for advanced management.
- Administrators must use the Admin console to enable advanced mobile management, optionally by organizational unit.
- For iOS devices, set up an Apple push certificate before enabling advanced management.
- Save or override settings as appropriate; restore inherited settings if needed.
- If prompted, enable sync for approved mobile devices to allow work data access.
Setting Password and Approval Requirements
- Inform users that their work devices will be managed and explain relevant policies.
- Set requirements for password complexity and expiration in the Admin console.
- (Optional) Require admin approval for new mobile devices before they access work data.
Configuring Company-Owned Devices
- For Android: Create an inventory of company-owned devices and deploy using zero-touch enrollment.
- For iOS: Set up company-owned device management following Google’s guidance.
- Skip this step if there are no company-owned devices.
Protecting Organizational Data and Applying Policies
- Use advanced management to enforce security, such as blocking compromised devices and requiring encryption.
- Android recommendations: Automate wipes for inactive devices, block non-compliant devices, restrict app installations and file transfers, tighten notification settings.
- iOS recommendations: Restrict notification details, block managed app data storage in iCloud, require encrypted backups.
Next Steps and Resources
- Approve mobile devices as needed.
- Manage device apps and review device details using provided Admin console links.
- Reference Google’s support resources for additional configuration and troubleshooting.
Decisions
- Enable advanced mobile management only for supported users and devices — Ensures compliance and proper policy enforcement.
- Set password and approval requirements for mobile devices — Enhances security and control over organizational data.
Open Questions / Follow-Ups
- Are there users/devices currently ineligible for advanced management whose access needs to be reviewed?
- Are all administrators trained on deploying and managing Apple push certificates for iOS devices?
- What communication plan will inform users about these new device management policies?