The 55 settings I see on my mobile device management (MDM) settings page might overwhelm a new Google Apps administrator. Some choices are obscure (e.g., “Allow Google Glass to be used with these accounts”), while others apply only to Apple mobile devices (e.g., “Enable CalDav sync”).
Google provides a detailed explanation of every option. You could read through all the details–or you might first focus on the following sections. These settings control which type of device can connect, what password policies are applied, the process by which a device connection is approved, and how Android devices store organizational information.
The settings shouldn’t be determined solely by tech leaders. The configuration of these settings impacts how people sync and store the organization’s information on mobile devices. Managers outside of IT need to understand the alternatives–and implications–of the available choices. These decisions affect how people at your organization work on smartphones and tablets.
As covered previously, the organization’s leaders–IT included–need to discuss, decide, and communicate mobile device policies. After that, a Google Apps Administrator can login (http://admin.google.com) to configure settings that support the policies.
The settings listed below are found on the Device Management Page, within the Mobile Management section of Google Apps (Figure A).
From the Google Apps Admin console, select Device management, then configure mobile management settings.
1. Which devices sync?
To allow sync from all types of mobile devices, you’ll most likely want to select six boxes in the General settings section. The first series of boxes allow Android Sync, Google Sync, or iOS Sync (Figure B); a second setting for each enforces policies on devices. (The added option under Android will allow an older device to sync, even if the device doesn’t support a specific policy, such as encrypted storage.)
Choose sync and policy enforcement settings.
2. Password required?
Next, select and configure password requirements for mobile devices (Figure C). Be careful with the “Number of invalid passwords to allow before the device is wiped” option. In a business, you may want to configure this to protect sensitive information. However, in a school setting, this could allow a student to intentionally enter an incorrect password repeatedly to erase data on a device.
Set password requirements for connected mobile devices.
3. Require device activation?
Device activation puts a person between your organization’s data and a newly-connected mobile device. With “Require device activation” selected, an administrator must approve each device before any data syncs (Figure D). So, check the box and add the email address of an administrator designated to review activation requests.
Set Google Apps to require a person to approve each new mobile device connection request.
4. Android only: Require Work profile?
Android for Work divides work and personal information: photos, files, and Gmail for work remain separate from personal photos, files, and Gmail. Even better, when an employee leaves–or loses a device–a remote erase removes only work information. Personal apps and data remain untouched.
An employee who brings their own device to work may appreciate the added privacy: the employee retains control of their personal apps and data, while the company gains control of mobile work data.
So, if you already use Google Apps, take the time to setup Android for Work. Then, check the “Require Work profile” setting to create a separate section for Android apps for Work on connected devices (Figure E).
Configure Android for Work in Google Apps to keep work and personal information apart on Android devices.
The four sections of settings above comprise a little less than half of the available mobile device settings. As you have time, explore and customize the others. Configure these four first to improve your organization’s control of mobile devices connected to your Google Apps account.
Which additional MDM settings do you view as essential in Google Apps? Share your opinion in the discussion thread below.