How admins can manage mobile devices with G Suite

G Suite admins, protect your organization's G Suite data on Android and iOS mobile devices by enabling basic mobile management

Cybersecurity in an IoT and Mobile World: 3 big factors

A G Suite administrator can choose basic mobile management to let people with Android and iOS devices connect to G Suite apps and services. When a person leaves or loses a device, the administrator can erase the organization's data from the device, without affecting any of the individual's private apps or information. The process is now agentless for both Android and iOS devices: No app download is required for mobile management.

Here's what you need to know about basic mobile device management for G Suite.

1. Enable basic mobile management

To do this, sign in with a G Suite administrator account at Choose Device Management > Setup (under the left-side "Mobile" menu) > Mobile Management. Turn the "Enable Mobile Management" slide to "Enabled." Select "Basic" below, then choose "Save" to keep your changes. Wait up to 24 hours for the settings to apply to all of your organization's accounts.

Screenshot of G Suite mobile management (shows slider enabled), Basic selected (Advanced and Custom not selected)

A G Suite admin can enable basic mobile management in the Admin console > Device Management > Setup > Mobile Management.

2. Sign in with a G Suite account on an Android or iOS device

As people sign in to G Suite on mobile apps and devices, the devices will be added to the list of connected devices. A G Suite admin can see all connected devices at G Suite admin console > Device management > Devices.

3. When necessary, remotely erase device data

When a G Suite admin needs to erase device data, they can sign in to, go to Device management > Devices, select the device, then choose "Wipe account" to remove all of the organization's data from the device. If desired, the G Suite admin can delete the record of the device from the G Suite system.

Screenshot of Device Management listing for the selected Android device (shows make, model, connect date, last sync, and "Wipe Account" option

A G Suite admin can select "Wipe account" to remove the organization's data.

Additionally, a G Suite admin might choose to reset the user's password. To do this, in the Admin console, go to Users, then select the Reset Password icon in the row to the right of the person's account. This ensures that if the person had signed in to G Suite account from a mobile browser, G Suite will require them to sign in again.

And, that's it. G Suite basic mobile management is straightforward and simple.

Advanced options available

Advanced mobile management options remain available. These give a G Suite administrator more control of specific mobile security settings. For example, advanced mobile management allows a G Suite admin to remotely wipe an entire device (everything, not just the organization's data), manage app installs, and set a specific lock screen, password, or pin policies. (See Google's chart that compares basic and advanced mobile management features:

But for more control, a G Suite admin needs to do more work. They'll need to install the Google Device Policy app on each device and configure a connection between G Suite and Apple's Device management services. And they'll need to review and configure several screens full of advanced mobile management security settings for Android and iOS.

Advanced or Basic?

Organizations that provide company-owned phones to employees will likely prefer advanced mobile management. Organizations that require rigorous security may also prefer the additional controls, too.

But for organizations where people use their personal devices for work activities, basic mobile management makes a great deal of sense. It gives the organization control of the organization's data, while the phone's owner retains full control of everything else on the device.

Which do you use?

If your organization uses G Suite, has the new agentless basic mobile management been beneficial for your organization? Or do you use advanced mobile management? Let me know which method your organization uses--either in the comments or on Twitter (@awolber).

Also see

Photo of Android device with "An account was deleted" alert displayed in front of G Suite admin screen showing "Wipe account" device management (with a red arrow from "Wipe account" to phone alert)
Image: Andy Wolber