A G Suite administrator can choose basic mobile management to let people with Android and iOS devices connect to G Suite apps and services. When a person leaves or loses a device, the administrator can erase the organization’s data from the device, without affecting any of the individual’s private apps or information. The process is now agentless for both Android and iOS devices: No app download is required for mobile management.
Here’s what you need to know about basic mobile device management for G Suite.
1. Enable basic mobile management
To do this, sign in with a G Suite administrator account at https://admin.google.com. Choose Device Management > Setup (under the left-side “Mobile” menu) > Mobile Management. Turn the “Enable Mobile Management” slide to “Enabled.” Select “Basic” below, then choose “Save” to keep your changes. Wait up to 24 hours for the settings to apply to all of your organization’s accounts.
2. Sign in with a G Suite account on an Android or iOS device
As people sign in to G Suite on mobile apps and devices, the devices will be added to the list of connected devices. A G Suite admin can see all connected devices at G Suite admin console > Device management > Devices.
3. When necessary, remotely erase device data
When a G Suite admin needs to erase device data, they can sign in to https://admin.google.com, go to Device management > Devices, select the device, then choose “Wipe account” to remove all of the organization’s data from the device. If desired, the G Suite admin can delete the record of the device from the G Suite system.
Additionally, a G Suite admin might choose to reset the user’s password. To do this, in the Admin console, go to Users, then select the Reset Password icon in the row to the right of the person’s account. This ensures that if the person had signed in to G Suite account from a mobile browser, G Suite will require them to sign in again.
And, that’s it. G Suite basic mobile management is straightforward and simple.
Advanced options available
Advanced mobile management options remain available. These give a G Suite administrator more control of specific mobile security settings. For example, advanced mobile management allows a G Suite admin to remotely wipe an entire device (everything, not just the organization’s data), manage app installs, and set a specific lock screen, password, or pin policies. (See Google’s chart that compares basic and advanced mobile management features: https://support.google.com/a/answer/7576736?hl=en.)
But for more control, a G Suite admin needs to do more work. They’ll need to install the Google Device Policy app on each device and configure a connection between G Suite and Apple’s Device management services. And they’ll need to review and configure several screens full of advanced mobile management security settings for Android and iOS.
Advanced or Basic?
Organizations that provide company-owned phones to employees will likely prefer advanced mobile management. Organizations that require rigorous security may also prefer the additional controls, too.
But for organizations where people use their personal devices for work activities, basic mobile management makes a great deal of sense. It gives the organization control of the organization’s data, while the phone’s owner retains full control of everything else on the device.
Which do you use?
If your organization uses G Suite, has the new agentless basic mobile management been beneficial for your organization? Or do you use advanced mobile management? Let me know which method your organization uses–either in the comments or on Twitter (@awolber).