The mobile device management settings for G Suite admins used to show a long list of options. Configuration could take a while, since you had to look at each option to determine if the setting affected only Android devices, only iOS devices, or all devices.
G Suite mobile device management makes more sense now, thanks to a recent redesign. Settings are now grouped logically, replacing a long list of options. And settings for Android and Apple devices are now displayed in separate menu areas.
G Suite admins also now have a better set of choices to manage mobile devices. Google separates the settings into unmanaged, basic, and advanced controls for Android, Apple iOS, and Google Sync connected mobile devices.
If you’re a G Suite admin you should go take another look at your mobile device management options to make sure the settings reflect your organization’s needs and G Suite’s current capabilities. Login to your Admin console ( https://admin.google.com) > Device Management > Setup (under Mobile in the left-side menu), then choose “Mobile Management.”
Here’s an overview of the major distinctions between G Suite’s basic, advanced, and custom mobile management options.
Basic mobile management lets the organization secure the device and erase corporate data on it. For example, you can require the user to unlock the device before use.
Basic management also allows for remote removal of data by a G Suite administrator. A “wipe account” option removes the organization’s data, including email, calendar, and contacts. Most often, you would use “wipe account” when a person leaves the organization or loses a personally owned device. It leaves personal data untouched. (This is not the same as a “remote wipe,” which factory resets the device.)
Advanced mobile management provides administrators more control over device policies and passwords, and adds the ability to manage mobile apps. Advanced options include settings that configure the time before the device auto-locks, specify password length requirements, and set the number of failed login attempts before device data is erased. Advanced management also adds “remote wipe” capabilities.
Advanced management also allows personal and work data to stay separated. On an Android device, you configure a “work profile” with the Google Apps Device Policy app. On an Apple iOS device, you’ll install the Google Device Policy App. (As an administrator, you’ll need to choose which apps are allowed. For examples, see How to auto-install Google Hangouts on Android devices in your G Suite domain and How to manage iOS devices with Google Apps.) You then install apps–either to the work profile from the Play Store on Android, or from within the Policy App on iOS–to your device.
Note: “Remote wipe” works a bit differently if a work profile exists on a device. When an administrator sends a “remote wipe” to a device with a work profile, only the work data is deleted from the device. Personal apps and information remain on the device.
Custom management options let you select unmanaged, basic, or advanced controls for Android, iOS, and Google Sync connected mobile devices. The option also allows you to choose different settings for different devices.
Which do you choose?
If you need enhanced control over device security settings or want to manage apps, choose Advanced management. A medical practice would likely select Advanced, for example. However, you could also choose Custom, then select Advanced for company-owned devices and Basic for personally-owned devices. That would let you manage apps and set strict security requirements for company-owned devices, as well as allow access to company data from personally-owned devices (which could be erased without affecting personal data).
Have you reviewed the new G Suite Mobile Management settings? How did you choose between Basic, Advanced, and Unmanaged options for your organization? Tell us in the comments.