Jacob Bradshaw discusses the setup and usage of Google's MDM solution, so that you can utilize it for your organization.
Having worked for a number of years in a small business, I've learned how important each penny is and just how far each purchase needs to go. With that knowledge, our company had decided to capitalize on the power of Google through its Apps portal available for small businesses.
For our small team, it was everything we wanted — email, docs, calendaring, and more. We thought we did a pretty decent job of using it to the fullest extent possible. This was the year before the first iPad was released, and little did we know the capabilities that Google Apps would soon possess.
As iPads and other tablets have infiltrated the market, there have also been several tools released to aid in managing these personal devices. One such tool was incorporated into Google Apps — Google's own mobile device management (MDM) solution. It isn't as powerful as other third-party apps, but it certainly paves the way in getting BYOD tablets in your organization secured. In this article, we'll go over the setup and usage so you can utilize it for your organization.
The first thing your organization needs is an account with Google Apps. In order to gain access to the MDM features, you'll need a paid account. This guide is designed with that in mind, so please plan accordingly. If you currently do not have a paid account, feel free to use this guide to help you decide whether or not you should use it.Once the Apps account is verified, you'll need to complete the setup of your organization's account information. Google Apps will take you through a self-guided setup process (see Figure A) that covers all the basic areas of use, such as the number of accounts you have, where to import existing account settings from, and even the mobile aspect of its tools listings. Figure A
Screenshot of Google Apps setup wizard.
Once the setup of Google Apps is completed, you can begin the test deployment stage. It should be noted that although Google Apps works with multiple mobile platforms, it's best designed to handle Android devices, and you will find that there are far more settings for that platform.
There are some settings that are universal for all platforms, such as passcodes, that can be enforced on all devices. Regardless of the platform, mobile devices are only as secure as their users make them, so I would still stress the use of passcodes and periodic trainings to your users so they can understand more about the reason for and use of security in their own work.
Another beneficial tool is geolocation, which is a rather large privacy concern for many users as well. If a user loses his or her tablet, geolocation helps locate it. A company's privacy policies will dictate the use of this feature. However, on the user end, I've found geolocation to be extremely beneficial for tracking where I've been when I'm trying to remember a client's address.
During the account setup, you'll be able to select the devices that you want to sync with your Google Apps account: Android, iOS, BlackBerry, Windows Mobile, and other (such as Symbian-based phones, or feature phones that are compatible with SyncML or ActiveSync). The process consists of selecting check boxes for the phones. Included in their respective check box area are instructions on setting up that device with Google Sync and Apps integration.
Once the setup is complete, you'll be able to access your Dashboard and Control Panel. Here you can specify application-specific settings. The Mobile mobile section is divided into three tabs:
- Activation: shows all the devices awaiting approval
- Devices: gives you an overall view of all the devices being managed at any given moment; you can view more detailed information, including device configuration, applications installed, and so on
- Org Settings: This area is made up of the following four sections (see Figure B):
- General settings: allows you to sync to various devices and specifies what kind of syncing is allowed: Android Sync, Google Sync, or none at all
- Password settings: determines what kind of password policy should be in effect, how often the password is altered, and the complexity of the password
- Device settings: for enabling or disabling some device features; you can also enforce the device's encryption, disable the camera, and prevent the phone from syncing whenever it's roaming
- Advanced settings: lets you control what or whose device can be used to access the Google Sync and Apps; it also allows you to pull an application audit so that you can see what apps are installed on a user's device
Screenshot of Google Apps Mobile Dashboard.
For a limited MDM solution, I've also found the user portal of Google Apps to be very useful. To access the portal, users must log into their Google Apps account, and then follow these steps:
- From the Dashboard, click Account in the top left corner
- Select Products
- Click on Mobile Devices, which will bring the up the devices currently linked to the account. There are three sections here that the user can view:
- Information: gives basic information about the device
- Manage: has some useful tools like the ability to reset the pin, lock the device, and ring the device. When I tested the Ring Device feature, my tablet sent out one of the most unholy of sounds at the highest volume possible. No matter if the device is on silent or vibrate, it will alter the settings to make the device locatable by that noise. It will continue the banshee's scream for five minutes or until you press the power button.
- Locate: displays where the device is located, as long as the GPS, Wi-Fi, and tablet are turned on. If the GPS is off, it will get an approximate location based on the Wi-Fi signal, so you still get a general idea.
Even with the limitations, the Google MDM solution still offers some key benefits that will help your organization, especially if you don't currently have a solution in place. When it comes to BYOD tablets or phones in your organization, you definitely need a plan. What experiences have you had using Google's MDM solution? Share them below in the comments.