Skip to content

Mobile Management

5 minute read

Once you have deployed mobile devices for your organization (see our Mobile Deployment page for deployment help), managing mobile device settings is the natural next step.

To edit settings for mobile devices, access the Device management settings page (Admin Console: Google Apps > Mobile > Device management settings, Control Panel: Settings > Mobile > Org Settings).

From this page, you can change a wide range of mobile device management settings, which are described below on this page. If you need additional information about any features, take a look at this Google Support page.

Mobile device settings will vary from organization to organization. When deciding on your mobile device settings you should consider factors such as security, convenience for users, and what features will and will not benefit your organization. Fortunately the Admin console provides quite a few mobile device management settings options that allow you to customize mobile device settings for your entire organization or for specific OUs.

GENERAL SETTINGS
  • Enable Android Sync for users: Selecting this setting (which is recommended by Google) allows Android users in your organization to sync to your domain.
  • Enforce policies on Android devices: If you enable this feature, any users with Android 2.2+ have to install and configure Google Apps Device Policy on their phones in order to sync with your domain. Enabling this feature allows you to enforce the mobile settings located on the current page. If you do not enable this feature, Android devices will sync without the need to install Google Apps Device Policy, but the settings on this page will not be enforced on your users’ devices.
  • Only enforce available policies on Android devices: Older Android devices that do not support all of the configured policies will have the available policies enforced. If you do not enable this feature, users with older Android devices that do not support all configured policies will not be able to sync with your domain at all. This option is a good option for organizations that want to be secure, but are not forced to comply with specific policies or laws requiring them to meet certain security standards.
  • Users need to update Google Apps Device Policy app to the latest version within 30 days of its release: This option is not really an option, as it is on by default and cannot be disabled. It is important that your users update to the latest version of this application so that you can enforce the latest security policies on users’ devices.
  • Enable Google Sync for Users: Selecting this option (which is recommended by Google) allows users with iOS, Windows Phone, or other devices supporting Google Sync to sync with your domain.
PASSWORD SETTINGS

Unless noted, all of these settings are supported by Android, iOS, and Windows Phone devices.

  • Require users to set passwords on their devices: Enabling this feature requires users to set passwords for accessing their devices.
  • Minimum number of characters: This setting sets the minimum number of characters for a user’s device password.
  • Number of days before password expires: This sets the number of days after which a user has to reset their device password. Android support for this feature only in Android 3.0+.
  • Number of expired passwords that are blocked: This setting allows you to choose the number of expired passwords that a user cannot use as their device password. So for example, let’s say a users previous four passwords were 0000, 0001, 0002, and 0003 (0003 being the most recent). If this setting was set at 3, the user could set their password as 0000 but could not set their password as 0001. Android support for this feature only in Android 3.0+.
  • Automatically lock the device after: This setting allows you to set the amount of time of inactivity (1, 5, 15, or 30 minutes) after which a device will be locked.
  • Number of invalid passwords to allow before the device is wiped: This setting allows you to set a number of how many invalid passwords can be entered on a device before the device is wiped.
DEVICE SETTINGS
  • Encrypt data on device: Enabling this setting will encrypt the data on users’ devices. It is important to note that the level of encryption will vary based on the operating system. See the encryption settings section of this page to learn more. Supported on devices running iOS or Android 3.0+
  • Allow automatic sync when roaming: Enabling this setting can lead to increased data costs for your organization or your users (depending on who pays for the phone plan). If you leave this setting unselected, users can still perform manual syncs while roaming. Supported only on iOS
  • Allow camera: This setting allows you to select whether or not the camera function can be used on users’ devices. Supported on Android 4.0+ and iOS
ADVANCED SETTINGS
  • Enable application auditing: If enabled, this feature allows admins to audit the apps users have on their devices from the Devices tab of the Admin console. Supported only on Android devices with the Device Policy app installed
  • Allow user to remote wipe device: Enabling this setting allows Android users in your organization to remote wipe their devices from their My Devices page in Google Apps. Supported only on Android devices with the Device Policy app installed
  • Enable device activation: Enabling this setting forces Android users to install the Device Policy app to be able to sync with Google Apps. When users sign into their Android devices with their Google Apps account, their devices will show up in the Activation tab of the mobile device management area of the Admin Console. Supported in Android, iOS, and Windows Phone
  • Email address for sending device activation notifications: This setting is optional and if an address is entered, an email will be sent to that email address when users first sync their devices and the devices need approval.
GOOGLE PLAY SETTINGS
  • Allow users to access Google Play Private Channel: Enabling this setting will allow users to access the private Google Play channel that is restricted to your domain. Supported only on Android devices
  • Allow users to update Google Play Private Channel: Enabling this setting allows users to create Android apps for internal use within your organization and publish them to your organization’s private Google Play channel. Supported only on Android devices
  • Enable device activation: Enabling this setting forces Android users to install the Device Policy app to be able to sync with Google Apps. When users sign into their Android devices with their Google Apps account, their devices will show up in the Activation tab of the mobile device management area of the Admin Console. Supported in Android, iOS, and Windows Phone
  • Email address for sending device activation notifications: This setting is optional and if an address is entered, an email will be sent to that email address when users first sync their devices and the devices need approval.
GOOGLE SYNC SETTINGS
  • Google Sync IP Whitelist: This is a list of IP addresses from which your users can access Google Sync. Only enable this setting if your organization requires it. See the Google Sync IP Whitelist section of this page to learn more. Supported only on iOS and Windows Phone
  • Enforce Delete as Trash: By default, Google Sync deletes messages by removing them from the inbox and archiving the messages. If your organization has an email retention policy that requires email to be deleted, turn on this feature to put your user’s mail into the trash. Only applies to iOS and Windows Phone.
ANDROID SETTINGS
  • Enable Google Now (also applies to iOS): This setting allows users to use Google Now on their Android (4.1+) devices and iOS devices with the Google Search app installed.
  • Enable Lock Screen Widgets: With this setting enabled, your users with Android 4.2+ devices can have email and calendar widgets on their lock screen.
NETWORK SETTINGS
  • These settings allow you to add a configured network or multiple networks to managed Android 2.2+ devices with Google Apps Device policy installed. 

Sign up for our newsletter