Tag Archives: MDM

See OS version for devices with basic mobile management

What’s changing 

Admins will be able to see the operating system (OS) version for devices with basic mobile management. Previously, this information was only available for devices with advanced mobile management.

Who’s impacted 

Admins only

Why you’d use it 

OS version is an important piece of information for assessing device security. This is because devices with older OS versions may not receive all security patches and can be more prone to threats. With visibility into the OS versions used by more devices in your organization, you can better understand potential security vulnerabilities and take actions to make sure devices with access to corporate data are using OS versions you see as appropriate.

How to get started 

  • Admins: To see OS version for basic devices, go to Admin console > Device Management > Devices
  • End users: No action needed. 


Additional details 

Admins will be able to see OS information in several places:

  1. On the devices list page (Admin console > Device Management > Devices) in the OS column. Previously this would have been blank for basic devices. On this page, admins will be able to filter devices with a specific OS to find devices with specific vulnerabilities or see what impact an OS update policy may have. 
  2. In the device detail page for each device. 
  3. In the audit logs at Admin console > Reports > Devices. Note that this is only available to G Suite Business, G Suite Enterprise, and G Suite Enterprise for Education domains. 


See and filter by OS version in the devices list view 

Helpful links 

Help Center: Set up basic mobile device management 

Availability 

Rollout details 

  • Rapid Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 4, 2019. 
  • Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 4, 2019. 

G Suite editions 
Available to all G Suite editions.

On/off by default? 
This feature will be ON by default.

Stay up to date with G Suite launches

Manage and distribute Android apps when using basic mobile management

What’s changing 

You can now manage Android apps for your users when using basic mobile management. Previously, you could only do this if you used advanced mobile management.

Who’s impacted 

Admins only

Why you’d use it 

With basic mobile management you can now:
  • Organize apps in the managed Google Play store 
  • Automatically install apps on users' devices 
  • Create web apps 
  • Create private apps 

See below for more info.

How to get started 

  • Admins: Go to Admin console > Device management > App Management > Manage apps for Android devices, to start to whitelist and manage Android apps
  • End users: No action needed. Users in basic mobile management domains will now see a “Work apps” section in the managed Google Play store. The section contains the default G Suite apps and other apps that are whitelisted from the Admin console

Additional details 


Organize apps in the managed Google Play store: 
To help your users find the apps they need, you can organize apps into collections. These collections appear on devices in the “Work apps” section in the managed Google Play store.

Automatically install apps: 
With basic mobile management you can now automatically install apps on your users’ devices. Use our Help Center to find out how to manage app preferences. Note that preventing users from uninstalling apps, and some other advanced features, require advanced mobile management.

Create web apps 
You can now create and manage web apps in the Admin console. Web apps look like native apps and can make web pages easier to find and simpler to use on mobile devices. You can also distribute web apps the same way you distribute native apps–by adding them to collections in a managed Google Play store or automatically installing them on users’ devices.

Create private apps 
You can now create private Android apps directly from the Admin console. Simply upload the APK and give the app a title. The app will appear in the managed Google Play store within minutes. You can also install the app directly on your users’ devices (see above). Previously, it took several hours to create and publish an app, and you had to create a Play Console account, provide a credit card, and fill in many other fields before the app would be available to your users.


The ‘Work Apps’ tab in the managed Google Play store has the G Suite apps and other apps whitelisted by admins. 

Helpful links 


Availability 

Rollout details 

G Suite editions:
Available to all G Suite editions.

On/off by default? 
This feature will be OFF by default until app management is set up, and can be enabled at the domain, OU, or group level.

Stay up to date with G Suite launches
  • Get G Suite product update alerts by email
  • See the G Suite launch release calendar
  • Subscribe to the RSS feed of these updates
  • View company-owned desktop and mobile devices in one place

    With this launch, we’re making it possible for G Suite admins to view a more complete picture of the desktop and mobile devices used by employees in their organization.

    Add and view device info in the Admin console 

    To see a list of the devices your organization owns, you simply need to upload a CSV file listing those devices and their serial numbers in the Admin console. Previously, you could only upload Android devices; you can now add Endpoint Verification devices (Mac, Windows, and Chrome) as well.


    These devices will then appear in the company-owned devices list and show as company-owned when you click for more device details.



    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions: 

    • Uploading Endpoint Verification devices available to all G Suite editions 
    • Uploading Android devices available to G Suite Business, Education, Enterprise, and Enterprise for Education editions only 


    Rollout pace: 
    Gradual rollout (up to 15 days for feature visibility)

    Impact: 
    Admins only

    Action: 
    Admin action suggested/FYI

    More Information
    Help Center: Add company-owned devices 



    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    Reset passwords for and lock company-owned Android devices

    G Suite admins in domains with Google Mobile Management enabled can already take actions to protect the data on their users’ mobile devices. For example, they can require devices to have screen locks and wipe devices when they’re lost or stolen. With this launch, we’re giving admins additional capabilities—they can now remotely reset the password on a company-owned Android device or lock the device entirely.


    Reset device password

    If a user forgets their device password, you may want to reset it for them.


    Check out the Help Center for instructions on how to reset the password on a user’s device.

    Lock device

    If a user loses their device, you may want to lock it until it’s found. This will force users to enter the device’s password before using it.


    Check out the Help Center for more info on locking user devices.

    Please note that the reset password and lock functions can only be used in domains that have advanced mobile management enabled.

    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions:
    Available to G Suite Business and Enterprise editions, as well as Cloud Identity Premium

    Rollout pace:
    Extended rollout (potentially longer than 15 days for feature visibility)

    Impact:
    Admins only

    Action:
    Admin action suggested/FYI

    More Information
    Help Center: Lock a device and reset its password


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    Better insight into the managed mobile devices in your organization

    As a G Suite admin, it’s important that you can easily view and obtain critical information about the mobile devices your organization manages. That’s why we’re making those details easier to find and utilize with our updated mobile device list in the Admin console.

    Filter for key characteristics, take bulk actions, and more

    This list, located at Device management > Mobile devices, is not only faster and easier to scan, it allows you to do the following:

    • Filter by several categories (e.g. user name, last sync date, compromised devices, etc.), and save the URL to apply the same filters later.
    • Search by keyword or serial number.
    • Add and remove columns, and increase the number of rows shown per page.
    • Download selected columns, export them to Google Sheets, and view the progress of that task.
    • Take action on multiple devices at once and directly from the device details page.

    The mobile device list now shows all assigned mobile devices (both company-owned and personal) in one view.


    More details about individual devices

    Depending on the type of mobile management (advanced or basic) you have enabled for your organization, you can take some of the following actions when you click on a specific mobile device in the list:

    • Block, wipe, or delete the device or account.
    • See all of the apps installed on that device, and identify those that may be harmful.
    • Email the device’s user directly.
    • Learn if a device isn’t compliant and why.


    Visit the Help Center to learn more about the new and improved mobile devices list, and the ways it can help you manage mobile devices in your organization.

    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions:
    Available to all G Suite editions

    Rollout pace:
    Extended rollout (potentially longer than 15 days for feature visibility)

    Impact:
    Admins only

    Action:
    Admin action suggested/FYI

    More Information
    Help Center: View and manage mobile devices


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    Google Device Policy app ending support for iOS 8.0 soon

    The next release of the Google Device Policy app (version 3.04) won’t support mobile devices running iOS version 8.0 or lower. If your organization has advanced mobile device management (MDM) enabled, your users must upgrade to iOS version 9.0 or higher to access new MDM features or if they need to download the Device Policy app for the first time.

    We’re planning to release version 3.04 of the Device Policy app as early as next week. Please encourage your users to upgrade their iOS devices as soon as possible to avoid any disruption to their work.

    More Information
    Help Center: Minimum device requirements 

    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    Making it easier to set up Android devices as company-owned

    When employees set up their phones and tablets as company-owned devices, they give your organization full control over those devices—allowing you to apply policies regarding app installation, network settings, security options, and more. This helps protect your users and your corporate data.

    If you have advanced mobile device management but don’t register your company-owned devices in the Admin console, your users must choose to set up their devices as company-owned.

    To encourage more users to make this choice, we’ll start showing the screen below to all users who add their G Suite account to a new Android device before adding their personal account.

    This change will start rolling out on September 19th, 2018; please note that it may take several weeks for it to take effect for all users.


    Starting on September 19th, users will be asked if they own the device they’re setting up. Unless they explicitly state that they own the device personally, ownership will be auto-assigned to your organization.

    Currently, your users only see this choice if your organization has Device Owner mode enabled. That option will disappear from the Admin console on September 19th.

    Note that users will only see the screen and option above on new (and recently factory-reset) devices running Android 6.0 or higher.

    Allowing users to install any app from the managed Google Play store

    In addition to the change outlined above, we’re making it easier to install apps on company-owned Android devices and work profiles.

    Currently, you have to actively whitelist apps to make them available to your users. Starting on September 19th, users with company-owned Android devices and work profiles will be allowed to install any app from the managed Google Play store by default. If you don’t want your users to do this, you can choose to restrict app availability to whitelisted apps.

    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release on September 19th, 2018

    Editions:
    Available to all G Suite and Cloud Identity Premium editions

    Rollout pace:
    Extended rollout (potentially longer than 15 days for feature visibility)

    Impact:
    All end users

    Action:
    Change management suggested/FYI

    More Information
    Help Center: Set up Android devices your company owns


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    Secure corporate data on employee iOS devices with managed apps

    To better protect the G Suite data stored on your employees’ personal iOS devices, you can now specify that certain iOS apps be “managed” if your domain has advanced mobile device management enabled.

    If an app is managed, you can:
    • Prevent the app’s data from being backed up to iCloud.
    • Block unmanaged apps from opening managed app files.


    Note that these actions will impact both personal and corporate data on managed apps. Visit the Help Center for more information on how to manage apps on iOS devices.

    Designate an app as managed
    When you whitelist a new app for iOS devices, you can now choose to “Make this a managed app.” Once you make the app managed, you can also select to have it automatically removed from a device if that device’s MDM profile is removed.

    When you whitelist a new app for iOS devices, you can now make it “managed.”


    If you previously whitelisted an app, you can make it managed by changing that app’s settings in the Admin console.
    You can make an app you’ve already whitelisted managed by editing the app’s configuration in the Admin console.


    User notifications and required actions
    If you designate an app as managed, any users with that app downloaded will be prompted to update it in their Google Device Policy app.

    Users will be prompted to update apps that are marked as managed by their admins. 

    Users need to accept management of their apps or they’ll lose access to all corporate data on their phone.


    If a user doesn’t take action within 12 hours of receiving the notification, they’ll receive another notification prompting them to make the required apps managed.


    If a user doesn’t take action within 24 hours of receiving the notification, they’ll no longer be able to access corporate data anywhere on their device.


    Note that if you make a previously managed app “unmanaged,” users will need to remove the Google Apps Device Policy Payload Profile before the app becomes unmanaged.

    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions:
    Available to all G Suite editions

    Rollout pace:
    Extended rollout (potentially longer than 15 days for feature visibility)

    Impact:
    Admins and end users

    Action:
    Admin action suggested/FYI

    More Information
    Help Center: Recommend and manage iOS apps


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    View additional activities for managed devices in the devices audit log

    The devices audit log in the Admin console provides a report on the activities of managed mobile and desktop devices in your organization. Previously, this report was limited to domains with advanced mobile management enabled. To make it even more useful, we’re now showing some of the events in this report to G Suite Business, Enterprise, and Enterprise for Education customers with basic mobile management and endpoint verification enabled as well.

    These customers can now use this report to:
    • Find out when a G Suite account has been added to a device.
    • Learn when device screen locks have been enabled and disabled. 

    In addition, the devices audit log will now contain admin activities, like when an account wipe has been requested or executed. Knowledge of these activities can help you keep your users’ devices, and the data contained on them, safe. You can find this report in the Admin console at Reports > Audit > Devices.


    At launch, for basic mobile management and endpoint verification customers, this report will only show events on managed Android and endpoint verification devices. We’re working on expanding coverage to more devices in the future.

    Visit the Help Center to learn more about the devices audit log and how to access it. If you haven’t done so yet, check out this article for information on how to set up mobile management in your domain.

    Launch Details
    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions:
    Available to G Suite Business, Enterprise, and Enterprise for Education editions, as well as Cloud Identity Premium

    Rollout pace:
    Full rollout (1–3 days for feature visibility)

    Impact:
    Admins only

    Action:
    Admin action suggested/FYI

    More Information
    Help Center: Manage your organization's mobile devices
    Help Center: Devices audit log


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates

    New desktop device reporting in the Admin console

    We’re giving G Suite admins more visibility into which computers are being used to access their corporate data and apps through a new feature called “Endpoint Verification.”

    Endpoint Verification collects information via Chrome extensions and native apps on users’ devices, and displays that information to admins in a new report in the Admin console. It’s a lightweight and easy solution for desktop and laptop device reporting, and we hope this visibility empowers admins to maintain a strong security posture for their organization.

    Endpoint Verification report provides desktop device information 

    Endpoint Verification adds a new view in the Admin console. Once it is set up on user devices (see below), admins will be able to see:


    • An inventory of desktop and laptop devices within the enterprise that access corporate data. 
    • Device information including screen lock, disk encryption, and OS version. 


    To see the report, open the Admin console and visit Device management > Endpoint Verification.

    Information available in the Admin console when Endpoint Verification is enabled

    How to deploy Endpoint Verification in your organization 


    Endpoint Verification is available for ChromeOS, macOS, and Windows devices. It requires a Chrome extension to be installed. On Windows and MacOS devices, it also needs a native app which works with the extension. Extensions and apps can be installed by users individually or deployed centrally. See our Help Center article for admins to see details on how to deploy Endpoint Verification.

    End user experience of Endpoint Verification 

    When the Endpoint Verification extension is installed on a user’s device, there will be a notification shown to users (see image below). The user will have to click “Agree” before data from their device is shown in the admin’s Endpoint Verification report. If the user does not click “Agree,” information about that device will not be shown. The user Help Center has information about Endpoint Verification and user devices.

    Endpoint Verification notification shown to users when the extension first runs 


    Launch Details 

    Release track:
    Launching to both Rapid Release and Scheduled Release

    Editions: 
    Available to all G Suite Editions 

    Rollout pace: 
    Gradual rollout (up to 15 days for feature visibility)

    Impact: 
    Admins and end users

    Action: 
    Admin action suggested

    More Information 
    Admin Help Center: Monitor your Chrome users' computers 
    End User Help Center: Allow an admin to monitor your computer


    Launch release calendar
    Launch detail categories
    Get these product update alerts by email
    Subscribe to the RSS feed of these updates