https://gsuite.google.com/setup/
Set up advanced mobile management Advanced mobile management offers a few more features than basic management: ●
Separate a user’s (personal and work) accounts on their Android phones.
●
Enforce strong passwords.
●
Get reports and alerts.
●
Approve devices before they access company data.
●
Apply policies and control which apps are installed on your users’ devices.
With advanced mobile management, you set up Android devices differently from iOS® devices. Changes apply to every user in your domain, or you can add organizational units. To do this, from the Device Management page, click the organizational unit you want to set up mobile management for.
CONTENT 1. First, turn on advanced mobile device management 2. Then, set up Android and iOS device management 2.1
iOS devices Step 1: Request the certificate from the Admin console Step 2: Get the certificate from the Apple Portal Step 3: Set up the signed Apple Push Certificate
2.2
Android devices
3. (Optional) Apply additional settings 3.1
(Recommended) Enforce passwords
3.2
Apply Android settings
3.3
Apply iOS settings
4. (Optional) Approve your users’ personal devices 4.1
Set up device approval
4.2
Approve devices
5. Have your users enroll their devices
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
1
1
First, turn on advanced mobile device management If you want to use advanced mobile device management for iOS and Android devices, also install the Apple Push Certificate and turn on Android App Management (see below). 1.
Sign in to the admin.google.com with your G Suite username and password.
2.
From the Admin console Home page, click Device Management.
3.
From the left menu, click Setup.
4.
Click Mobile Management, and next to Enable Mobile Management, click Enabled
5.
Click Advanced.
6.
Click Save.
.
Users must enroll their devices.
2 2.1
Then, set up Android and iOS device management iOS devices To apply policies and settings to iOS devices, you first install an Apple Push Certificate.
Step 1: Request the ce i cate from the Admin console 1.
From the Google Admin console, click Device Management.
2.
From the left menu, click Setup.
3.
On the Setup page, scroll down and click Apple Push Certificate.
4.
Click Set up an Apple Push Certificate.
5.
Click Download to download the Certificate Signing Request from Google. Remember where this file has been downloaded; you’ll need it later.
6.
Check the box next to I’ve downloaded the certificate signing request.
7.
In the next panel, click the Apple Push Certificate Portal link. A new window opens in your browser.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
2
Step 2: Get the ce i cate from the Apple Po al 1.
Sign in using a group Apple ID. Don’t enter your users’ Apple ID or a personal one. If you don’t already have a group Apple ID, create a corporate group email address and use that email.
2.
(Optional) On your device, if you have 2-Step Verification turned on for your Apple ID, you may also have to click Allow on your iOS device when you’re prompted and enter the verification code.
3.
On the Apple Push Certificate page in your browser, click Create a Certificate.
4.
Check the Terms and Conditions box, and click Accept.
5.
Click Choose File, and select the file you downloaded from the Admin console. This file name should look something like google_ios_push_certificate.csr.
6.
Click Upload. You’ll see a confirmation page.
7.
On the confirmation page, click Download to keep a copy of the signed certificate. This file name should look something like MDM_ Google Inc. (Ent)_Certificate.pem.
8.
Close the Apple portal page. The Admin console iOS Certificate page should now be displayed in your browser.
Step 3: Set up the signed Apple Push Ce i cate 1.
In the Admin console iOS Certificate page, check the I’ve got a signed Apple Push Certificate box.
2.
Click Select certificate file, and select the .pem file you downloaded in step 2.
3.
Check the I’ve selected the certificate file box, and click Verify.
4.
You’ll see a confirmation message. Click Continue Setup.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
3
5.
(Recommended) Save your Apple ID: a.
In the Admin console Device Management page, click Apple Push Certificate.
b.
In the Apple ID page, enter the Apple ID. This is strongly recommended, because you’ll need to renew your certificate every year. If you don’t have this information when you renew, you’ll have to create a new Apple ID and your users will have to go through the set-up process on their devices again.
c.
2.2
Click Save.
Android devices 1.
From the Google Admin console, click Device Management.
2.
From the menu on the left, click Setup.
3.
Scroll down and click Android App Management.
4.
Next to Manage Android Apps, click Enable Android app management.
5.
Click Enable.
3
(Optional) Apply additional se ings You can apply separate settings to Android and iOS devices that you manage. For example, you can enforce passwords, get notifications sent to you, or have accounts wiped if they’re not used for a certain number of days. See what other policies you can apply.
3.1
(Recommended) Enforce passwords 1.
From the Google Admin console, click Device Management.
2.
From the menu on the left, click Password Settings.
3.
Check the Require users to set a password box.
4.
Next to Password Strength, choose your required password settings.
5.
Click Save.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
4
3.2
Apply Android se ings 1.
From the Google Admin console, click Device Management.
2.
From the left-hand menu, click Android Settings. General settings
Choose settings that control notifications, removal of data after device inactivity, lock screen widgets, and more.
Work Profile
Set up Work Profile to let your users bring their own devices and allow them to separate their work and personal data and apps on them.
Apps and Data
Choose settings for apps and how users can share
Sharing
data, including settings for location sharing, screen captures, and more.
Users and Accounts
Let your users add or remove profiles and accounts to their device.
Networks section
Make changes to how the devices can access your company networks.
Device Features
Decide if you want your users to be able to access hardware features on their device, such as muting microphones and speakers, using the factory reset option, changing the time, and more.
3.
Click Save when you’re done.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
5
3.3
Apply iOS se ings 1.
From the Google Admin console, click Device Management.
2.
From the left-hand menu, click iOS Settings. Lock Screen
Allow users to see notifications, Today view, and Control Center if their screen is locked.
Managed Apps
Change settings for apps that you’ve whitelisted for your users. (They need to have downloaded apps after installing the Google Device Policy app.) Control which apps are used to open personal and corporate documents, allow iCloud® to store data, and more.
Account
Choose how and if users sync their data with
Configurations
iOS native apps, such as iOS Mail, iOS Calendar, and iOS Contacts.
Backup and
Allow users to automatically back up their device,
iCloud Sync
use keychain syncing, and more.
Safari
Choose if the Safari browser uses the autofill feature, warns users of unsafe sites, saves cookies, and more.
Photos
Decide if the photos in a user’s camera roll can sync to iCloud, and whether users can share albums and photos.
Advanced Security
Set up advanced options such as saving screenshots, using Siri, and more.
3.
Click Save when you’re done.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
6
4
(Optional) Approve your users’ personal devices As a G Suite Administrator, you can approve your users’ personal devices before they sync their work data on them. Your users are alerted that you have to approve their device. If you don’t turn this option on, personal devices are automatically approved. Your users can sync their work data immediately. Company-owned devices are already approved.
4.1
Set up device approval 1.
From the Google Admin console, click Device Management.
2.
From the menu on the left, click Setup.
3.
Click Device Approvals.
4.
Check the box by Require admin approval for device activation.
5.
(Optional) To be notified when a user enrolls their device, enter your email address.
6.
4.2
Click Save.
Approve devices 1.
From the Google Admin console, click Device Management.
2.
From the menu on the left, click Device approvals.
3.
Next to the device you want to approve, check the box next to its Device ID.
4.
Click Approve.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
7
5
Have your users enroll their devices Tell your users that you are managing their devices and to enroll them so they can sync their work data. Android users need to download the Google Apps Device Policy app so that you can manage the devices. Users with iOS devices will have to install the Google Apps Device profile. Get your users to enroll their devices and download G Suite apps.
© 2018 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043
8