Mobile Device Management

Google Apps Mobile Management: Org Settings

Editions Supported: Available only for Google Apps for Business, Education, and Government.

As an administrator, you can choose settings for mobile devices and optionally apply them to different groups of users. To access these settings:

  1. Sign in to the Google Admin console.
  2. Do one of the following:

Set mobile settings for organizational units

You can enforce the same mobile settings for your entire organization, or enforce specific mobile settings for different organizational units.

General Settings:

SettingWhat it does
Enable Android Sync for users
Allows Android users to sync to your domain (recommended).
If you only select this setting and not "Enforce policies on Android devices", Android devices will sync without the need to install Google Apps Device Policy, and the settings below (like requiring a password or encryption) will not be enforced on your users' devices.
Enforce policies on Android devicesEnabling this setting will require your Android users using 2.2+ to install and configure Google Apps Device Policy. Send this sample email to your users before enabling this setting. If the device doesn't meet your mobile settings, only Android Notification, Google Play, and Google Talk will work. Learn more about Device Policy Administration
Only enforce available policies on Android devicesOlder Android devices that don't have all of the configured policies available for their version of the Android OS will only have the available policies enforced.

For example, if you enable this setting and the encryption setting, then Android 3.0+ devices are required to have encrypted storage, while older devices will continue to sync with Google Apps without encrypted storage.
Users need to update Google Apps Device Policy app to the latest version within 30 days of its release.This setting is on by default and domains can't turn it off. All Android users in your organization need to upgrade to the latest version of Google Apps Device Policy within 30 days. This ensures that the latest security policies are enforced on your users' Android devices. Google will enforce this policy for all major releases and critical fixes.
Google Sync
Enable Google Sync for users
Allows users using iOS, Windows Phones and other devices using Google Sync to sync to your domain (recommended).
Note: If your user gets an error message saying "Invalid Password" when setting up Google Sync, they may have a weak password and are required to solve a CAPTCHA to sync their device with Google Apps. Learn more about Google Sync Known Issues.
Enforce policies on Google Sync devicesEnabling this setting will require that Google Sync devices meet your security policies before syncing with your domain. Learn more about Google Sync

Password Settings:

The following password settings are supported for Android users using the latest version of Device Policy, iOS, and Windows Phone devices.

SettingAndroid supportiOS supportWindows Phone support
Require users to set passwords on their devicesYesYesYes
Password strength
(Note: Windows Phone 7 and 7.5 support 'Standard' but not 'Strong')
Minimum number of charactersYesYesYes
Number of days before password expires3.0+YesYes
Number of expired passwords that are blocked3.0+YesYes
Automatically lock the device after:YesYesYes
Number of invalid passwords to allow before the device is wipedYesYesYes

Device Settings: 

Check the following table to determine which settings work with your users' devices.

SettingAbout this settingAndroid supportiOS supportWindows Phone support
Encrypt data on deviceEncryption setting varies by mobile operating systems. Note that this setting will not encrypt external/removable storage such as SD cards. Read Device Encryption below before enabling this setting.3.0+YesNo. See Encryption on Windows Phone below
Allow automatic sync when roamingAllowing the device to sync automatically when roaming can lead to increased data costs. When unselected, syncing must be done manually when roaming.NoYesWindows Phones don’t support this setting, but it needs to be enabled if you want to enforce policies on Windows Phones.
Allow cameraWorks for iOS and Android 4.0+4.0+YesNo, but "Allow Camera" needs to be enabled in order to enforce device policies on Windows Phones.

Advanced Settings:

Check the following table to determine which settings work with your users' devices. Android users must install the Google Apps Device Policy app for these settings to apply.

SettingWhat it doesAndroid supportiOS supportWindows Phone support
Enable application auditingAndroid users must install the Device Policy app to audit their apps in the Devices tab. Information is available for Android apps that access your user's Google Apps data.YesNoNo
Allow user to remote wipedeviceEnabling this setting will allow your Android users with the Device Policy app installed to wipe their own device from theirMy Devices page.YesNoNo
Enable device activationEnabling device activation will force the user to install the Device Policy app to sync with Google Apps. Devices needing approval will appear in the Activation tab.YesYesYes
Email address for sending device activation notifications: (optional)Enter an email address to receive notification emails when users first sync devices. If you don't enter an address, you won't receive an email, but their device will still appear in the Activation tab if you've checked Enable device activation.YesYesYes