As an administrator, you can choose settings for mobile devices and optionally apply them to different groups of users. To access these settings:
- Sign in to the Google Admin console.
- Do one of the following:
- In the classic Admin console, click Settings > Mobile > Org Settings.
- In the new Admin console, click Google Apps > Mobile > Device management settings.
Where is it? Which Admin console do I have?
Set mobile settings for organizational units
You can enforce the same mobile settings for your entire organization, or enforce specific mobile settings for different organizational units.
General Settings:
Setting | What it does |
---|---|
Android Enable Android Sync for users | Allows Android users to sync to your domain (recommended). If you only select this setting and not "Enforce policies on Android devices", Android devices will sync without the need to install Google Apps Device Policy, and the settings below (like requiring a password or encryption) will not be enforced on your users' devices. |
Enforce policies on Android devices | Enabling this setting will require your Android users using 2.2+ to install and configure Google Apps Device Policy. Send this sample email to your users before enabling this setting. If the device doesn't meet your mobile settings, only Android Notification, Google Play, and Google Talk will work. Learn more about Device Policy Administration |
Only enforce available policies on Android devices | Older Android devices that don't have all of the configured policies available for their version of the Android OS will only have the available policies enforced. For example, if you enable this setting and the encryption setting, then Android 3.0+ devices are required to have encrypted storage, while older devices will continue to sync with Google Apps without encrypted storage. |
Users need to update Google Apps Device Policy app to the latest version within 30 days of its release. | This setting is on by default and domains can't turn it off. All Android users in your organization need to upgrade to the latest version of Google Apps Device Policy within 30 days. This ensures that the latest security policies are enforced on your users' Android devices. Google will enforce this policy for all major releases and critical fixes. |
Google Sync Enable Google Sync for users | Allows users using iOS, Windows Phones and other devices using Google Sync to sync to your domain (recommended). Note: If your user gets an error message saying "Invalid Password" when setting up Google Sync, they may have a weak password and are required to solve a CAPTCHA to sync their device with Google Apps. Learn more about Google Sync Known Issues. |
Enforce policies on Google Sync devices | Enabling this setting will require that Google Sync devices meet your security policies before syncing with your domain. Learn more about Google Sync |
The following password settings are supported for Android users using the latest version of Device Policy, iOS, and Windows Phone devices.
Setting | Android support | iOS support | Windows Phone support |
---|---|---|---|
Require users to set passwords on their devices | Yes | Yes | Yes |
Password strength (Note: Windows Phone 7 and 7.5 support 'Standard' but not 'Strong') | Yes | Yes | Yes |
Minimum number of characters | Yes | Yes | Yes |
Number of days before password expires | 3.0+ | Yes | Yes |
Number of expired passwords that are blocked | 3.0+ | Yes | Yes |
Automatically lock the device after: | Yes | Yes | Yes |
Number of invalid passwords to allow before the device is wiped | Yes | Yes | Yes |
Device Settings:
Check the following table to determine which settings work with your users' devices.
Setting | About this setting | Android support | iOS support | Windows Phone support |
---|---|---|---|---|
Encrypt data on device | Encryption setting varies by mobile operating systems. Note that this setting will not encrypt external/removable storage such as SD cards. Read Device Encryption below before enabling this setting. | 3.0+ | Yes | No. See Encryption on Windows Phone below |
Allow automatic sync when roaming | Allowing the device to sync automatically when roaming can lead to increased data costs. When unselected, syncing must be done manually when roaming. | No | Yes | Windows Phones don’t support this setting, but it needs to be enabled if you want to enforce policies on Windows Phones. |
Allow camera | Works for iOS and Android 4.0+ | 4.0+ | Yes | No, but "Allow Camera" needs to be enabled in order to enforce device policies on Windows Phones. |
Advanced Settings:
Check the following table to determine which settings work with your users' devices. Android users must install the Google Apps Device Policy app for these settings to apply.
Setting | What it does | Android support | iOS support | Windows Phone support |
---|---|---|---|---|
Enable application auditing | Android users must install the Device Policy app to audit their apps in the Devices tab. Information is available for Android apps that access your user's Google Apps data. | Yes | No | No |
Allow user to remote wipedevice | Enabling this setting will allow your Android users with the Device Policy app installed to wipe their own device from theirMy Devices page. | Yes | No | No |
Enable device activation | Enabling device activation will force the user to install the Device Policy app to sync with Google Apps. Devices needing approval will appear in the Activation tab. | Yes | Yes | Yes |
Email address for sending device activation notifications: (optional) | Enter an email address to receive notification emails when users first sync devices. If you don't enter an address, you won't receive an email, but their device will still appear in the Activation tab if you've checked Enable device activation. | Yes | Yes | Yes |