Enterprise IT has come a long way in recent years, and the days of running businesses solely from desktop computers have certainly passed. Laptops are, of course, still incredibly popular and are arguably the dominant device for most organisations. However, mobile devices are still on the rise, and thanks to advancements in technology, certain users can now achieve most of their work on their mobile phones.
These devices, whether they belong to the company or to the user, bring their security risks and must be managed appropriately. Therefore, it’s important for organisations to enforce strong policies on how these devices are used in the workplace, as well as have contingencies in place if these devices are lost or stolen while storing sensitive company data.
Thankfully, Workspace comes with Mobile Device Management (MDM) built-in, allowing organisations to easily manage all devices, ensure all users have access to the right apps and keep company data secure.
Google Workspace Mobile Device Management
Some of the stand-out policies and features available within Worksapce's MDM include;
- Enforce password policies
- Enforce 2-factor authentication
- Require screen locks
- Remotely wipe corporate data
- Automatically roll out work apps
- Track mobile usage and trends
You can roll out the applications your organisations require from Google Play or Apple’s App Store. As soon as your employee’s device has been enrolled, all Wi-Fi and email configurations, including server-side certificates, are pushed to the device instantly.
Bring your own device (BYOD)
More and more employees are deciding to bring their own personal devices to work. Workspace MDM makes it easy to keep your organisation’s data safe while letting employees use their favourite devices.
Android phones can separate your business applications from users’ personal apps, allowing employees to use their favourite devices at work and at home. You can also set up company-owned devices with some additional security settings. Cobry is, of course, happy to assist organisations with any elements of Mobile Device Management.
Basic Mobile Management
To start using Basic MDM, users can simply sign into their business account on their mobile device - no additional installations or configurations are required.
Basic mobile management can be used for simple policies like enforcing passwords to keep data safe. Admins can also remote wipe any corporate data from registered devices if they were to be lost or stolen. You can also keep track of all the devices that have access to corporate data from the Admin console in Google Workspace.
Advanced Mobile Management
For organisations looking to utilise Advanced Mobile Management for more in-depth controls, you must first get in touch with your Workspace admin or Google Cloud Partner (if you do not have a Google Cloud Partner, we're here!) to activate the advanced options. Depending on the types of devices, admins will have to turn on Android App Management and also install an Apple Push Certificate.
Once this is complete, users can sign in to their Google Workspace account from their mobile device. Android users can access and install your company's pre-approved apps from the Work Apps tab in the Google Play Store.
Device approvals can also be set up so that an administrator has to approve user requests to access corporate data. This is only required once per device.
With Advanced Management, you can:
- Separate work and personal data on Android devices
- Control the apps that are installed on devices
- Apply policy settings
- Get reports
- Approve/block devices
- Wipe entire devices
- If you choose this option, your users will have to enroll their devices.
- For Android devices, users must download the Google Apps Device Policy app.
- For iOS devices, users must download the Google Device Policy app so you can manage the device.
Apple Push Certificate
To use advanced mobile management with iOS® devices, admins must use an Apple Push Certificate. This certificate creates a trusted connection between the devices and your Workspace domain, which must be renewed annually.
If you have iOS devices that are already signed into your account and are synchronizing data, they will receive a notification to install the Google Device Policy profile. This ensures that the device is following all of the custom policies that have been created. Devices that aren’t will lose the ability to sync with your organisation’s account until they become compliant.
For every new device to be enrolled for advanced mobile management, you will need to install the Device Policy profile to ensure compliance and gain access.
Mobile Device Management Tips
- Let your team know the mobile device policies that have been put in place.
- Communicate that enrollment is required for devices to be active.
- Set up advanced mobile management for a wider range of device settings and policies.
- Encourage users to create work profiles in Android so they can keep their personal data separate from work data.
- Encourage iOS users to download the Google Device Policy.
- Choose the option to approve devices before users can download data and sync to Workspace.
- Set up alerts for events like device-setting changes or suspicious activity.
- Whitelist apps that your users will find useful for work.
Help with Mobile Device Management
As official Google Cloud Partners, Cobry has deployed Google Workspace and configured Mobile Device Management for organisations of all shapes and sizes throughout Scotland and across Europe. If your organisation is considering making the move to Workspace or has already set up their account but would like some help with Mobile Device Management or other aspects of Workspace, pop your email below, and we'll help you out!