Google MDM: What is it? How to Use it for Your Business?
Businesses embrace Google and the number has already exceeded three hundred million. The digit is surely not the ultimate number that people use Google for work. Particularly when it powers with the AI innovation, which is Duet AI (2023) the product, to bring the hottest technology into workplaces.
Productivity tools like Gmail, Calendar, Docs Editors and others are common to most people. However, Google for work does not end with these. As remote working becoming a mainstream mode these days, business owners show enthusiasm for mobile device management for the sake of security. And Google brings its MDM solution to respond to their enthusiasm.
Google Mobile Device Management is loved by many small and medium-sized companies, especially, by startups. Here we will take a deep-going look at Google MDM and see how to use it for your business.
- Part 1 :What is Google MDM? What Can You Do with It?
- Part 2 :What's the feature difference between Google basic and advanced mobile management?
- Part 3 :How to Set up Basic Google MDM and Enroll Enterprise Devices?
- Part 4 :How to Set up Advanced Google MDM and Manage Your Enterprise Devices?
- Part 5 :What Industries are Suitable for Using Google Mobile Device Management? And what are not?
Part 1: What is Google MDM? What Can You Do with It?
Does Google have a MDM? Yes, Google includes device management service in Workspace. But, what is it exactly? Google MDM is a service-like term to illustrate the solution of managing and monitoring endpoints in an administration panel. It enables companies to protect sensitive data with internal management and within one place.
Fall into operations. Which tool does Google Mobile Device Management specifically refer to?
Google Workspace is the answer you're looking for. Google Workspace MDM is more directed to the "Devices" feature in its Admin console. If you have signed in to Workspace, you will be given access to the console. And in the console, you're able to carry out your organization and management work, such as enrolling devices, monitoring event log, managing apps, and users, etc.
However, it should be pointed out that Workspace contains a series of tools and many of them are teamwork-convenient rather than controlling devices.
Then, what Google MDM features are contained in the Workspace Admin console? Or, more precisely, what can you do as an administrator in the panel and use Google for your business? Achievable operations are as follows:
Endpoint Management
- Support Android, iOS, MacOS, Windows, Chrome OS devices
- Enforce password requirements on managed devices
- Screen lock or remote wipe corporate data from devices
- Encrypt data stored in the device
- Disable USB and Wi-Fi configuration
- Automatic operations based on rules, such as add and block devices, remove employee's account and wipe data
- Set up networks for devices, such as Wi-Fi, VPN, and cellular
Other features associate with Google mobile device management:
App Management
- Create app lists to ensure that employees use safe resources
- Configure app settings
- Remove apps; delete apps automatically if employees remove accounts
- Control app installation permissions for device user
Security, Monitoring, and Report
- 2-Step Verification for Google account sign in
- Data Loss Prevention (DLP) policies for data in Google Drive, Gmail, and etc
- Device management rules for triggered events and automate actions
- Reports about device details, users' activities, app usages, etc.
Security is the highest concern when enterprises choose mobile device management services for unsafe circumstances that could happen out of expectation. For example, a BYOD device can become dangerous due to public network connection, malware installation, or loss. It could threaten corporated data safety.
To secure your company, the admin can make good use of the Google endpoint management features which are divided in to the basic ver. and the advanced ver. Let's see which one is suitable for you.
Part 2: What's the feature difference between Google basic and advanced mobile management?
Both are Google Workspace MDM built-in features to control the added devices for protection purposes. The differences lie in the control degree and the requirement of the device.
Key features include:
Features | Basic | Advanced |
---|---|---|
Security settings | ● Basic passcode enforcement, such as screen lock and password ● Device management rules for security alerts | ● Advanced passcode enforcement, such as screen lock, PIN, strong password; set password lifespan; block expired passwords; wipe device if password is not correct ● Device management rules for security alerts ● Polices to control camera usage and data encryption ● Android work profile ● Network management |
Device management | ● Endpoint verification ● Block devices ● Remote wipe account | ● Block and approve devices ● Remote wipe account and device ● Zero-touch enrollment ● Bulk enroll company-owned desktop and iOS devices |
App management | ● Downloadable app list for Android | ● Downloadable app list for Android and iOS ● App setting configuration, such as runtime permissions, force install, auto-update |
Device Requirement | Android 2.2+ iOS+ iPad OS 13.1+ | Android 6.0+ iOS 12.0+ iPad OS 13.1+ |
Advanced Google MDM has more features for enterprises than the basic one. Click here if you're interested.
Google provides four pricing plans starting from $6 per user per month for Workspace users. Notably, features of Advanced management are not open to Starter and Standard plan.
If you have a lower security need and have more interest in online teamwork, Basic management can meet most of your business demands. But, if you're looking for higher control or using company-owned devices, the advanced ver. is the one for you.
Part 3: How to Set up Basic Google MDM and Enroll Enterprise Devices?
By default, your organization has basic mobile device management (MDM) enabled. This feature provides essential tools for users to access their work accounts via mobile devices while enhancing the security of your organization's data.
Supported Devices
- Android devices
- iPhones
- iPads
Supported Pricing Plan Versions
- Frontline: Starter and Standard
- Business: Plus
- Enterprise: Standard and Plus
- Education: Standard, Plus, and Endpoint Management Upgrade
- Essentials: Enterprise Essentials, and Enterprise Essentials Plus
- G Suite: Basic and Business
- Cloud Identity: Free and Premium
Enabling Basic Mobile Device Management
If you previously disabled mobile device management, you need to re-enable it. Inform users that you will be managing their work devices and explain your password requirements.
- Step 1. Log in to your Google Admin Console
- Use your administrator account.
- Step 2. Navigate to Mobile Device Management Settings
- In the Admin console, click on the "Menu" icon, then go to Devices > Mobile and endpoints > Settings > General.
- Step 3. Enable Basic Mobile Device Management
- Click on General > Mobile Device Management.
- (Optional) To apply settings to a specific department or team, select an organizational unit from the sidebar.
- Choose Basic.
- Click Save. You can also apply settings to organizational units. To revert to inherited values later, click Inherit.
Customizing Basic Mobile Device Management
You can also Customize the Password Requirements and Managed Apps for Android Devices
1.Customize Password Requirements for Managed Mobile Devices, Please refer this.
2. Set Up Managed Apps for Android Devices, Please refer this.
If basic management does not meet your organization's security needs, you can use advanced mobile device management for additional security options and management tools, including app management and device auditing.
Part 4: How to Set up Advanced Google MDM and Enroll Enterprise Devices?
Applying Google Workspace MDM can bring you confidence in coordinating teamwork and reduce the risk of a data breach. It's worth noticing that the MDM provider supports company-owned devices like mobile phones, laptops, and desktops.
Because the basic management mode is a default setting which does not require additional tools installation, this guide will go with Google advanced mobile management. Now, time for practice.
Supported Pricing Plan Versions
- Frontline: Starter and Standard
- Business: Starter, Standard, and Plus
- Enterprise: Standard and Plus
- Education: Fundamentals, Standard, Teaching and Learning Upgrade, Plus, and Endpoint Management Upgrade
- Essentials: Essentials, Enterprise Essentials, and Enterprise Essentials Plus
- G Suite: Basic and Business
- Cloud Identity: Premium
- Step 1. Create an Admin Account to Log into Google Admin Console
- Find the official website of Google Admin. If you're a complete beginner, click "Get started" to get an account.
- You're asked to provide your brand name, employee number, region, email address, domain, company address, and credit card info for the account creation.
- Once you've finished, log in to the Admin console. And you will see the feature naviagation bar on the left of the panel - Home, Dashboard, Directory, Devices, Apps, Security, Reporting, Billing, Account, Rules. Here is the springboard for all operations of Google mobile device management, including device enrollment, setting configuration, app management, network management, and others.
- Step 2. Turn on Advanced Mobile Management
- Follow the direction to turn on: Devices > Mobile & endpoints > Settings > Universal settings > General > Mobile management.
- Then select Advanced.
- Step 3. Enroll Company-owned Devices (Android)
- An inventory of enrolled devices should be created. With it, you can view device details, such as the types and the device users.
- First, go to: Devices > Mobile & endpoints > Company-owned inventory.
- Click the '+' button and you will see the 'Import company owned devices' pop-up. Next, select the type of device, like Android, and then click 'Download import template.' After you complete the required info (e.g. device serial numbers), upload the file by clicking 'Upload File' > 'Import.'
- Step 4. Configure Settings for Android Mobile Devices
- Lastly, go to: Devices > Mobile & endpoints > Settings > Android to configure settings.
- These operations are available.
- General settings: Auto wipe, CTS Compliance, Application auditing, and User device wipe.
- Work profile: password.
- Apps and data sharing: Screen capture, Location sharing, Runtime permissions, USB file transfer, etc.
- Networks: Wi-Fi, VPN access, Tethering, Mobile networks, Bluetooth, etc.
- Device features: Trusted credentials, Microphone, Speaker,
Factory reset, Factory reset protection, etc. - Users and accounts: Add and remove users.
Part 5 : What Industries are Suitable for Using Google Mobile Device Management? And what are not?
Mobile devices represented by phones and tablets take more and more jobs in people's work. Hence, MDM solutions play a rising role to cope with the change. Google mobile device management, with a world-known logo, is an option listed at the top.
Together with a control center, Google Workspace has a toolset to support working remotely and simultaneously.
Here are some scenarios where Google MDM is suitable: education, government, sale team, and marketing team.
- Education: For instance, teachers and students can use Google Meet for online classes.
- Government: Government departments can support remote and synchronous work through Google Workspace. Google Drive makes it easy to keep and share files at anytime and anywhere during department cooperation or companies with overseas offices.
- Sales and Marketing Teams: If you're focusing on people-to-people interaction and collaboration, Google MDM will be an ideal choice for your business.
However, Google MDM service is limited by user quantity and features.
User Limitation: An admin can only add up to 300 users to his organization, which is not suitable for large-scale enterprises.
Missing Features: Plus, Google Workspace MDM does not have Kiosk mode, geofencing and remote control. It's quite different from other MDM software and prevents it from being applied to more industries.
Therefore, some industries that are not suitable for using Google MDM include:
- Retail & Service Industry:
Assuming you have to manage a great number of unattended devices to provide payment or consulting service, you will need the Kiosk mode feature to lockdown devices in a work-saving way. - Logistics & Transportation:
Geofencing, a feature for tracking location and geofence alerts, can help logistics companies to monitor mobile devices used by drivers. - IT, MSP & Hardware:
Those industries will need remote control to make troubleshooting easier.
By contrast, in addition to the mentioned, MDM providers like Airdroid Business offer more functions. As an example, Airdroid Business is available for:
- Black Screen Mode - allows IT admin to maintain a device invisibly
- Kiosk Mode - support Single-app Mode, Multi-app Mode, and system settings
- Kiosk Browser - block access to unsafe websites, safeguards user privacy with the incognito mode and auto-clearing caches
- Policy template - choose configured template provided by Airdroid Business to manage devices immediately
- App management - install, uninstall, update apps easily and manage apps from Google Play Store or created private app store
- File management - transfer or delete files in bulk and in multiple endpoints via TLS encryption
AirDroid Business - Android Device Management
AirDroid Business is an Android device management solution that can be used to enroll, manage, and monitor large fleet devices. With the centralized platform, organizations are able to deploy smartphones, tablets, rugged devices and others dedicated devices like kiosks and digital signage.
It's available for Cloud Deployment & On-Premises Deployment.
Key features include: remote access & control, Google Play apps & enterprise's apps management, policy, single & multi-apps kiosk mode, alerts & automated workflows, geofencing & location tracking, file transfer, notification, user management, reports, etc.
You may ask:
If you want to disable Google MDM as an administrator, you will need to log in Admin console for Google Workplace. Open the Menu and go to Account > Account settings > Account management. Click Delete Account and you will no longer enter Workspace.
If you want to disable your device from Google MDM, you will need to ask the admin to wipe your user account in the Admin console and delete Google Device Policy app. Once it has been done, you can end the connection with the organization.
Leave a Reply.