M obile Device Management (MDM), is a software which
deploys a set of policy and access control to the organisation mobile devices for secure and safe usages of the
organisation data and applications. Many of the market leader companies are taking this service for their employees and
staffs to make a secure communication and to keep all the mobile device policies in control.
Devices, which are included in this Mobile Device Management service, will be using the policies which are provisioned
by their company. Moreover, Here the companies imposing some access controls to their company mobile devices.
Google G Suite Configuration
Before moving forward, we need to have a Google administrator account which can
be created at Google Admin Console. It’s not your regular Google account, you usually logged in to your account to do some
stuffs like emails, drive, you tube etc. This a account can be created by taking some of your details and about your
company. This is actually a administrator account from Google.
Once you are done with the Google administrator account setup, you need to create users for your company. Here, Google
will provide an email address which, you need to sent to your company employee. Employees can make a log in to their mobile
devices using this email address.
MDM Configuration and Access controls
Following are the controls that we can deploy to the mobile devices, Adding of
the email in the mobile device :-
This is a email setup, which is same as the normal Google email setup to the android devices. We need to add the email
as the user id purpose, which will sync all the configuration to the mobile devices from the Google admin console.
Registering the device with company domain
We need to register all the devices, with the company domain email. So, that we
will sync all the configuration from the Google admin console. While doing the email setup in the mobile, you need to
choose the option such that the device is belong to the company only.
Here, the company admin will get a chance to make the personal devices to company owned device. User devices also have
two profiles, personal and company profile. Where user can have two flavours personal as well as company owned profile.
Restricting the user to add other google accounts
In the admin console we need to restrict the organisation users to add
other accounts to their mobile devices and we can also deploy the same changes to all the organisation devices.
By adding a new google account into the device, user will be able to access
the stuffs which are restricted in the organisation devices. So, For better security and access, this feature need to
Configuring of the apps in the play store
This is the most valuable feature in the Google admin console. The admin can
restrict the app access and availability in the play store. Here, we are doing some tricks in the play store app. We are
making those apps available, which are authorized by the organisation. So user can’t find the app in the play store which
is not authorized by the organisation.
Here, we can also restrict app installs from unknown sources. So that means user will be installing the apps from play
Restrict the users to uninstall the organisation approved apps
In the admin panel we need to impose the restriction for some apps, so that
the user will not be able to uninstall them. The organisation is tracking the user's activity through this applications
and user should not get a chance to uninstall them.
The organisation is also keeping track of all the data their employees
using in their mobile devices. So, uninstalling a app from the mobile device will make a difference here.
Deploying of the policy and access control to the devices
Deploying of the policy and access control is taken place in wireless
update or sync. The Google Device Policy app will update and sync all the changes that were configured or changed in
the admin console.
Some changes like, allowing a app to organisation users will taken place
immediately but enabling and disabling some services like changing the work profile mode takes around 24 hours to
Uninstalling of the preinstalled apps from the device
We need to uninstall all the pre installed apps from the user's device, as
we are restricting the user not to use apps other than organisation approved. You need to take of the pre install apps,
by uninstalling them from the devices.
Configuration Deployment to the specific Device or User
We can deploy the configuration to specific user by creating an organisation
under your domain in the user section. Configurations can deployed to the specific group of users by creating an
The deployment strategy for the devices can be scheduled to a particular