Mobile Device Management with Google G Suite

by DEBASISH


September 12 , 2017

Introduction

M obile Device Management (MDM), is a software which deploys a set of policy and access control to the organisation mobile devices for secure and safe usages of the organisation data and applications. Many of the market leader companies are taking this service for their employees and staffs to make a secure communication and to keep all the mobile device policies in control.


Devices, which are included in this Mobile Device Management service, will be using the policies which are provisioned by their company. Moreover, Here the companies imposing some access controls to their company mobile devices.


Google G Suite Configuration

Before moving forward, we need to have a Google administrator account which can be created at Google Admin Console. It’s not your regular Google account, you usually logged in to your account to do some stuffs like emails, drive, you tube etc. This a account can be created by taking some of your details and about your company. This is actually a administrator account from Google.


Once you are done with the Google administrator account setup, you need to create users for your company. Here, Google will provide an email address which, you need to sent to your company employee. Employees can make a log in to their mobile devices using this email address.


MDM Configuration and Access controls

Following are the controls that we can deploy to the mobile devices, Adding of the email in the mobile device :-


This is a email setup, which is same as the normal Google email setup to the android devices. We need to add the email as the user id purpose, which will sync all the configuration to the mobile devices from the Google admin console.


Creating the work Profile along with personal data

There are 3 modes for configuring the work profile :-


  • User opt-in - Here we will get a option to make the android device with two profile, personal and work profile. So, the user will get a chance to user both the profiles.
  • Enforce - Here we will get a option to make the device as Company Owned. Which means the company profile will be sync and all the personal data will be removed.
  • Disable - Here, we will not get a option of the work profile to choose. So, We are using the Enforce work profile configuration. So, all the devices will be controlled from the admin console.


Registering the device with company domain

We need to register all the devices, with the company domain email. So, that we will sync all the configuration from the Google admin console. While doing the email setup in the mobile, you need to choose the option such that the device is belong to the company only.


Here, the company admin will get a chance to make the personal devices to company owned device. User devices also have two profiles, personal and company profile. Where user can have two flavours personal as well as company owned profile.


Restricting the user to add other google accounts


In the admin console we need to restrict the organisation users to add other accounts to their mobile devices and we can also deploy the same changes to all the organisation devices.


By adding a new google account into the device, user will be able to access the stuffs which are restricted in the organisation devices. So, For better security and access, this feature need to restricted.


Configuring of the apps in the play store


This is the most valuable feature in the Google admin console. The admin can restrict the app access and availability in the play store. Here, we are doing some tricks in the play store app. We are making those apps available, which are authorized by the organisation. So user can’t find the app in the play store which is not authorized by the organisation.


Here, we can also restrict app installs from unknown sources. So that means user will be installing the apps from play store only.


Restrict the users to uninstall the organisation approved apps

In the admin panel we need to impose the restriction for some apps, so that the user will not be able to uninstall them. The organisation is tracking the user's activity through this applications and user should not get a chance to uninstall them.


The organisation is also keeping track of all the data their employees using in their mobile devices. So, uninstalling a app from the mobile device will make a difference here.


Deploying of the policy and access control to the devices

Deploying of the policy and access control is taken place in wireless update or sync. The Google Device Policy app will update and sync all the changes that were configured or changed in the admin console.


Some changes like, allowing a app to organisation users will taken place immediately but enabling and disabling some services like changing the work profile mode takes around 24 hours to propagate.


Uninstalling of the preinstalled apps from the device

We need to uninstall all the pre installed apps from the user's device, as we are restricting the user not to use apps other than organisation approved. You need to take of the pre install apps, by uninstalling them from the devices.


Configuration Deployment to the specific Device or User

We can deploy the configuration to specific user by creating an organisation under your domain in the user section. Configurations can deployed to the specific group of users by creating an organisation.


The deployment strategy for the devices can be scheduled to a particular time frame.


Additional Feature can be deployed to the Mobile Devices

All these configuration and access controls can be performed in the admin console and deployed to all the devices with in 24 hours.


  • Can restrict the user to take screenshot from the apps
  • Can restrict the user to use camera
  • Can restrict the user to share location
  • Can restrict the device passwords length and the password patterns
  • Can restrict the user screen lock time
  • Can wipe the user device remotely
  • Can hide the notification contents in the lock screen
  • Apps can only be installed from play store - Company Owned Devices only
  • Can restrict the USB transfer
  • Can restrict the bluetooth and hotspot configuration
  • Can restrict the user add and remove to the device
  • Can restrict the speaker volume

Blogger

DEBASISH


Service Delivery Specialist, digital marketing specialist, Specializing in brand awareness and social media for Startups and large enterprises. Helps organizations website design company achive their business goals through social media planning and execution, Consulting Web Technologies, Mobile Future as well as on the good-and-bad of tech. Blogger, Customer Success Management Experience. And top of all - A complete tech learner

Leave a reply