Businesses using Google Mobile Management and other Enterprise Mobility Management (EMM) providers can publish Android apps customized for their workplace directly to their managed Google Play store, where their employees can easily access and install them. In some cases, these customers have set up multiple “organizations” within their domain (e.g. to serve different regions, for testing purposes, etc.), each of which needs access to the custom app. To meet this need, we recently made it possible to publish a single private app to up to 20 organizations. This has several advantages:

1. Developers can publish apps to domains other than their own (including developers with personal @gmail.com accounts).
2. Developers no longer need to be admins of the organizations they’re publishing to.
3. Businesses can more easily delegate app publishing to third-party developers.
4. Private app publishing remains secure, because the developer must have the target organization’s Organization ID and an admin must approve any apps targeted to their organization.

For more information, please see the Help Center.

Launch Details
Release track:
Available to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Impact:
All end users

Action:
Change management suggested/FYI

More Information
Help Center: Publish private apps


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

As a G Suite admin, you can use Google Mobile Management to manage, secure, and monitor mobile devices in your organization. Additionally, if you provide your employees with devices, you can apply policies that regulate app installation, network settings, security options, and more.

If you have Advanced management enabled, you can set up Android devices* your company owns in one of two ways. (1) You can add devices in the Admin console, automatically assigning their ownership to your organization, or (2) you can allow individual users to assign ownership of their devices to your organization when they set them up. If you choose the second option, those users will see changes to their setup flow starting on February 12th, 2018. (*These devices must be running Android 6.0 or higher.)

Currently, when a user with a brand new Android device (or one that’s recently been factory reset) adds their G Suite account to that device before adding their personal account, they have to check a box to assign device ownership to their organization. (If they add their personal account first, then they’re prompted to set up a work profile when they add their G Suite account later on.) We’ve learned that some users skip checking the box to assign device ownership, even if their phone is company-owned, resulting in a fragmented management experience.

To encourage more users to make the correct selection, we’re changing the language and option on this screen. Starting on February 12th, 2018, users will be asked if they own the device they’re setting up. Unless they explicitly state that they own the device personally, ownership will be auto-assigned to your organization. Again, this will only occur when a user adds their G Suite account to a device before adding their personal account.

We hope this will result in fewer company-owned devices that are incorrectly set up and an improved mobile management experience.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release on February 12th, 2018

Editions:
Available to all editions except G Suite for Education

Rollout pace:
Extended rollout (potentially longer than 15 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

More Information
Help Center: Get started with Google Mobile Management
Help Center: Set up Android devices your company owns


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Update (January 25, 2018): In response to your feedback, we’re rolling this feature back and will re-launch once we’ve made some improvements. Please stay tuned to the G Suite Updates blog to learn when the feature is once again available.

---

The Google Apps Device Policy app enforces your organization’s security policies on employees’ managed Android devices, protecting them and making them safer. If a security policy is violated, it’s especially important to ensure that corporate data isn’t accessible on that device until it’s once again compliant.



With that in mind, the Device Policy app will now disable access to non-critical apps* on any work profile or company-owned Android device that it determines is non-compliant. Users will see a notification informing them that their device violated a security policy and some apps may be disabled. Those apps will be re-enabled when their device complies with all of the organization’s security policies.

*Non-critical apps are any apps that aren’t required for a device to function. For example, Dialer is a critical app, but Gmail is a non-critical app.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

More Information
Help Center: Protect corporate data on mobile devices
Help Center: Mobile audit log
Help Center: Automate mobile management tasks with rules
Help Center: Use the Google Apps Device Policy app on an Android device
Help Center: Assist users of managed Android devices


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Google Mobile Management allows G Suite admins to control access to company data on managed devices directly from the Admin console. With this launch, we’re giving admins increased power to protect their organizations’ data by preventing their users from syncing corporate data on jailbroken iOS devices.

Admins can enable this feature in the Admin console under Device Management > Advanced Settings > Security. Note that this feature is off by default and requires an organization to have Advanced Mobile Management for iOS enabled in order to turn on.


For this setting to work, users need to have the Google Device Policy app installed. Once the feature is turned on, users who don’t have the Device Policy app on their device will be prompted to install it. Once installed, the app will check if the device is jailbroken regularly, and notify the user if they pass or fail that check.


This setting should help G Suite admins and end users keep their organization’s data secure. For more details, visit the Help Center.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Extended rollout (potentially longer than 15 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Apply advanced settings


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

System apps are those apps that come preinstalled on Android devices, like Clock and Calculator. Many of these apps can’t be uninstalled and aren’t available in the Play Store for management. We want to give G Suite admins greater control over these system apps, so we’re introducing settings in the Admin console to:

• enable all system apps,
• disable all system apps,
• enable select system apps, or
• disable select system apps.

These settings will only apply to system apps on company-owned Android devices (i.e. Android devices in Device Owner mode). At launch, by default, all system apps will be enabled.


For more details on how to use these features, check out the Help Center.

IMPORTANT: These settings launched in the Admin console on October 31st, but they will not take effect for end users and devices until November 14th. If you’d prefer to disable some or all system apps, we recommend doing so before the settings take effect.

Launch Details
Release track:

• Admin console settings launching to both Rapid Release and Scheduled Release on October 31st, 2017
• End user impact launching to both Rapid Release and Scheduled release on November 14, 2017

Editions:
Available to all G Suite editions

Rollout pace:

• Full rollout (1–3 days for feature visibility) for Admin console settings
• Gradual rollout (up to 15 days for feature visibility) for end user impact

Impact:
Admins and end users

Action:
Admin action suggested/FYI

More Information
Help Center: Set up mobile device management
Help Center: Manage apps on mobile devices


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Update (June 9, 2020): The information in this post is outdated and WearOS is no longer supported by Google endpoint management (formerly known as Google Mobile Management). Use our Help Center to get the latest information on device requirements for Google endpoint management. 

---

When we launched Android Wear 2.0, we launched more than a platform for notifications on a watch—we launched an extension of your phone. With Android Wear 2.0, you can write emails, manage calendar appointments, chat with coworkers, make calls, and more.

As a G Suite administrator, we believe that you should be able to manage any device—not just smartphones and tablets, but watches as well. That’s why we’ve made it possible to manage Android Wear 2.0 devices with Google Mobile Management. Now you can enforce policies (like requiring a PIN or a password) and remove corporate data if a user’s Android Wear 2.0 watch is lost or stolen.


If you’re already managing devices with Google Mobile Management, there’s nothing more you need to do. If an employee adds her corporate account to a watch with Android Wear 2.0, she'll be automatically prompted to download the Google Apps Device Policy app and set up her watch accordingly.

If you’re not managing devices with Google Mobile Management, we’ve now made it easier than ever. Check out our guide on the Help Center for steps to get started.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Manage your business's mobile devices
Help Center: Set up mobile device management automatically
Help Center: Get G Suite apps on your Android Wear smartwatch


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Protecting your organization’s data should be easy, regardless of what device your employees use. This is especially true if many of them use mobile devices at work. Today, we’re introducing new device rules for Mobile Management that provide better proactive management of mobile devices within your domain.

G Suite admins can now define custom rules that trigger on device events, and have associated actions. When an event specified in a rule occurs on a device within your organization with a G Suite Enterprise license, the corresponding action you have set will automatically be executed by Mobile Management.




Some examples of event/action-based rules you can set include:

• Approve select mobile devices at the time of device enrollment.
• Block access to corporate data if user installs a specific app.
• Block access to/Account wipe the device if user has more than five failed screen unlock attempts.
• Block access to/Account wipe the device if there is suspicious activity found on the device.

If you’re looking for a device rule that isn’t covered in an existing template, you can customize your own rule. Previously, you would have needed to create a custom script and leverage our APIs to automate any mobile device actions.



Our goal with this launch is to automate the manual, repetitive tasks you often execute as mobile administrators while also keeping your organization’s data protected. Get started today with the instructions in this Help Center article.

Launch Details

Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to G Suite Enterprise editions only

Rollout pace:
Gradual rollout (up to 15 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Automate Mobile Management tasks with rules

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Making work profiles the default enrollment option for Android devices

To ensure a BYOD policy that is end-user friendly without sacrificing corporate security, we would like to encourage Google Mobile Management customers to employ a mobile policy that keeps personal and corporate data safe.

To that end, starting with Google Apps Device Policy v7.55 and above, the default enrollment process will utilize a work profile for those customers that have enabled Android at work and are whitelisting apps in managed Play, and for those devices that do support work profiles.




Enrolling a corporate account allows your end users to access the managed Play store for curated and whitelisted apps, and provides a clear separation between corporate data and personal data to ensure that IT does not accidentally remove personal data from the device.

Your users will still be able to opt-out of using a work profile and continue with the previous method of enrollment, if your corporate policy allows this.

For more details on whether this change will apply to your organization, or if you would like details on how to prevent work profiles from being used in your mobile deployments, please see the FAQs below and refer to the Help Center.

This change will start rolling out on June 5, 2017 along with the release of Google Apps Device Policy app v7.55+.



Will this enrollment change be the default for all Google Mobile Management customers?

No. This change will only apply to your organization under the following conditions:

• Your organization is using Google Mobile Management for Android (more details)
• Android advanced management has been enabled for the entire organization, or organizational unit (more details)
• Your organization has whitelisted Android apps in the managed Play store (more details)

This change will also only be shown to your users under the following conditions:

• The Android device to which your user is adding their account supports work profiles
• The Google Apps Device Policy app that is being used for enrollment is version 7.55+

How do we know if the Android device supports work profiles?

Android work profiles are supported on Lollipop (5.1), Marshmallow (6.0), and Nougat (7.0) devices, and any yummy future versions of Android. If you are looking to purchase new devices, please see the recommended list of Android Enterprise devices, or contact the OEM manufacturer of the device you are interested in.

Our organization currently does not use work profiles, what are the advantages of using a work profile?

We recommend work profiles for several reasons:

• End users can use one Android device and keep corporate data and personal data separate
• Administrators can curate and whitelist applications that are needed for corporate use
• IT administrators cannot erase personal emails, photos, or other personal data; they can only wipe the content within the work profile itself

For more details on work profiles and Android within the enterprise, please refer to the Android at work home page.

We provide our employees with Company Owned Android devices. Does this change impact us?

No. If you are already using Company Owned devices within Google Mobile Management, then this change will not be relevant to those devices. This change only applies to personal Android devices.

We are upgrading our mobile deployment at the moment. Can we opt out of this change?

Yes you can disable this feature immediately (without waiting for the new version of the Google Apps Device Policy app to be available).

To do this, follow these steps:

• Log in to Admin Console
• Click on Device Management
• Go to Android Settings > Work Profile and set the Work Profile Setup field to be “Disable”

Note that this will prevent any user from enrolling in a work profile, and we encourage you to view the benefits of using work profiles in your organization as a way to keep corporate and personal data separate.

Can my users access their corporate apps without a work profile?

Yes. However, if your user has a device that supports a work profile, but does not use a work profile, they will not be able to access the managed Play store from their Android device. Thus these users will not be able to see the recommended apps that have been whitelisted for their organization.

For more details on how users with legacy Android devices can access work apps, please see the following announcement: Users with legacy Android devices can now access work apps in Google Play


Launch Details

Release track:
Launching to both Rapid release and Scheduled release on June 5

Editions:
Available to all G Suite editions

Rollout pace:
Extended rollout (potentially longer than 15 days for feature visibility)

Impact:
End users who are setting up eligible Android devices and whose organization policies allow it.

Action:
Change management suggested/FYI

More Information
Help Center: What is a work profile?

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates