Administrators in charge of Google’s G Suite range of productivity applications now have a new way of managing personally-owned iOS devices in the enterprise.
Google this week introduced what it described as an agentless way to manage personal iPhones and iPads being used to access enterprise applications and data.
Google’s new Basic Mobile Management option for iOS is different from other Enterprise Mobility Management (EMM) tools in that it lets administrators manage iOS devices without requiring users to install a profile or an agent on their devices first, the company said.
It also eliminates the need for administrators to deploy and renew Apple’s so called Push Certificate, a mechanism that is used to establish trusted connections between an iPhone or iPad and an enterprise domain.
“Basic Mobile Management allows administrators to mandate basic security on iOS devices without requiring users to install an MDM [Mobile Device Management] profile,” Google said in announcing the new option on the company’s G Suite Updates blog this week.
The option allows administrators to enforce several basic security policies pertaining to personal device use in the enterprise.
For instance, the Basic Mobile Management mode gives administrators the ability to enforce screen locks or passwords to ensure devices are properly secured. Administrators can use the feature to define and enforce password type and strength, specify the minimum or maximum number of characters and the expiration period for passwords. They can also use the capability to do factory resets after too many failed login attempts.
The new management feature gives administrators some leeway in what they can erase on a user device. For instance, they can use the feature to enforce policies for remotely erasing all data on a user’s iOS device if stolen or lost. Or they can use it to ensure that only G Suite data is wiped clean if a device goes missing.
Another feature that Google’s new agent less MDM option supports is the ability for administrators to view all active devices on their domain. They can use the feature to search for devices that met a common set of rules, check for recent device activity or view general device information.
The Basic Mobile Management option makes personal mobile device use a little easier from the user standpoint as well. In organizations where administrators have enabled the agentless capability, iOS users will be able to set up corporate accounts on their devices just as easily as they would their personal accounts, Google said without describing exactly how.
Enterprises that want to enable stronger mobile device management capabilities like additional user restrictions, auditing, and application management will continue to need to use Google’s Advance Mobile Management option.
In addition, Google also offers a custom mobile device management option that enterprises can use to implement and enforce polices specific to their environment.
The new basic agentless management capability is currently available only for iOS devices. Android users will need to continue to install Google’s Device Policy application on their smartphones and tablets even in environments where administrators might be using Basic Mobile Management to manage iOS devices, according to Google.