On September 16, 2019, we’ll begin gradually rolling out a new Android management system called “Android Management API.” Apps managed through the new system will also use a new on-device management client, Android Device Policy, which will replace the existing Google Apps Device Policy client.
While the new client has mostly similar features, there are some differences in management and usage that will impact G Suite admins and end users. The changes will make it easier for admins and users to set up and manage Android devices for work.
You will receive an email notification before it impacts your domain
The rollout will be conducted in stages, and could take several months to reach all domains. We will email your organization’s primary admin around 3 weeks before it will reach your domain with more specific dates for deployment.
See below for more details about the changes.
Admins and end users
Why you’d use it
The new client will have closer ties to the Android infrastructure, allowing us to quickly add new features and more easily develop updates for increased security. It will also provide a more seamless experience for end users, with fewer apps to manage and more integrated functionality.
How to get started
- Admins: Familiarize yourself with the changes outlined in this post, including the additional details section below. Let your users know about the changes they can expect.
- End users: No action needed.
Devices that will use the new Android management client
Once this change has been deployed to your domain, newly registered devices that meet the following requirements will be automatically managed using the Android Management API:
- The device is using Android M or above.
- The device supports a work profile and company-owned (fully managed) device mode.
- The user account is under advanced mobile device management.
This will not impact previously enrolled devices; they will still be managed through the legacy Android management client.
How managing devices is different with the new client
In the Admin console, most of the functionality will remain the same. All devices will be displayed and managed through the same interface at Admin console > Device management.
There will be some changes, however, for devices managed through the new client.
The following features will not be supported:
- Device admin mode
- Option to disable Work Profile setup (If you don’t want to use Work Profiles in your organization, you can instruct your users to set up devices without enabling the feature)
- Wipe Account for company-owned devices or devices in fully managed device (device owner) mode (Wipe Device will still be available)
The following new features will be available:
- Zero-touch enrollment
- Always-on VPN
- Lock screen controls to help admins control which lock screen features are allowed
- CTS-incompliant devices blocking
The following features will change:
- If you manually choose to Wipe Device, you’ll have a new option to either retain the factory reset protection settings or clear them along with the complete wipe.
- The Auto account wipe setting will perform Wipe Device for devices in fully managed device (device owner) mode. In addition to being applied when devices fall out of sync, Auto account wipe will be triggered when devices fall out of some policies (for instance, when a more restrictive passcode policy has been enforced by the admin). In both cases, the user will be given a grace period and notifications to correct the issue prior to the wipe taking place.
- Device management rules will initiate a device wipe instead of an account wipe for devices in fully managed device (device owner) mode.
You can see which client is managing a device in the Admin console at Security details > User agent. Devices using the legacy client will have a version of Google Apps Device Policy, while devices using the new client will have a version of Android Device Policy. Use our Help Center to learn how to view mobile device details.
How using a device is different with the new client
The main end-user visible changes include the following:
- Users will have an updated enrollment experience.
- After the new version is deployed, users will no longer see a Device Policy app in their app drawer. The new management system and Android Device Policy app will be integrated with Android for a more seamless experience.
- Users won’t be able to use My Devices to manage their device (for the time being, they can use Find My Device).
- If your organization enforces a strong password, the password will require a symbol in addition to the letter and number previously required.
Users will experience a slightly different setup flow when registering new devices.
Migrating from the legacy system to the Android Management API
Once this change has been deployed to your domain, you can manually migrate users and devices to the new Android Management API in the following ways:
- Factory reset and re-register any eligible device.
- Provide a new device and register it.
In the future, we’ll add options and tools to help you migrate existing devices to use the Android Management API. Check out the G Suite Updates blog for the latest changes and migration updates.
- All domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on September 16, 2019. The rollout will be conducted in stages, and could take several months to reach all domains.
- Primary admins will be notified by email around 3 weeks before it will reach your domain.
G Suite editions
- Available to all G Suite editions
On/off by default?
- This feature will be ON by default for new devices that meet the requirements above.
Stay up to date with G Suite launches