Does your organization use Google Workspace Advanced MDM?

If the answer is yes, it is important to start the transition from the Google Apps Device Policy app to the new Android Device Policy app. Beginning January 19, 2022, new device enrollments will use the Android Device Policy application instead of the Google Apps Device Policy. For users that have already connected their Android devices to their managed Google account, the process includes removing the work account and re-adding it to the device. 

The transition needs to be completed before March 19, 2022, or work data will stop syncing to the user’s Android Devices. This is a planned upgrade by Google Workspace to replace the legacy device agent with a new version.

New features

The Android Device Policy management application is integrated directly into the newest Android operating system, which means you don’t need to install the application manually. New highlighted features include:

• zero-touch enrollment for company-owned devices to make bulk importing of devices faster and more streamlined
• advanced password and always on VPN management policy options
• more lock screen feature policies available for enforcement on user-owned devices

These additions will be a welcome change for organizations with security requirements around how company data is accessible through mobile devices. Any features Google adds to the new Android Device Policy application will be detailed on the Android Enterprise Announcement blog.

Personal devices with work profiles

Google’s instructions include removing the work profile from devices by unregistering the work account in the Google Apps Device Policy application and re-adding the work account to the device. The Android Device Policy will be added seamlessly to the device and prompt users to set up a work profile when re-adding the account. There is no opt-out functionality for the Android Device Policy work profile as with the previous Google Apps Device Policy. 

Company-owned devices and personal devices without a work profile

For a user-owned device without a work profile, the user opens the Google Apps Device Policy and selects “Unregister” for their device. After work data is deleted, the user can connect the work account again and automatically set up the Android Device Policy app. A work profile is created as a requirement of the ADP app. 

Company-owned devices need to be wiped by administrators to trigger the transition. If users are allowed to reset their devices, they can transition themselves without Admin assistance. 

Device requirements

The Android Device Policy app has the following requirements: 

1. Android 6.0 Marshmallow or later
2. The device supports a work profile and company-owned (fully managed) device mode.
3. The user account is under advanced mobile device management.

When all requirements are met and the Android Device Policy app is available for your organization, it will be used by default going forward. Devices that don’t meet these requirements will be prompted to set up and continue using the Google Apps Device Policy app. 

For users that have devices with Android 6.0 Marshmallow or earlier or devices that do not support work profiles, administrators should consider switching these users to basic device management. 

Device agent reporting

Google Workspace device administrators can get a report of the management application used by devices in the organization to prepare for the switch and contact relevant users. Here’s how: 

1. On the Admin console Home page, go to Devices.
2. Click Mobile devices.
3. Click the row of the device whose details you want to view.
4. Click Device security.
5. The device’s management is listed under User-agent.

Wrapping up

Google Workspace customers using Advanced Mobile Device Management for Android devices need to transition devices to use the new policy enforcement application to avoid interruption in data syncing. The replacement version of the legacy Google Apps Device Policy application enforces work profiles on eligible devices and includes new policy options. The setup of the new policy enforcement application is more streamlined for end users setting up BYOD-managed devices. Google has provided a set of instructions to send to users to assist with the transition to the new policy application.