Setting Up Google Mobile Device Management for iOS: A Step-by-Step Guide

With the rising popularity of iPhones and iPads in the workplace, it has become crucial for IT teams to find an effective Mobile Device Management (MDM) solution for managing and securing iOS devices. Google offers its own robust cloud-based MDM platform that works across iOS, Android, and ChromeOS devices called Google Mobile Device Management.

Getting started with Google MDM for iOS devices involves a few key steps. If you are a Google Workspace admin and your organization uses iOS devices, you can connect Apple Business Manager or Apple School Manager with your Workspace or Cloud Identity subscription for mobile management.

Let's explore how to set up Google MDM for iOS devices.

Apple Device Enrollment Integration: How Does It Work?

As mentioned, you can integrate Apple Business Manager or Apple School Manager with your Admin Console. To do this, you need to provide an authorization key or token to each entity.

Tokens allow Google's Endpoint Management to push configuration settings from the Admin Console to the devices via the Mobile Device Management configuration profile.

Note that the server token you get from Apple expires annually, so you must renew the token for devices to sync. However, you can renew the token after it expires.

Pre-Enrollment Requirements

Before you begin setting up Google MDM for iOS, review Google's device requirements for Endpoint Management. Then, get an account to sign into your organization's Apple Business Manager or Apple School Manager.

It's recommended to buy iOS devices for your organization through an authorized Apple retailer, as these devices will be automatically linked to your Business Manager or School Manager.

Once you have your devices, turn on advanced mobile management for the organizational unit that will use the devices. Note that you'll need access to both Google Admin Console and Apple Business or School Manager to complete these steps, so ensure you have secure access before attempting to set up Google MDM.

Set Up Google MDM for iOS Devices

Step One: Apple Enrollment

1. First, sign in as a super administrator in the Admin Console.
2. In the Admin Console, go to Menu, then click "Devices," then "Mobile & Endpoints," then "Settings," then "iOS."
3. Click "Apple Certificates," then "Set Up Enrollment." Click "Get Public Key." This key downloads to your device.
4. Open Apple Business Manager or Apple School Manager and sign in with your business Apple ID. In the Device Enrollment Program section:
5. Click "Manage Servers." If you've already set up an MDM server for these devices, click it, or otherwise create a server.
6. Next, upload the public key you downloaded from the Admin Console. Download the server token from Apple.
7. Return to the Admin Console. Under "Business Apple ID," enter the Apple ID you used to get the token.
8. Click "Upload Server Token" and select the token you downloaded from Apple. Click "Open."
9. Click "Save & Continue." The token and its expiration date will be listed on the settings page. You can set a calendar reminder to renew the token before it expires.

Step 2: Configure Device Settings

Once enrolled, you can control how company iOS devices are set up when a user first signs in. These settings will apply to your entire organization.

1. Sign in as an admin in Admin Console. Then, go to "Menu," and then "Devices," "Mobile & Endpoints," "Settings," then "iOS."
2. Click "Company-owned iOS Device Setup," then "Device Enrollment Settings". Learn more about the iOS settings here.
3. Click "Save." Note that changes can take up to 24 hours to appear.

Step 3: Configure iOS Device Restrictions

In addition to the settings available to all iOS devices under advanced management, you can control user access to more apps and settings for supervised devices.

Plus, you can configure these settings by organizational unit so you can allow some units to install apps, but block installation for others. This is a great feature for educational institutions that need to monitor both teacher and student access. Learn more here.

Step 4: Enroll and Distribute Organization iOS Devices for Management

1. Sign into Apple Business Manager or Apple School Manager with your business Apple ID.
2. Now, assign the devices to the MDM server you connected to Google Endpoint Management. The serial numbers of the devices you want to manage must already be in the system. They should be entered by your authorized Apple retailer.
3. To assign devices individually, enter the serial number.
4. To assign all devices by the server, set the default assignment.
5. To bulk enroll devices, download a CSV file of the serial numbers, then upload this file.
6. Note that it can take up to 24 hours for a device to be ready after you assign it to the MDM server. As an option, you can also manually sync devices in the Admin Console. Learn more here.
7. Now, you can distribute devices to your users. When users sign in, they follow an easy setup. Learn more here.

Best Practices for Implementing and Utilizing Google MDM for iOS

Proper Planning & Testing

Setting up Google MDM for iOS initiates by creating a Business Apple ID. This ID is obligatory to log into Apple Business Manager or Apple School Manager, where the enlisted devices purchased via an Authorized Apple retailer can be managed.

The success of any MDM solution heavily relies on the accuracy of the initial configuration and deployment. Thus, proper planning and testing are the first critical steps in your MDM implementation journey.

Regular Monitoring & Maintenance

Successful management of company-owned iOS devices requires regular monitoring and maintenance.

Google Endpoint Management enables administrators to manually sync devices, ensuring any changes made in the Apple Device Enrollment section of Apple Business Manager are reflected within the Google Admin Console. This helps maintain up-to-date device information, crucial for efficient and advanced mobile management.

User Training & Awareness

The effectiveness of an MDM solution also depends on end-user engagement. As a best practice, organizing user training sessions and awareness programs regularly is recommended.

Highlighting the importance of security guidelines, device safety, and proper usage goes a long way in ensuring smooth operations of iOS devices within your organization with Google MDM, promoting successful advanced management.

Configuring Policies &  Restrictions

Google MDM provides extensive controls over iOS devices. For instance, the Google Admin Console allows admins to set up unique certificates for each device, configure policies related to apps, and impose restrictions on hardware features.

When correctly configured and implemented, these policies enable precise control over iOS devices, ensuring they are used in ways that align with organizational policies.

Staying Updated with New Features & Updates

In the evolving landscape of mobile device management, it is critical to stay informed about new features and updates offered by Apple and Google. Both companies regularly roll out updates to improve security, add features, or streamline the management process.

Administrators can sync these updates via the Apple Business Manager or Apple School Manager in the Google Admin Console, keeping their MDM practice current.

Look to Promevo for Google Support

If you need help rolling out Google MDM for Workspace and iOS devices, Promevo is here. As a Google-certified partner, we provide end-to-end support with all things Google, from Workspace management and reporting to selecting ChromeOS devices. Our team helps you harness the robust capabilities of Google to reinvent the way you do business.

We are proud to be a 100% Google-focused partner helping you succeed wherever you are in your Google journey. Contact us today to get started.