Blog Post

Community blog
2 MIN READ

Best practices: retaining control of the Google accounts which manage your Android Enterprise organisation

Lizzie's avatar
Lizzie
Google Community Manager
2 years ago

Hello everyone,

 

Please note: the below information is not relevant for Workspace organisations, or if you are using the new Android Enterprise sign-up experience (from 2024 onwards) please refer to this Help Center article instead. 

 

The ability to manage and publish apps to your devices is important for any IT owner or administrator. So, it goes without saying that maintaining control of the Google accounts associated with your Managed Google Play enterprise is high-priority. 

 

To help with this, we’d recommend the following best practices: :

 

  • Additional account owners/admin: add multiple owners to your Managed Google Account enterprise so you can still organise managed Google Play apps, even if one owners’ account is impacted 

 

  • Stay informed with notifications: add a recovery email or contact information to your Google Account(s), so you are notified of any changes with your account

 

  • 2-step verification: add an additional layer of security to your account (keep in mind, if you transfer your account to another member of your team, you will need to update this)


  • Keep a record of your Enterprise ID number (also called Organisation ID): this ID is a unique identifier for the binding between your EMM instance and your Managed Google Play account. This might be asked for from third-party app developers or if you ever need to troubleshoot an issue, this ID number is a handy reference for your account. To locate this, take a look at this Help Center article.   


What should I do if my Google account is deleted and it’s the only account associated with my organisations/Enterprise Managed Google Play account? 

 

When the Google account of the only admin associated with the Managed Google Play organisation/enterprise account is deleted, the organisation/Enterprise will become orphaned.   It will remain fully functional (retaining the ability to enrol new devices and manage apps), except you will not be able to log into services that require that deleted Google account (such as your Managed Google Play account).

 

If you have an additional owner or admin associated (as mentioned above in the best practices), you reduce the risk of your organisation/Enterprise becoming orphaned.

 

If this happens, to regain access* you’ll need to associate a new Google account to your organisation/Enterprise. Following best practices, we would recommend updating this as soon as possible. 

 

To add a new Google account:

  • Open a support ticket directly with your EMM
  • Include the new Google account you wish to use as a replacement

 

Your EMM will then raise a ticket directly with Google to rebind your new Google gmail account to your organisation. Simply, accept the Play Terms of Service and return to business as usual. 

 

*Please note, if your account was closed before 23 November  2023, unfortunately there is no way to recover the organisation account associated with it. 

 

We know this has been a popular question within the community, so I hope this is helpful.

 

Thank you,

Lizzie

Published 2 years ago
Version 1.0

10 Comments

  • jsweeton's avatar
    jsweeton
    Level 1.6: Donut
    2 years ago

    Thanks Lizzie.  Are there similar recommendations for Google Play management?   We also have a central team that manages Google Play but we have found the primary account holder role can’t easily be replicated or transferred.   This makes it hard to follow good account practices and deal with team turnover.

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    2 years ago

    Hello jsweeton,

     

    Thanks so much for your message here, I'm glad this was helpful. I have just sent you a direct message via your community inbox with a follow up question on your Google Play account. Hopefully from that we can provide a few more tips.

     

    Speak to you soon.

    Thanks,

    Lizzie

  • MobileDude's avatar
    MobileDude
    Level 1.6: Donut
    2 years ago

    Hi,
    Tried to add additional account holders but it says "G Suite users are not supported".  How do we go about adding additional users to our managed play store accounts? Are we not able to use our corporate email address for these additional users? 

  • Kmspr's avatar
    Kmspr
    Level 1.5: Cupcake
    2 years ago

    Hello Lizzy,

    The provided solutions and best practices doesn't work:


    • Additional account owners/admin .

    After adding a second owner/ admin and inviting him, the second admin is asked for creating a Google account and at the last step the error message "Something went wrong, try again" appears.
    We have tried this with multiple MPS accounts on different browsers/ computers/ networks and are facing the same error message, over and over again.

     

    Stay informed with notifications: add a recovery email or contact information to your Google Account(s), so you are notified of any changes with your account.

    Adding recovery emails doesn't prevent anything. We have our IT Supportdesk email added as recovery email address to all our customers Google accounts but never got a warning.
    Only the final e-mail that's informing the account has been deleted due to violating of terms!

     

    • 2-step verification: add an additional layer of security to your account.
    I don't get in what way this step will prevent Google accounts from getting deleted? Besides that, Google limits the number of accounts that can be verified with a single phone number. It's not realistic to ask IT Organizations who are managing different MPS accounts for their customers,to use dozens of different phone numbers for 2-step verification.

  • Kmspr's avatar
    Kmspr
    Level 1.5: Cupcake
    2 years ago

    Hello Lizzy,

    The provided solutions and best practices doesn't work:


    • Additional account owners/admin .

    After adding a second owner/ admin and inviting him, the second admin is asked for creating a Google account and at the last step the error message "Something went wrong, try again" appears.
    We have tried this with multiple MPS accounts on different browsers/ computers/ networks and are facing the same error message, over and over again.

     

    Stay informed with notifications: add a recovery email or contact information to your Google Account(s), so you are notified of any changes with your account.

     

    Adding recovery emails doesn't prevent anything. We have our IT Supportdesk email added as recovery email address to all our customers Google accounts but never got a warning.
    Only the final e-mail that's informing the account has been deleted due to violating of terms!

     

    • 2-step verification: add an additional layer of security to your account.

    I don't get in what way this step will prevent Google accounts from getting deleted? Besides that, Google limits the number of accounts that can be verified with a single phone number.
    It's not realistic to ask IT Organizations who are managing different MPS accounts for their customers,to use dozens of different phone numbers for 2-step verification.

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    2 years ago

    Hey MobileDude,

     

    Thanks for your response here, as you are a workspace member, have you seen this article on adding additional admin/owners to your account? Does this help?

     

    Thanks,

    Lizzie

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    2 years ago

    Hello Kmspr,

     

    Thanks for your feedback and thoughts here, this is really helpful. To add, the points above are general best practices, if it's not possible due to your business setup to implement them all them then at least you are aware and perhaps have the other things in place. 

     

    • On your first point: when you click the '+' symbol and add the email address, is this an existing Google gmail email you are using here?
    • On the notifications: there could be a number of different things here so it's hard to tell ie. it might be that there weren't any warning notifications or the notification went to the spam filter. It is good to hear the closure warning reached your team though as this still gives you time to take action rather than finding out at a later stage - which is why I would recommend having this in place. 

     

    Hope to speak with you soon. 

     

    Thanks,

    Lizzie

  • MobileDude's avatar
    MobileDude
    Level 1.6: Donut
    2 years ago

    Hey Lizzie ,

     

    Maybe we are in a unique situation where we setup our managed play store a few years back where you had to create a normal gmail account to complete the setup.  We were not a Google workspace setup then and still not fully either. I would prefer the Additional account owners/admins be tied to our corporate email accounts, so access is life cycled with that account. I do not want to create more rouge accounts as backup accounts. Maybe we can have a one to one conversation so I can give more details if needed? 

    Thanks!

  • Lizzie's avatar
    Lizzie
    Google Community Manager
    2 years ago

    Thanks so much MobileDude for sharing more details. I wonder have seen our recent update about the new sign-in flow for Android Enterprise - I feel this may help make this a lot easier for you in the future. Feel free to ask any questions on that thread if you'd like to know more. 

     

    Regarding your current process, I'll send you a direct message via you community inbox here (see the little envelope in the top right corner of your page) and we can chat more. 😀

     

    Looking forward to speaking with you. 

    Thanks,

    Lizzie

  • MPSH's avatar
    MPSH
    Level 1.5: Cupcake
    12 months ago

    Hi everyone,

     

    "

    When the Google account of the only admin associated with the Managed Google Play organisation/enterprise account is deleted, the organisation/Enterprise will become orphaned.   It will remain fully functional (retaining the ability to enrol new devices and manage apps), except you will not be able to log into services that require that deleted Google account (such as your Managed Google Play account).

    "

     

    In my humble opinion the information above is not fully correct. When Google deletes the account, not only the Enterprise will become orphaned,  it is not possible to enroll new devices to the tenant and adding new apps. This is what we have experienced in Microsoft Endpoint Manager / Intune.

         

      

    "To add a new Google account:

    • Open a support ticket directly with your EMM
    • Include the new Google account you wish to use as a replacement

     

    Your EMM will then raise a ticket directly with Google to rebind your new Google gmail account to your organisation. Simply, accept the Play Terms of Service and return to business as usual. "

     

     

     

    Has anyone in this community succeeded in replacing the Google account linked to Intune, without unenrolling the devices? Can anyone share his / her experience? Some EMM tenants we manage have thousands of active Android devices. I have nightmares thinking about having to unenroll everything and roll it out again.