Not managed device requires MDM client for GMail access

ddkaestner
Level 1.6: Donut

Hello everyone,

 

hope you doing well. And even hope more you can help us or ever had something similar.

 

We have a customer which uses managed google enterprise/Android enterprise with a workspace mail in Miradore. The device which are managed just working fine. But since 5th of June, private device which are not managed (no work profile pure private devices) by Miradore, require in Gmail the Miradore Client.

the only connection we see until now is the used workspace account for Android Enterprise. We would like to help the customer asap, but we even not sure where to start. Every hint and advice would be highly appreciated.

 

Maybe somebody had something similiar. Thank you all:)

IMG_8050.jpeg

7 REPLIES 7

Moombas
Level 4.0: Ice Cream Sandwich

If you assigned your company domain to Google (workspace) this will affect all accounts using that domain as they are not private anymore but managed.

ddkaestner
Level 1.6: Donut

Okay, I got it so far. So because the workspace admin account is connected to Miradore as well (as MDM solution for other devices) as Android Enterprise account. It has influence to all other accounts? Can that be disabled by any chance in Google workspace?

 

otherwise we will suggest the customer to use another non related gmail account for the Android enterprise integration.

Moombas
Level 4.0: Ice Cream Sandwich

No, it normally shouldn't have anything to do with the MDM (to be honest i don'T know what Miradore does in the background if you connect it to the Google workspace) but if an employee creates an Google account using your mentioned domain and later you assign that domain to Google workspace, this account will be switched from a private account to a managed account and they should get a request from Google to accept that or change the mail address used for that account.

For everything else i recommend to ask Miradores support.

ddkaestner
Level 1.6: Donut

Okay, yeah well I am part of the Miradore support.

thats why we are so shocked, that not managed accounts or device ask for the Miradore client. The only connection as I said is the Android Enterprise connection, for the managed google play store. We have no user import and so on. Thank you so much for clarification.

Moombas
Level 4.0: Ice Cream Sandwich

Then you may ask when the customer connected to Google workspace.

We had similar experience here (with the accounts itself, outside of MDM) but our IT department was aware of it and has send a mail to all users in the company just before they migrated so the users aware of it.

jasonbayton
Level 4.0: Ice Cream Sandwich

👋

 

This can be handled at OU level within workspace. 

 

We can't see what they've done specifically obviously, but it sounds like someone turned on device management globally inside their tenant. Google hasn't published any changes on or around June 5 that would have any impact so.. 

 

Start with the audit logs - https://admin.google.com/ac/sc/investigation?ref=reporting

Validate their device management settings - https://admin.google.com/ac/devices/settings/general

 

If they have a group of users they don't want to manage, for some reason permitted to access corp data on an unprotected device, they can exclude them in a dedicated OU with all management disabled.

 

Edit: Have they just validated their domain? That'll offer the ability to take over all accounts for management - https://support.google.com/a/answer/60216?hl=en

Wow, thank you. We checked with the customer.

 

i will keep you up to date. Thank you very much for the detailed answer.