As an admin, you can control which apps Android and iOS device users can find and install for work or school by adding them to the Web and mobile app list in the Google Admin console. You can add public apps—such as third-party apps for security, business, and document management—and private apps. Though you can add a paid public app to the list, you can't bulk purchase the app for your users through Google endpoint management.
- In the Admin console, go to Menu > Apps > Web and mobile apps.
- Click Add app + Search for apps.
- Click Enter app name and enter some or all of the name of the app you want to add. For iOS apps, you can enter the apps.apple.com URL, such as https://apps.apple.com/us/app/gmail-email-by-google/id422689480 for the Gmail app for iOS. Search begins as you enter the name.
-
- If your search returns many results, enter more information in the search box, such as the app developer or a keyword in the description.
- If an app is already added to the list, it's labeled as "Installed" and you can click View app details to review the app's settings and user access.
- To get more information about an Android app, click View in Google Play.
- To get more information about an iOS app, click View in App Store.
- When you identify the app you want to add, point to the app and click Select.
- Select which users can install the managed app from the managed Google Play store or the Google Device Policy app for iOS.
- To let all users in your organization install the app, select Entire Organization.
- To allow only certain users to install the app, click Select Groups or Select organizational units. You can add both groups and organizational units. Supported editions for this feature: Frontline; Business Plus; Enterprise; Education Standard and Education Plus; G Suite Basic and G Suite Business; Cloud Identity Premium. Compare your edition
Group settings are applied at the top organizational unit level and override organizational unit settings. If a user belongs to multiple groups with conflicting configurations, the settings are applied in order of group precedence, which you can set after you add the app.
- Click Continue.
- Configure app options based on the app platform (requires advanced mobile management, except as noted):
- Android
-
- Available—Let users install the app themselves. Users who don’t need the app don’t have to download it.
- Force install—Automatically install the app on all managed devices with no option to opt out. Optionally, you can prevent users from uninstalling a force-installed app.
Force install is also supported for basic mobile management with Business Plus, Enterprise, G Suite Business, and Cloud Identity Premium editions.
Allow users to add widgets to the home screen–Let users create a home screen shortcut when a widget is available.
Use as the always-on VPN app–When turned on, app traffic from a work profile or managed device must pass through this app. Requires Android 7.0 or later. This setting creates a more secure network connection for work profile traffic.
App auto-update timing—Choose when app updates should be installed:
- Default—Update the app automatically when the device is connected to a Wi-Fi network, is charging, is not actively in use, and the app is not running in the foreground.
- High priority—Update the app as soon as the developer publishes a new version and Google Play reviews it. If the device is offline at that time, the app immediately updates the next time the device connects to the internet.
- Postpone—Postpone app updates for 90 days after the update first becomes available. After 90 days, automatically install the latest available version of the app. For details, see Support app updates.
Supported editions for this feature: Frontline; Business Plus; Enterprise; Education Standard and Education Plus; Cloud Identity Premium. Compare your edition
Testing tracks (optional)—Select prerelease test versions of the app that you want to make available to users. Selecting multiple tracks makes the highest version code available. To learn how to make an app available to organizations, see Closed test: manage testers by the organization.
Supported editions for this feature: Frontline; Business Plus; Enterprise; Education Standard and Education Plus; Cloud Identity Premium. Compare your edition
- iOS - Make this a managed app–To have more control over the app and its data, turn on. For details, see How Managed iOS apps work.
Remove this app when the configuration profile is removed–For managed apps, turn on to automatically remove the app when the user’s management profile is removed from the device. You might want to turn it on because otherwise managed apps stay on a user's device.
- Click Finish. The app's detail page opens automatically. When you return to the Web and mobile apps list, the app is listed almost immediately after you add it.
iOS apps might take up to an hour to appear in the Google Device Policy app on users' devices. If you set the app as managed, the user must install it from the Google Device Policy app or, if they install it from the iOS App Store, they must open the Google Device Policy app and accept the management of the app. For supervised company-owned iOS devices, the app is automatically installed silently.
- If you added Microsoft Outlook for Android or iOS (not recommended), ensure that it respects your endpoint management settings:
-
- From the Admin console home page, click SecurityAPI controlsApp access controlManage Google services.
- Locate Gmail and Drive in the list of services. If Access is set to Unrestricted, change the value to Restricted. This setting prevents untrusted apps from accessing the services. When you add the app in the preceding steps, the app is automatically trusted and can access Gmail and Drive.
Please find the support article to get further details on the same.