Is deze functie beschikbaar voor alle edities van Google Workspace?

Ja, deze functionaliteit is beschikbaar voor alle Google Workspace-klanten, ongeacht de editie. Het stelt elke organisatie in staat om de beveiliging van mobiele apparaten beter te beheren via fijnmazige rechten.

Kan ik een beheerder toegang geven tot alleen bepaalde apparaten binnen een OU?

Nee, de delegatie is gebaseerd op organisatie-eenheden (OU's). De beheerder krijgt rechten over alle apparaten die binnen de geselecteerde OU en de daaronder vallende sub-OU's vallen.

Wat is het voordeel van het delegeren van MDM-rechten?

Het belangrijkste voordeel is betere beveiliging door het principe van minimale rechten (least privilege). Daarnaast zorgt het voor minder druk op centrale IT-teams omdat taken lokaal kunnen worden afgehandeld.

Wanneer zie ik deze optie in mijn Admin console?

De uitrol start op 29 juni 2026. Het kan 1 tot 3 dagen duren voordat de functie volledig zichtbaar is voor alle beheerders in jouw omgeving.

Moeten eindgebruikers actie ondernemen voor deze update?

Nee, er is geen actie vereist van eindgebruikers. Deze wijziging vindt volledig plaats aan de achterkant van de beheeromgeving en heeft geen invloed op het dagelijks gebruik van mobiele apparaten.

Wat als ik al bestaande beheerdersrollen heb?

Je kunt deze rollen eenvoudig aanpassen in de Admin console. Door de rol te bewerken en de scope voor mobiel beheer aan te passen naar een specifieke OU, pas je de nieuwe rechten direct toe.

Kan ik hulp krijgen bij het inrichten van deze rollen?

Zeker, bij Cloud Captains helpen we je graag bij het inrichten van een veilige en efficiënte beheerstructuur. Neem contact met ons op voor advies over Google Workspace-beveiliging.

Assign MDM Admin Privileges by Organizational Unit in Workspace

Enhance security by delegating mobile device management privileges to specific organizational units in Google Workspace.

calendar_today 29 Jun 2026 person Cloud Captains Team visibility 35 views schedule 3 min read

What Is It?

Google has officially introduced a granular approach to managing mobile device management (MDM) privileges. You can now assign administrative rights specifically scoped to individual organizational units (OUs). This update moves away from the traditional 'all-or-nothing' approach, allowing administrators to delegate control over mobile devices based on the specific needs of an organizational department, location, or team.

This feature, which was previously in beta, is now generally available. It not only refines who can manage what but also improves the overall user interface, allowing admins to see and manage their designated fleet of devices with much higher efficiency.

What Is the Impact?

info

The primary impact of this update is a significant boost to organizational security. By scoping administrative access to specific OUs, you ensure that admins only see and interact with the devices they are authorized to manage. This minimizes the risk of accidental configuration changes or unauthorized data wipes on devices that fall outside an admin's jurisdiction.

Beyond security, this update streamlines operational workflows. In large or decentralized organizations, central IT teams often become bottlenecks for simple tasks like resetting a device or clearing a business account from a lost phone. By delegating these rights to local managers or regional IT staff, you reduce the workload on central IT and empower local teams to resolve issues faster.

The improved device management UI makes this even more effective. With clearer, more relevant data visibility, administrators can quickly identify the status of their devices and perform necessary actions without navigating through a cluttered list of irrelevant devices from other departments.

Admin Console

Who Is It For?

This feature is available to all Google Workspace customers and is particularly beneficial for:

check_circle
check_circle
check_circle
check_circle

When Will It Roll Out?

The feature rollout commences on June 29, 2026. Both Rapid Release and Scheduled Release domains will receive the update within a 1–3 day window for full feature visibility.

What Should You Do?

To leverage this, you need to update your admin roles in the Google Admin console. Follow these steps:

Step 1

Accountarrow_forward_iosAdmin roles

Step 2

Select an existing role or create a new custom role specifically for MDM tasks.

Step 3

Under the 'Mobile Devices' privilege section, define the scope to only include the specific OUs required.

Step 4

Assign this role to the relevant users or groups within your directory.

lightbulb

Conduct a quick audit after assignment to ensure the admin can only see the intended devices. This confirms your security scope is correctly applied.

Background & Context

settingsGranular Security

Granular control is the cornerstone of a mature IT strategy. By leveraging OU-level permissions, you align your administrative access with your actual business structure.

As mobile device management becomes increasingly critical, the ability to control access without over-privileging admins is vital. This update addresses the needs of modern, distributed teams. By empowering the right people with the right level of access, your organization becomes more resilient and agile.

Frequently Asked Questions

Is this feature available for all Google Workspace editions? expand_more

Yes, this functionality is available to all Google Workspace customers regardless of their specific edition. It is designed to help any organization improve the security management of their mobile devices through granular permissions.

Can I grant an admin access to only specific devices within an OU? expand_more

No, the delegation is based on organizational units (OUs). The administrator will receive permissions for all devices belonging to the selected OU and any nested sub-OUs within that structure.

What is the primary benefit of delegating MDM privileges? expand_more

The primary benefit is enhanced security through the principle of least privilege. Additionally, it reduces the burden on central IT teams, as routine mobile management tasks can be handled locally by designated staff.

When will I see this option in my Admin console? expand_more

The rollout begins on June 29, 2026. It may take between one to three days for the feature to become fully visible to all administrators within your specific Google Workspace environment.

Do end users need to take any action for this update? expand_more

No, there is no action required from end users. This update is entirely backend-focused within the administration console and will not impact the daily use of mobile devices by your staff.

What if I already have existing admin roles? expand_more

You can easily update your existing roles in the Admin console. By editing the role and adjusting the mobile management scope to a specific OU, you can immediately apply these new granular permissions.

Can I get help with setting up these roles? expand_more

Absolutely. At Cloud Captains, we are happy to assist you in designing a secure and efficient administrative structure. Please reach out to us for expert advice on Google Workspace security configurations.

Assign MDM Admin Privileges by Organizational Unit in Workspace

Table of Contents