Android Enterprise enables companies to ensure a high level of security while offering them the freedom to make customized adaptations. Many businesses have taken advantage of this. However, they now face a problem: Google announced in May that it will be updating the inactivity policy on all of its products and, starting in December 2023, deactivating all personal Google accounts that have been inactive for two years.
This change affects many accounts that play a key role in the scope of Android Enterprise. Deactivation could have serious consequences for businesses.
Read this blog post for more background information on this topic and to learn how you can prevent this from happening and respond if this situation impacts your company.
Why is the Google account important?
Businesses that want to use Android Enterprise must have a Google account to ensure communication between the UEM system and Google Services. This type of account doesn’t require any special features. A standard Google account that can be created by anyone is sufficient; there is no need for an enterprise account.
Administrators usually create this account specifically for this purpose when their company begins using Android Enterprise and don’t use it for any other purpose. Maintenance and other activities are generally not required once the account has been created and Android Enterprise has been activated. This means that the account is usually never touched again, and there are no further attempts to sign in.
While this may be convenient, it can lead to a major problem down the road.
What’s the problem and why is Google deleting accounts?
Google wants to prevent the number of inactive Google accounts from steadily rising because, according to the company, they pose a security threat in many cases. Passwords for these accounts usually fail to meet current standards.
This is why Google is updating its inactivity policy and will begin performing regular checks to uncover accounts that have been inactive for two years. These accounts will be deleted for the first time in December 2023. The company is starting with accounts that were created and then never used again.
And that leads us to the subject of Android Enterprise: Since administrators are no longer required to work with the Google account once Android Enterprise has been activated, these accounts tend to remain dormant for years. Registering devices on a regular basis doesn’t count as activity. As a result, Google will also filter out and delete accounts that are vital for Android Enterprise.
Essentially, two of Google’s key mechanisms are working against each other in this scenario.
What happens when an account is deleted?
When Google deletes this type of account, users have 30 days to restore the account. If this doesn’t happen, it will no longer be possible to establish a connection between the device and the UEM system – in either direction. While users can still work with their devices, the devices themselves remain practically frozen in their current status. Administrators can no longer register new devices or distribute new apps or configurations. Their options are severely limited, and they must expend much more time and effort because all of the devices will need to be reprovisioned, and the settings will have to be reconfigured.
What can enterprises do to prevent this from happening?
Ideally, businesses won’t allow things to progress this far and will prevent their accounts from being deactivated in the first place. There are several options for doing this. We have specific recommendations for our customers:
- Assign at least two accounts to Android Enterprise.
- Enter a recovery email address.
- Sign in on a regular basis to ensure your accounts never become inactive. In the blog post, Google further explains that reading and sending emails and using Google Drive or Google Search all count as activity.
- Use your company’s own domain instead of gmail.com for the accounts, and observe the Terms of Service for Managed Google Play and Android Enterprise APIs.
What can enterprises do once it’s too late?
Companies need to act fast once an account has been deactivated so the 30-day period doesn’t expire.
- If a recovery account is available, it may be possible to restore the account.
- Otherwise, the only other option is a ticket with Google Support, which we can open for companies as an Android Enterprise Service Provider.
However, once the 30-day period has expired, businesses will simply have to accept the consequences and start over from scratch. This should be avoided if at all possible.
Update January 2024
Google’s policy is effective since the end of 2023. Currently, accounts for Managed Google Play Enterprises, Managed Google Play Accounts and Owner and Admin Accounts from the Zero Touch Portal are still excluded. However, this is probably only a matter of time. We therefore recommend that companies implement the recommendations described above today in order to be prepared when this exemption no longer applies. Companies are not at a disadvantage if they implement these steps today – instead, they are playing it safe.
It’s important for enterprises to act fast once an account has been deleted. This will save a great deal of time and effort in the future.
As an Android Enterprise Service Provider, we can help you resolve the issue and optimally manage devices with Android Enterprise.
