Corporate data security is paramount—particularly in industries with regulations like HIPAA which include steep fines for negligently handled personal data. Accordingly, allowing employees access to that data on mobile devices is not without its share of risks, as the potential of malware or lost/stolen devices may result in expropriated data. Google has introduced an extra step for IT managers to ensure that devices are compliant with corporate-defined security policy. Device Policy will now restrict apps determined to be nonessential (like Chrome or Gmail) from running until a device is returned to compliance.

For example, a situation in which a phone could become noncompliant is a newly-implemented minimum length for passwords. If you move from a minimum of 6 characters to 8, previously acceptable 6 and 7 character passwords will need to be changed in order to continue using the full abilities of the phone. Other factors, like being rooted can result in noncompliance. In other words, you will need to make sure your phone is properly secured before you can get back to not doing real work, like watching random YouTube videos. Otherwise, apps will be locked.

This feature is only available for devices tied to an active G Apps subscription, so normal consumer devices are not affected. As usual, this is a staggered update, which will take 15 days to roll out.