Configure network access

Before you can configure network access for a device, Network Access Control (NAC) must be enabled in Sophos Mobile Control.

For on-premise installation, NAC is enabled by the super administrator. See the Sophos Mobile Control super administrator guide.

For Sophos Mobile Control as a Service, NAC is always enabled.

There are two options to configure network access for a device:

  1. Allow or deny network access unconditionally.
  2. Disable network access when the device violates a compliance rule, enable network access otherwise.
Note: Sophos Mobile Control does not control the network access by itself. Instead, it provides a Deny network status that can be used by external NAC software like Sophos UTM to block network communication.

To configure network access for a device:

  1. On the menu sidebar, under MANAGE, click Devices.
  2. On the Devices page, select the devices for which you want to set the network access mode.
  3. Click Actions, and then click Set network access.
  4. Select the network access mode:
    • Allow: Network access for the selected devices is allowed.
    • Deny: Network access for the selected devices is denied.
    • Auto mode: Network access for the selected devices is based on the compliance status of the devices.
  5. Click Yes to save the changes.
For information on how to configure network access in compliance rules, see Create compliance rules.