Management modes
Depending on the device type, there are different management modes. You select the management mode when you enroll a device with Sophos Mobile.
Android devices
Sophos Mobile supports the following management modes for Android devices.
Android Enterprise full device
Sophos Mobile can monitor and manage all settings, apps, and data.
See Android Enterprise.
Android Enterprise work profile
Sophos Mobile can only monitor and manage settings, apps, and data within the work profile. You can use this mode for devices owned by the user, that is, for a Bring Your Own Device (BYOD) scenario.
See Android Enterprise.
Android Enterprise dedicated device
Devices are locked to a single app or a set of apps. You can use this mode for devices that serve a specific purpose, for example, a kiosk application.
Sophos Mobile doesn’t use a separate management mode for Android Enterprise dedicated devices. You enroll the device as an Android Enterprise fully managed device and assign it a Kiosk mode configuration.
See Kiosk mode configuration (Android Enterprise device policy).
Android device administrator
This is a legacy management mode. We recommend that you unenroll any devices still using this mode and re-enroll them in an Android Enterprise mode.
You can’t use the device administrator mode for devices with Android 10 or later.
Sophos container
Use this mode to manage the Sophos Secure Workspace and Sophos Secure Email apps.
There’s also a Sophos container policy to manage Sophos Secure Workspace and Sophos Secure Email when the device uses one of the other management modes.
See Sophos container.
Restriction
The Sophos container is only available for Sophos Central accounts created before October 1, 2022 and for accounts migrated from an on-premise installation of Sophos Mobile.
Mobile Threat Defense
Sophos Mobile manages Sophos Intercept X for Mobile on the device, protecting the device against malware and other mobile threats.
See Mobile Threat Defense with Sophos Intercept X for Mobile.
iPhones and iPads
Sophos Mobile supports the following management modes for iPhones and iPads.
Apple Device Enrollment
Sophos Mobile manages the whole device.
Apple User Enrollment
Use this mode for devices owned by the user, that is, for a Bring Your Own Device (BYOD) scenario.
In addition to the user’s Apple ID, the device gets another Apple ID owned by your organization (Managed Apple ID). Sophos Mobile can only monitor and manage settings, apps, and data of the Managed Apple ID.
Apple User Enrollment requires iOS 13, iPadOS 13, or later.
You can’t enroll supervised devices in Apple User Enrollment management mode.
Sophos container
Use this mode to manage the Sophos Secure Workspace and Sophos Secure Email apps.
There’s also a Sophos container policy to manage Sophos Secure Workspace and Sophos Secure Email when the device uses one of the other management modes.
See Sophos container.
Restriction
The Sophos container is only available for Sophos Central accounts created before October 1, 2022 and for accounts migrated from an on-premise installation of Sophos Mobile.
Mobile Threat Defense
Sophos Mobile manages Sophos Intercept X for Mobile on the device, protecting the device against malware and other mobile threats.
See Mobile Threat Defense with Sophos Intercept X for Mobile.
Macs
Sophos Mobile uses only one management mode for Macs, but there are two policy types:
- Device policy: A device policy applies to all users that sign in to the Mac.
- User policy: A user policy applies to the user that has enrolled the Mac with Sophos Mobile.
See About macOS policies.
Windows computers
For Windows computers, Sophos Mobile uses a single management mode, Device.
Chrome devices
For Chromebooks and other Chrome devices, Sophos Mobile uses a single management mode, Sophos Chrome Security. This mode lets you manage Sophos Chrome Security on the device.