Use Sophos Intercept X for Mobile with third-party EMM software

You can automatically enroll Sophos Intercept X for Mobile with Sophos Mobile when it’s installed on devices you manage with third-party Enterprise Mobility Management (EMM) software.

For devices you manage with Microsoft Intune, see Set up Mobile Threat Defense.

Requirement

For Android, the device must be enrolled in Android Enterprise mode.

To automatically enroll Sophos Intercept X for Mobile with Sophos Mobile on devices you manage with third-party EMM software, do as follows:

On the menu sidebar, select Setup > Sophos setup and then the Intercept X auto-enrollment tab.
Select Generate connection code.

The code contains the information required by Sophos Intercept X for Mobile to enroll with Sophos Mobile.
Configure the following settings:
- Owner: Choose whether the devices are owned by your organization (Corporate) or not (Personal).
- Device group: The Sophos Mobile device group devices are assigned to.
- Mobile Threat Defense policy (Android) (Optional): The Sophos Mobile policy for Sophos Intercept X for Mobile on Android devices.
- Mobile Threat Defense policy (iOS) (Optional): The Sophos Mobile policy for Sophos Intercept X for Mobile on iPhones and iPads.
Click Save.
Select Copy next to Connection code to copy the value to the clipboard.

You need the connection code to configure the EMM.
Add Sophos Intercept X for Mobile to the EMM.
In the EMM, edit the app’s managed configuration.
- For the Android app, settings are given and you enter the values.
- For the iOS app, you must enter each setting’s name, type (String or Boolean), and value.
For available settings, see Android settings and iOS settings.

For details on how to edit the managed configuration, see the documentation of the third-party EMM product.

Tip

If supported by the EMM, use variables for the user’s email address and the device name.
Optional: Create a configuration profile for web filtering and deploy it to your iPhones and iPads.

On iPhones and iPads, Sophos Intercept X for Mobile uses a configuration profile to provide web filtering. If you don’t deploy the profile through the EMM, users must install it when Sophos Intercept X for Mobile enrolls with Sophos Mobile.

For details, see Automate installing the iOS configuration profile.
Install Sophos Intercept X for Mobile through the EMM.

The first time a device starts after installation, Sophos Intercept X for Mobile enrolls with Sophos Mobile. You can manage the app from the Devices page in Sophos Mobile Admin.

If required, you can revoke the connection code to block future app enrollments.

Android settings

The table shows the configuration settings of the Sophos Intercept X for Mobile Android app.

Setting	Description
Email	Optional: The email address of the user you want to assign to the device in Sophos Mobile. If a user with that email address doesn’t exist, Sophos Mobile creates them.
Connection code	The connection code you copied from Sophos Mobile.
Device ID	The unique device identifier used by the EMM.
Device name	Optional: The device name. Sophos Mobile uses this name when it adds the device.
EULA disabled	Optional: The End User License Agreement (EULA) is not displayed when the app starts.

iOS settings

The table shows the configuration settings of the Sophos Intercept X for Mobile iOS app.

Setting	Type	Description
`email`	`string`	Optional: The email address of the user you want to assign to the device in Sophos Mobile. If a user with that email address doesn’t exist, Sophos Mobile creates them.
`smcData`	`string`	The connection code you copied from Sophos Mobile.
`deviceId`	`string`	The unique device identifier used by the EMM.
`deviceName`	`string`	Optional: The device name. Sophos Mobile uses this name when it adds the device.
`macAddress`	`string`	Optional: The device’s MAC address. The value is used to identify the device when it connects to a Sophos Wi-Fi access point. Required for Synchronized Security.
`eulaDisabled`	`boolean`	Optional: The End User License Agreement (EULA) is not displayed when the app starts. Possible values are `true` and `false`. The default is `false`.