Management modes

Depending on the device type, there are different management modes.

You select the management mode when you enroll a device with Sophos Mobile.

This topic provides an overview of the available management modes.

Android devices

Sophos Mobile supports the following management modes for Android devices:

  • Android Enterprise full device

    Sophos Mobile can monitor and manage all settings, apps, and data.

    For details, see Android Enterprise.

  • Android Enterprise work profile

    Sophos Mobile can only monitor and manage settings, apps, and data within the work profile. You can use this mode for devices owned by the user, that is, for a Bring Your Own Device (BYOD) scenario.

    For details, see Android Enterprise.

  • Android Enterprise dedicated device

    Devices are locked to a single app or a set of apps. You can use this mode for devices that serve a specific purpose, for example, a kiosk application.

    Sophos Mobile doesn’t use a separate management mode for Android Enterprise dedicated devices. You enroll the device as an Android Enterprise fully managed device and assign it a Kiosk mode configuration.

    For details, see Kiosk mode configuration (Android Enterprise device policy).

  • Android device administrator

    This is a legacy management mode. We recommend that you unenroll any devices still using this mode and re-enroll them in an Android Enterprise mode.

    You can’t use the device administrator mode for devices with Android 10 or later.

  • Sophos container

    Use this mode to manage the Sophos Secure Workspace and Sophos Secure Email apps.

    There’s also a Sophos container policy to manage Sophos Secure Workspace and Sophos Secure Email when the device uses one of the other management modes.

    For details, see Sophos container.

  • Mobile Threat Defense

    Sophos Mobile manages Sophos Intercept X for Mobile on the device, protecting the device against malware and other mobile threats.

    For details, see Mobile Threat Defense with Sophos Intercept X for Mobile.

iPhones and iPads

Sophos Mobile supports the following management modes for iPhones and iPads:

  • Apple Device Enrollment

    Sophos Mobile manages the whole device.

  • Apple User Enrollment

    Use this mode for devices owned by the user, that is, for a Bring Your Own Device (BYOD) scenario.

    In addition to the user’s Apple ID, the device gets another Apple ID owned by your organization (Managed Apple ID). Sophos Mobile can only monitor and manage settings, apps, and data of the Managed Apple ID.

    Apple User Enrollment requires iOS 13, iPadOS 13, or later.

    For details, see Apple User Enrollment.

  • Sophos container

    Use this mode to manage the Sophos Secure Workspace and Sophos Secure Email apps.

    There’s also a Sophos container policy to manage Sophos Secure Workspace and Sophos Secure Email when the device uses one of the other management modes.

    For details, see Sophos container.

  • Mobile Threat Defense

    Sophos Mobile manages Sophos Intercept X for Mobile on the device, protecting the device against malware and other mobile threats.

    For details, see Mobile Threat Defense with Sophos Intercept X for Mobile.

Macs

Sophos Mobile uses only one management mode for Macs, but there are two policy types:

  • Device policy - A device policy applies to all users that sign in to the Mac.
  • User policy - A user policy applies to the user that has enrolled the Mac with Sophos Mobile.

For details, see About macOS policies.

Windows computers

For Windows computers, Sophos Mobile uses a single management mode, Device.

Chrome devices

For Chromebooks and other Chrome devices, Sophos Mobile uses a single management mode, Sophos Chrome Security. This mode lets you manage Sophos Chrome Security on the device.

For details, see Sophos Chrome Security.