Set up zero-touch enrollment

To set up zero-touch enrollment in Sophos Mobile Admin, you configure the settings applied to zero-touch enabled Android devices (“zero-touch devices”) when they enroll with your Sophos Mobile server.

Prerequisite:

You’ve created a task bundle for QR code enrollment. The task bundle must have an Assign policy task for an Android Enterprise device policy and must not have an Enroll task.

To set up zero-touch enrollment:

  1. On the menu sidebar, under SETTINGS, select Setup > Android setup, and then select the Zero-touch tab.
  2. Select Use zero-touch enrollment.
  3. Under Zero-touch configuration settings, select DPC extras to configure settings applied to the device:
    • Language: The language of the Android user interface.
    • Time zone: The time zone set on the device.
    • Enable system apps: On Android Enterprise fully managed devices, system apps with a launcher icon are disabled by default. Select this setting to keep all system apps enabled.
    Based on your settings, Sophos Mobile creates a configuration code you must enter in the Google zero-touch enrollment portal.
  4. Under Enrollment settings, configure the enrollment of zero-touch devices with Sophos Mobile:
    • Device group: The device group devices are assigned to.
    • Task bundle: The task bundle transferred to the device.
  5. Select Save to save the enrollment settings.

To complete the zero-touch enrollment setup, create a configuration for Sophos Mobile in the Google zero-touch enrollment portal.