Jump to main content
Key steps for managing devices with Sophos Mobile
Reports
You can create reports of the items managed by Sophos Mobile.
Configure personal settings
You can adjust the appearance of Sophos Mobile Admin to your personal preferences. For example, you can set the language, the time zone, or the visible device platforms.
Configure SMC app settings
Configure Email
Configure IT contact
Configure privacy settings
You can prevent administrators from viewing privacy-related device information.
iPhone and iPad settings
On the iOS & iPadOS tab of the Apple setup page, you configure settings for iPhones and iPads.
Apple Push Notification service certificates
Configure AirPlay destinations
With Sophos Mobile you can remotely trigger AirPlay mirroring between an iPhone or iPad and predefined AirPlay destinations (for example AppleTV).
Android settings
Register Samsung Knox license
If you have a Samsung Knox Premium license, you can manage the Knox container on your Samsung devices with Sophos Mobile.
Configure polling interval for Windows devices
Simple Certificate Enrollment Protocol (SCEP)
You can distribute certificates to Android, iOS, and Windows Mobile devices using the Simple Certificate Enrollment Protocol (SCEP).
Create customer properties
With the Self Service Portal you can reduce IT efforts by allowing users to enroll devices on their own and carry out other tasks without having to contact the helpdesk.
Create Self Service Portal configurations
With a Self Service Portal configuration, you configure the types of devices that users can enroll, the enrollment details, and the device actions they can perform in the Self Service Portal.
Create enrollment texts
A Self Service Portal configuration can include a terms of use text and a post-enrollment text that are displayed before and after the enrollment, respectively. You create these texts separate from the Self Service Portal configuration and then assign them as required.
Available Self Service Portal actions
Self Service Portal actions let users manage their devices. You set the available actions in the Self Service Portal configuration.
Create compliance policy
Available compliance rules
This section lists the compliance rules that you can select for the individual platforms.
Assign a compliance policy to device groups
Check devices for compliance
Add devices
Enroll devices
Unenroll devices
Manage devices
Synchronized Security
With Sophos Synchronized Security, products share critical information via a unique Security Heartbeat. Sophos Wireless can use the Sophos Mobile compliance status of your Android and iOS devices to restrict network access.
Custom device properties
QR code enrollment
You can enroll Android Enterprise fully managed devices by scanning a QR code during the device setup. Use this for example to prepare devices before deploying them to your users.
Zero-touch enrollment
With Android zero-touch enrollment, you can enroll corporate-owned Android devices in bulk.
Knox Mobile Enrollment
Apple DEP
With the Apple Device Enrollment Program (DEP), you can purchase iPhones, iPads, and Macs in volume for distribution within your company.
Duo Security integration
You can connect Sophos Mobile with the Duo Security authentication software. This allows Duo Security to identify trusted devices by their Sophos Mobile management status.
TeamViewer remote control
TeamViewer is a third-party remote control tool. TeamViewer integration allows you to launch a remote control session with an Android device, iPhone, or iPad from within Sophos Mobile without having to use a session ID or password.
Sophos Chrome Security
Sophos Chrome Security is a security extension for Chrome devices.
On the People page, you manage your Sophos Mobile user accounts.
Configure device assignment
You can configure what happens to a device when the assigned user is deleted.
Configure LDAP connection
If your Sophos Central user accounts are coming from Active Directory (AD), you can configure an LDAP connection between Sophos Mobile and AD. This allows users to use their AD credentials for Apple DEP, Google zero-touch, and Samsung KME.
A policy contains settings you can apply to a device or device group.
Get started with device policies
The Policies startup wizard helps you create basic device policies for all platforms. You can enhance the policies later.
Create policy
You create policies to configure settings for devices. Create several policies if you want to manage different types of devices.
Import policy from Apple Configurator
You can import a policy created in Apple Configurator or a policy exported from another instance of Sophos Mobile.
Import provisioning profile (iOS, iPadOS)
You can import a provisioning profile for self-developed apps to install it on your iPhones and iPads.
About macOS policies
Configure Chrome tamper protection
With tamper protection you ensure the integrity of the Chrome Security policy.
Windows password complexity rules
Knox Service Plugin
The Knox Service Plugin (KSP) is an app for Android Enterprise devices that lets you assign Knox policies to Samsung Knox Platform for Enterprise (KPE) enabled devices.
Placeholders in policies
In policy settings, you can use placeholders which are replaced by a user, device, or customer property when the policy is assigned.
Assign a policy
You assign a policy to devices to apply the settings it includes.
Apply policy changes to devices
When you change the settings of certain policies, you must update them on the devices for the changes to take effect.
Uninstall policy from devices
You uninstall a policy from a device to remove the settings applied by the policy.
Download policies
You can download policies. This is useful, for example if you need to pass the settings on to Sophos Support.
Configurations for Android Enterprise device policies
With an Android Enterprise device policy you configure settings for Android Enterprise fully managed devices.
Configurations for Android Enterprise work profile policies
With an Android Enterprise work profile policy you configure settings for Android Enterprise work profile devices.
Configurations for Sophos container policies for Android
With a Sophos container policy you configure settings for Sophos Secure Email and Sophos Secure Workspace on devices where Sophos Mobile manages the Sophos container.
Configurations for Mobile Threat Defense policies for Android
With a Mobile Threat Defense policy you configure Sophos Intercept X for Mobile when it’s enrolled with Sophos Mobile.
Configurations for Android device policies
With an Android device policy you configure settings for Android devices enrolled with Sophos Mobile in device administrator management mode.
Configurations for Knox container policies
With a Knox container policy you configure settings for the Knox container on Samsung devices.
Configurations for iOS device policies
With an iOS device policy you configure settings for iPhones and iPads.
Configurations for Sophos container policies for iOS
With a Sophos container policy you configure settings for Sophos Secure Email and Sophos Secure Workspace on devices where Sophos Mobile manages the Sophos container.
Configurations for Mobile Threat Defense policies for iOS
With a Mobile Threat Defense policy you configure Sophos Intercept X for Mobile when it’s enrolled with Sophos Mobile.
Configurations for macOS device policies
With a macOS device policy you configure settings for Macs that apply to all users.
Configurations for macOS user policies
With a macOS user policy you configure settings for Macs that apply to users managed by Sophos Mobile.
Configurations for Windows Mobile policies
With a Windows Mobile policy you configure settings for Windows Mobile devices.
Configurations for Windows policies
With a Windows policy you configure settings for Windows computers.
Configurations for Chrome Security policies
With a Chrome Security policy you configure settings for the Sophos Chrome Security extension when it’s enrolled with Sophos Mobile.
With a task bundle you can bundle several tasks in one transaction.
Create task bundle
You create separate task bundles for Android, iOS, and other device platforms you want to manage.
Task types (Android)
Task types (iOS, iPadOS)
Task types (macOS)
Task types (Windows)
Task types (Chrome OS)
Duplicate task bundles
You can duplicate a task bundle to use it as a starting point for other task bundles.
Transfer task bundles
You can transfer task bundles to individual devices or to device groups.
Add app
You make an app available for installation either by uploading the app package or by linking to the app in the relevant app store.
Install app
After you’ve added an app to Sophos Mobile, you can install it on selected devices or device groups.
Uninstall app
You can uninstall an app from selected devices or device groups.
App settings (Android)
App settings (iOS, iPadOS)
App settings (macOS)
App settings (Windows Mobile)
App settings (Windows)
Determine settings for Windows MSI links
Managed apps for iPhones and iPads
iPhone and iPad apps can be installed as managed or as unmanaged apps.
Manage Apple VPP apps
Assign a VPN connection to an iPhone or iPad app
Add managed app configuration
Managed app configuration is a feature of iPhone and iPad apps that lets you configure an app remotely without physical access to the device on which the app is installed.
Windows apps
In Sophos Mobile you create app groups to define list of apps for policies.
Create app group
Import app group
You can create an app group by importing a list of apps from a CSV file.
Android Enterprise simplifies the management of Android devices in a corporate environment.
Set up Android Enterprise - Overview
Set up Android Enterprise (Managed Google Play Account scenario)
Set up Android Enterprise (Managed Google Domain scenario)
If you already have a Managed Google Domain or if you want to manage the accounts of your Android Enterprise users outside Sophos Mobile, set up Android Enterprise with the Managed Google Domain scenario.
Configure Android Enterprise device enrollment
Manage users for Android Enterprise (Managed Google Domain scenario)
Lock work profile
Remove work profile from device
User-initiated work profile removal
Android Factory Reset Protection
Factory Reset Protection (FRP) is an Android security feature that prevents unauthorized access after a factory reset.
Managed Google Play apps
Managed Google Play is the app store for Android Enterprise devices.
Sophos Intercept X for Mobile is a Mobile Threat Defense (MTD) solution for your Android device, iPhone, or iPad.
Mobile Threat Defense compliance rules
You can configure compliance rules for devices on which Sophos Intercept X for Mobile is managed by Sophos Mobile.
Use Sophos Intercept X for Mobile with third-party EMM software
You can manage Sophos Intercept X for Mobile on devices enrolled with a third-party Enterprise Mobility Management (EMM) program.
Set up Microsoft Intune integration
Create Intune app protection policy
Assign apps to an Intune app protection policy
Assign users to an Intune app protection policy
Intune app protection policy settings (Android)
With an Intune app protection policy you define restrictions for Intune-managed apps. This section describes the available settings for Android apps.
Intune app protection policy settings (iOS, iPadOS)
With an Intune app protection policy you define restrictions for Intune-managed apps. This section describes the available settings for iPhone and iPad apps.
You can configure Sophos Mobile as a Mobile Threat Defense vendor for Microsoft Intune.
Set up Mobile Threat Defense in Sophos Mobile
In the first step to set up Mobile Threat Defense, you bind Sophos Mobile to your Intune account and configure enrollment settings.
Set up Mobile Threat Defense in Microsoft Azure
In the second step to set up Mobile Threat Defense, you configure the Sophos Mobile Threat Defense connector, add the Intercept X app, and create a device compliance policy.
Add Android device to Mobile Threat Defense
To add a device to Mobile Threat Defense, you install the Intercept X app and enroll it with Sophos.
Add iPhone or iPad to Mobile Threat Defense
To add a device to Mobile Threat Defense, you install the Intercept X app and enroll it with Sophos.
Mobile Threat Defense device status
The Mobile Threat Defense status of a device reported by Sophos Mobile to Intune is determined by the Sophos Intercept X for Mobile status.
Send message to devices
Download the EAS proxy installer
Install the standalone EAS proxy
Request an SSL/TLS certificate
Your Sophos product delivery includes the SSL Certificate Wizard to request your SSL/TLS certificate for the Sophos Mobile EAS proxy.
Set up email access control through PowerShell
When you set up the standalone EAS proxy in PowerShell mode, it connects to your Exchange mail server through PowerShell and sets email access based on the device’s compliance status.
Block email access for unmanaged devices
You can prevent devices that are not enrolled with Sophos Mobile from accessing email.
Configure a connection to the standalone EAS proxy server
Determine the Sophos Mobile server URL
You need the Sophos Mobile server URL to configure the standalone EAS proxy. The value is displayed in the Sophos Mobile system settings.
Configure Sophos container enrollment
Mobile Advanced license
Manage Sophos container apps
Reset Sophos container password
Lock and unlock the Sophos container
Set up multi-factor authentication for Sophos Secure Email
When you set up multi-factor authentication (MFA) for Sophos Secure Email, users access their Exchange accounts via your organization’s Office 365 sign-in page.
Download migration token
When you migrate your devices from an on-premise Sophos Mobile server or Sophos Mobile as a Service to Sophos Central, you need a migration token. A migration token connects your Sophos Mobile account with your Sophos Central account.
Glossary
Support
Legal notices

About Sophos Mobile administrator help (Sophos Central)

This help describes how to use the Sophos Mobile product in Sophos Central. It covers the features available for the Mobile Standard and Mobile Advanced license types.

For other versions of this help, see the Sophos Mobile documentation web page.

6201b88cf499b1a5eaf6cea5987be378066d0ecf