Set up key ring synchronization

When you set up key ring synchronization, SafeGuard Enterprise users can use their key ring in the Sophos Secure Workspace app.

To set up a connection between Sophos Mobile Control and Sophos SafeGuard Enterprise:
Note: You are currently making user key rings available to mobile devices. If these mobiles comply with Sophos Mobile Control (SMC) rules, they can access encrypted files. You should work with the SMC administrator to set compliance rules that will prevent any unauthorized access.
  1. In the Sophos Mobile Control console, download the certificate file of the Sophos Mobile Control server.
    In the Sophos Mobile Control console, on the menu sidebar, under SETTINGS, click Setup > System setup, and then click the SGN tab.
  2. In the SafeGuard Management Center, on the Tools menu, click Configuration Package Tool.
  3. Select Servers.
  4. Click Add.
    The Server Registration dialog appears.
  5. Click the Browse button and browse for the Sophos Mobile Control server certificate you downloaded.
    Important: Do not change the name in the Server name: field.
  6. Click OK.
    The Sophos Mobile Control server is displayed on the Server tab of the Configuration Package Tool.
  7. Optionally, select the Recovery via mobile check box.
    This option will send the BitLocker and FileVault 2 recovery keys to the Sophos Mobile Control Server. Users of Sophos Secure Workspace managed by Sophos Mobile Control can then display these keys on their mobile for recovery purposes, see Synchronize full disk encryption keys with mobile devices.
    Note: Sophos Secure Workspace supports recovery via mobile from version 6.2.

    Only compliant mobile devices will be able to receive recovery key information, so for maximum security, make sure you review these compliancy settings with your SMC administrator.

  8. Select Managed client packages.
  9. Click Add Configuration Package.
  10. Enter a name of your choice for the configuration package.
  11. In the Primary Server column, select the Sophos Mobile Control server from the drop-down list. A Secondary Server is not necessary.
  12. In the Transport Encryption column, select SSL.
  13. Specify an output path for the configuration package (MSI).
  14. Click Create Configuration Package.
    If you have selected SSL encryption as the Transport Encryption mode, the server connection is validated. If the connection fails, a warning message is displayed.
The configuration package (MSI) has now been created in the specified directory. You now need to upload the configuration package to Sophos Mobile Control.