General configuration (Android Sophos container policy)

With the General configuration you define settings that apply to all Sophos container apps, if applicable.



Enable Sophos container password

Users must enter an additional password to be able to start a Sophos container app. The password has to be defined when the first container app is started after the configuration has been applied. This password applies to all container apps.

Password complexity

The required minimum complexity of the Sophos container password. More secure passwords are always allowed. Passwords (a mix of numeric and alphanumeric characters) are always seen as more secure than PINs (numeric characters only).

  • Any: Sophos container passwords do not have restrictions.
  • 4 digit PIN
  • 6 digit PIN
  • 4 char password
  • 6 char password
  • 8 char password
  • 10 char password

Always hide characters in password entry fields

Characters in password entry fields are not briefly displayed before they are masked.

Password age in days

The number of days that a password can be used before users are prompted to change it.

Failed logins until lock

The number of failed login attempts that are tolerated before the container apps are locked. Once they are locked an administrator needs to unlock the apps or, if allowed, users can use the Self Service Portal to do so.

Allow fingerprint

Users can use their fingerprint to unlock the app.

Grace period in minutes

The period of time within which no Sophos container password must be entered when a container app comes to the foreground again.

The grace period applies to all container apps. You can switch between the apps during the grace period without entering a password.

Lock on device lock

When the device is locked, the Sophos container is locked as well.

If the check box is cleared, the container is locked only after the grace period has expired.

Last server connect

The period of time within users can use a Sophos container app without a connection to the Sophos Mobile server.

When a Sophos container app becomes active and does not have contact with the server within the defined period of time, a lock screen will be displayed. Users can only unlock the app by tapping Retry on the lock screen. The app will then try to connect to the server. If the connection can be established, the app will be unlocked. If not, access will be denied.

  • On access: Server connection is always required and the app is locked when the server cannot be reached.
  • 1 hour: Server connection is required when the app becomes active one hour or more after the last successful server connection.
  • 3 hours
  • 6 hours
  • 12 hours
  • 1 day
  • 3 days
  • 1 week
  • none: No regular contact is required.

Offline starts without server connection

In this field you define how often users can start one of the Sophos container apps without a server connection.
Note This setting requires the Sophos container password feature to be turned on.

A counter is incremented whenever users enter the Sophos container password. If the counter exceeds the defined number, the same lock screen as for the Last server connect setting will be displayed. The counter will be reset if a connection to the Sophos Mobile server is established.

  • Unlimited: No server connection is required.
  • 0: Starting the app without a server connection is not possible.
  • 1: After one start of the app, a successful server connection is necessary.
  • 3
  • 5
  • 10
  • 20

Root access allowed

Container apps are allowed to run on rooted devices.

App usage constraints

Here you can define constraints on using the Sophos container apps. Click Add to enter constraints.


Lets you add latitude and longitude and a radius within which the Sophos container apps can be used.


Lets you specify a start and end time within which the Sophos container apps can be used. Days of the week on which the apps can be used can be specified as well.

Wi-Fi fencing

If you select Wi-Fi connection required, the Sophos container is locked when there is no active Wi-Fi connection.

If you add Wi-Fi networks to the list, the Sophos container is locked when the device is connected to a Wi-Fi network not listed.

Important We recommend that you do not rely on Wi-Fi fencing as the only security mechanism because Wi-Fi names can be spoofed very easily.