Manage Sophos Mobile Security on devices managed by third-party software

You can manage the Sophos Mobile Security app on devices enrolled with third-party Enterprise Mobility Management (EMM) software. This requires configuration tasks both in the third-party EMM software and in Sophos Mobile.

In the third-party EMM software, you must create a custom app configuration for Sophos Mobile Security. When the third-party EMM software installs the app, it automatically enrolls with Sophos Mobile.

Note For Android, the device must be enrolled in Android enterprise mode.

Perform these steps in Sophos Mobile Admin:

  1. On the menu sidebar, under SETTINGS, click Setup > System setup, and then click the Third-party EMM tab.
  2. Click Generate connection code.

    The code contains the information required by the Sophos Mobile Security app to enroll with Sophos Mobile.

  3. Configure the following settings:
    OptionDescription

    Owner

    Select the ownership type (Corporate or Personal) of the device.

    Device group

    Select the Sophos Mobile device group the device will be assigned to.

    Mobile Security policy (Android)

    Optional: Select the Sophos Mobile policy that will be assigned to the app on Android devices.

    Mobile Security policy (iOS)

    Optional: Select the Sophos Mobile policy that will assigned to the app on iPhones and iPads.

  4. Click Save.
  5. Click Copy next to Connection code to copy the value to the clipboard.
    You need the connection code to configure the third-party EMM software.

Perform the remaining steps in the third-party EMM software:

  1. Create an app configuration for Sophos Mobile Security.
  2. Add the following custom settings to the app configuration:
    Parameter nameParameter value
    smcData The connection code you copied from Sophos Mobile.
    deviceId The unique device identifier used by the third-party EMM software. The value is used to link the device created in Sophos Mobile with the device in the third-party EMM software.
    deviceName Optional: The device name used by the third-party EMM software.
    email Optional: The user’s email address you want to assign to the device in Sophos Mobile.

    For details on how to configure custom app settings, see the documentation of the third-party EMM software.

    Tip If supported by your third-party EMM software, we recommend you use placeholders to specify the device and user properties.
  3. Install the Sophos Mobile Security app through the third-party EMM software.
On the first start after installation, the Sophos Mobile Security app enrolls with Sophos Mobile. You can manage the app from the Devices page in Sophos Mobile Admin.
If required, you can revoke a connection code to block future app enrollments. Sophos Mobile Security apps already enrolled with the Sophos Mobile server are not affected.