Enroll devices

After you have added new devices in Sophos Mobile Admin, they must be enrolled with Sophos Mobile.

Enrollment types

Sophos Mobile supports two enrollment types:

Device enrollment
This enrollment type provides full Mobile Device Management (MDM) capabilities. Sophos Mobile is able to manage the whole device.
Sophos container enrollment
Sophos Mobile only manages the Sophos container on the device, but not the device itself.

The Sophos container is available for Android and iOS.

Sophos container enrollment is useful in the following situations:

  • You want to manage Bring Your Own Device (BYOD) scenarios. With Sophos container enrollment, your organization can only see very limited device information, and no personal apps or data.
  • Your devices are managed by a non-Sophos MDM software, but you also want to use features provided by the Sophos container, for example corporate keyring synchronization with Sophos SafeGuard Enterprise.
  • Your devices are managed by a non-Sophos MDM software, but you want to configure additional email accounts. For example when you are a consultant company and your employees need to access your customers' Exchange servers.

Enrollment methods

The following options are available to enroll devices:

  • You can enroll individual, unmanaged devices using the Devices function. For further information, see Enroll individual devices.
  • You can use the Add device wizard to add a device to Sophos Mobile, assign it to a user, enroll it, and transfer an enrollment task bundle. See Use the Add device wizard.
    Note If required, you can use the Add device wizard or the auto-enrollment method to enroll iOS devices without Apple ID. This can be useful, for example to preconfigure the device before handing it over to a user. See Enroll iOS devices without Apple ID.

Recommendations

To enroll and configure multiple devices efficiently, the following methods are recommended:

  • You can bundle the tasks necessary to enroll devices, apply required policies and install required apps (for example, managed apps for iOS devices). See Task bundles.
  • You can enable users to enroll devices in the Self Service Portal. To do so, include a task bundle for enrollment when configuring the settings for Self Service Portal use. For further information on how to select the task bundle in the Self Service Portal settings, see Create Self Service Portal configurations.