Use Sophos Intercept X for Mobile with third-party EMM software

You can manage Sophos Intercept X for Mobile on devices enrolled with a third-party Enterprise Mobility Management (EMM) program.

In Sophos Mobile, you generate a connection code that contains the enrollment details.

In the third-party EMM program, you enter this connection code and other options in the managed configuration of Sophos Intercept X for Mobile. When the third-party EMM program installs the app, it automatically enrolls with Sophos Mobile.

Note For Android, the device must be enrolled in Android Enterprise mode.
  1. On the menu sidebar, under SETTINGS, select Setup > Sophos setup and then the Third-party EMM tab.
  2. Select Generate connection code.

    The code contains the information required by Sophos Intercept X for Mobile to enroll with Sophos Mobile.

  3. Configure the following settings:
    SettingDescription

    Owner

    Choose whether the devices are owned by your organization (Corporate) or not (Personal).

    Device group

    The Sophos Mobile device group devices are assigned to.

    Mobile Threat Defense policy (Android)

    Optional: The Sophos Mobile policy for Sophos Intercept X for Mobile on Android devices.

    Mobile Threat Defense policy (iOS)

    Optional: The Sophos Mobile policy for Sophos Intercept X for Mobile on iPhones and iPads.

  4. Select Save.
  5. Select Copy next to Connection code to copy the value to the clipboard.
    You need the connection code to configure the third-party EMM program.
  6. Add Sophos Intercept X for Mobile to the third-party EMM program.
  7. In the third-party EMM program, edit the app’s managed configuration.

    For the Android app, settings are given and you enter the values.

    For the iOS app, you must enter each setting’s name, type (String or Boolean), and value.

    Table 1. Settings for the Sophos Intercept X for Mobile Android app

    Setting

    Description

    Email

    Optional: The user’s email address you want to assign to the device in Sophos Mobile.

    Connection code

    The connection code you copied from Sophos Mobile.

    Device ID

    The unique device identifier used by the third-party EMM application. The value is used to link the device created in Sophos Mobile with the device in the third-party EMM program.

    Device name

    Optional: The device name used by the third-party EMM program.

    EULA disabled

    Optional: The End User License Agreement (EULA) is not displayed when the app starts.

    Connect to Intune

    Optional: The app automatically starts the Intune connection wizard.

    Table 2. Settings for the Sophos Intercept X for Mobile iOS app

    Setting

    Description

    email

    (String)

    Optional: The user’s email address you want to assign to the device in Sophos Mobile.

    smcData

    (String)

    The connection code you copied from Sophos Mobile.

    deviceId

    (String)

    The unique device identifier used by the third-party EMM application. The value is used to link the device created in Sophos Mobile with the device in the third-party EMM program.

    deviceName

    (String)

    Optional: The device name used by the third-party EMM program.

    macAddress

    (String)

    Optional: The device’s MAC address. The value is used to identify the device when it connects to a Sophos Wi-Fi access point.

    Required for Synchronized Security.

    eulaDisabled

    (Boolean)

    Optional: The End User License Agreement (EULA) is not displayed when the app starts.

    startIntuneConnection

    (Boolean)

    Optional: The app automatically starts the Intune connection wizard.

    For details on how to edit the managed configuration, see the documentation of the third-party EMM program.

    Tip If supported by your third-party EMM program, we recommend you use placeholders to specify the device and user properties.
  8. Install Sophos Intercept X for Mobile through the third-party EMM program.
On the first start after installation, Sophos Intercept X for Mobile enrolls with Sophos Mobile. You can manage the app from the Devices page in Sophos Mobile Admin.
If required, you can revoke the connection code to block future app enrollments.