Reports
You can create reports of the items managed by Sophos Mobile.
Configure personal settings
You can adjust the appearance of Sophos Mobile Admin to your personal preferences. For example, you can set the language, the time zone, or the visible device platforms.
Configure privacy settings
You can prevent administrators from viewing privacy-related device information.
Register Samsung Knox license
If you have a Samsung Knox Premium license, you can manage the Knox container on your Samsung devices with Sophos Mobile.
Simple Certificate Enrollment Protocol (SCEP)
You can distribute certificates to Android, iOS, and Windows Mobile devices using the Simple Certificate Enrollment Protocol
(SCEP).
With the Self Service Portal you can reduce IT efforts by allowing users to enroll devices on their own and carry out
other tasks without having to contact the helpdesk.
Create Self Service Portal configurations
With a Self Service Portal configuration, you configure the types of devices that users can enroll, the enrollment details,
and the device actions they can perform in the Self Service Portal.
Create enrollment texts
A Self Service Portal configuration can include a terms of use text and a post-enrollment text that are displayed before
and after the enrollment, respectively. You create these texts separate from the Self Service Portal configuration and
then assign them as required.
Available Self Service Portal actions
Self Service Portal actions let users manage their devices. You set the available actions in the Self Service Portal configuration.
Available compliance rules
This section lists the compliance rules that you can select for the individual platforms.
QR code enrollment
You can enroll Android Enterprise fully managed devices by scanning a QR code during the device setup. Use this for example
to prepare devices before deploying them to your users.
Zero-touch enrollment
With Android zero-touch enrollment, you can enroll corporate-owned Android devices in bulk.
Duo Security integration
You can connect Sophos Mobile with the Duo Security authentication software. This allows Duo Security to identify trusted devices by their Sophos Mobile
management status.
TeamViewer remote control
TeamViewer is a third-party remote control tool. TeamViewer integration allows you to launch a remote control session
with a managed Android or iOS device from within Sophos Mobile without having to use a session ID or password.
Sophos Chrome Security
Sophos Chrome Security is a security extension for Chrome devices.
On the People page, you manage your Sophos Mobile user accounts.
Configure external directory connection
To manage user accounts for Sophos Mobile Admin and the Self Service Portal in an external LDAP user directory, you must configure the connection to your LDAP server.
Configure LDAP connection
If you’ve set up federated authentication you can configure an LDAP connection between Sophos Mobile and Azure Active Directory (Azure AD). You must do this if you want to use Apple DEP, Google zero-touch, or Samsung
KME.
Import users
You can add users by importing them from a CSV file.
Create user groups
With user groups you control Self Service Portal access and available enrollment options.
A policy contains settings you can apply to a device or device group.
Get started with device policies
The Policies startup wizard helps you create basic device policies for all platforms. You can enhance the policies later.
Create policy
You create policies to configure settings for devices. Create several policies if you want to manage different types of
devices.
Import iOS policy from Apple Configurator
For iOS, you can import a policy created in Apple Configurator or a policy exported from another instance of Sophos Mobile.
Import iOS provisioning profile
You can import a provisioning profile for self-developed iOS apps to install it on your devices.
Configure Chrome tamper protection
With tamper protection you ensure the integrity of the Chrome Security policy.
Knox Service Plugin
The Knox Service Plugin (KSP) is an app for Android Enterprise devices that lets you assign Knox policies to Samsung Knox
Platform for Enterprise (KPE) enabled devices.
Placeholders in policies
In policy settings, you can use placeholders which are replaced by a user, device, or customer property when the policy
is assigned.
Assign a policy
You assign a policy to devices to apply the settings it includes.
Apply policy changes to devices
When you change the settings of certain policies, you must update them on the devices for the changes to take effect.
Uninstall policy from devices
You uninstall a policy from a device to remove the settings applied by the policy.
Download policies
You can download policies. This is useful, for example if you need to pass the settings on to Sophos Support.
Configurations for Android Enterprise device policies
With an Android Enterprise device policy you configure settings for Android Enterprise fully managed devices.
Configurations for Android Enterprise work profile policies
With an Android Enterprise work profile policy you configure settings for Android Enterprise work profile devices.
Configurations for Sophos container policies for Android
With a Sophos container policy you configure settings for Sophos Secure Email and Sophos Secure Workspace on devices where Sophos Mobile manages the Sophos container.
Configurations for Mobile Threat Defense policies for Android
With a Mobile Threat Defense policy you configure Sophos Intercept X for Mobile when it’s enrolled with Sophos Mobile.
Configurations for Android device policies
With an Android device policy you configure settings for Android devices enrolled with Sophos Mobile in “Device administrator” management mode.
Configurations for Knox container policies
With a Knox container policy you configure settings for the Knox container on Samsung devices.
Configurations for iOS device policies
With an iOS device policy you configure settings for iPhones and iPads.
Configurations for Sophos container policies for iOS
With a Sophos container policy you configure settings for Sophos Secure Email and Sophos Secure Workspace on devices where Sophos Mobile manages the Sophos container.
Configurations for Mobile Threat Defense policies for iOS
With a Mobile Threat Defense policy you configure Sophos Intercept X for Mobile when it’s enrolled with Sophos Mobile.
Configurations for macOS device policies
With a macOS device policy you configure settings for Macs that apply to all users.
Configurations for macOS user policies
With a macOS user policy you configure settings for Macs that apply to users managed by Sophos Mobile.
Configurations for Windows Mobile policies
With a Windows Mobile policy you configure settings for Windows Mobile devices.
Configurations for Windows policies
With a Windows policy you configure settings for Windows computers.
Configurations for Chrome Security policies
With a Chrome Security policy you configure settings for the Sophos Chrome Security extension when it’s enrolled with Sophos Mobile.
With a task bundle you can bundle several tasks in one transaction.
Create task bundle
You create separate task bundles for Android, iOS, and other device platforms you want to manage.
Duplicate task bundles
You can duplicate a task bundle to use it as a starting point for other task bundles.
Transfer task bundles
You can transfer task bundles to individual devices or to device groups.
Add app
You make an app available for installation either by uploading the app package or by linking to the app in the relevant
app store.
Install app
After you’ve added an app to Sophos Mobile, you can install it on selected devices or device groups.
Uninstall app
You can uninstall an app from selected devices or device groups.
Managed apps for iOS
iOS apps can be installed as managed or as unmanaged apps.
Add managed app configuration (iOS)
Managed app configuration is a feature of iOS apps that lets you configure an app remotely without physical access to
the device on which the app is installed.
In Sophos Mobile you create app groups to define list of apps for policies.
Import app group
You can create an app group by importing a list of apps from a CSV file.
Android Enterprise simplifies the management of Android devices in a corporate environment.
Set up Android Enterprise (Managed Google Domain scenario)
If you already have a Managed Google Domain or if you want to manage the accounts of your Android Enterprise users
outside Sophos Mobile, set up Android Enterprise with the Managed Google Domain scenario.
Android Factory Reset Protection
Factory Reset Protection (FRP) is an Android security feature that prevents unauthorized access after a factory reset.
Managed Google Play apps
Managed Google Play is the app store for Android Enterprise devices.
Sophos Intercept X for Mobile is a Mobile Threat Defense (MTD) solution for your Android and iOS devices.
Mobile Threat Defense compliance rules
You can configure compliance rules for devices on which Sophos Intercept X for Mobile is managed by Sophos Mobile.
Use Sophos Intercept X for Mobile with third-party EMM software
You can manage Sophos Intercept X for Mobile on devices enrolled with a third-party Enterprise Mobility Management (EMM) program.
Intune app protection policy settings (Android)
With an Intune app protection policy you define restrictions for Intune-managed apps. This section describes the available settings for Android apps.
Intune app protection policy settings (iOS)
With an Intune app protection policy you define restrictions for Intune-managed apps. This section describes the available settings for iOS apps.