Use Sophos Intercept X for Mobile with third-party EMM software

You can manage Sophos Intercept X for Mobile on devices enrolled with a third-party EMM.

In Sophos Mobile, you generate a connection code that contains the enrollment details.

In the third-party Enterprise Mobility Management product (EMM), you enter this connection code and other options in the managed configuration of Sophos Intercept X for Mobile. When the EMM installs the app, it automatically enrolls with Sophos Mobile.

Note For Android, the device must be enrolled in Android Enterprise mode.
  1. On the menu sidebar, under SETTINGS, select Setup > Sophos setup and then the Third-party EMM tab.
  2. Select Generate connection code.

    The code contains the information required by Sophos Intercept X for Mobile to enroll with Sophos Mobile.

  3. Configure the following settings:
    SettingDescription

    Owner

    Choose whether the devices are owned by your organization (Corporate) or not (Personal).

    Device group

    The Sophos Mobile device group devices are assigned to.

    Mobile Threat Defense policy (Android)

    Optional: The Sophos Mobile policy for Sophos Intercept X for Mobile on Android devices.

    Mobile Threat Defense policy (iOS)

    Optional: The Sophos Mobile policy for Sophos Intercept X for Mobile on iPhones and iPads.

  4. Click Save.
  5. Select Copy next to Connection code to copy the value to the clipboard.

    You need the connection code to configure the EMM.

  6. Add Sophos Intercept X for Mobile to the EMM.
  7. In the EMM, edit the app’s managed configuration.

    For the Android app, settings are given and you enter the values.

    For the iOS app, you must enter each setting’s name, type (String or Boolean), and value.

    Table 1. Settings for the Sophos Intercept X for Mobile Android app

    Setting

    Description

    Email

    Optional: The email address of the user you want to assign to the device in Sophos Mobile.

    If a user with that email address doesn’t exist, Sophos Mobile creates them.

    Connection code

    The connection code you copied from Sophos Mobile.

    Device ID

    The unique device identifier used by the EMM.

    Device name

    Optional: The device name.

    Sophos Mobile uses this name when it adds the device.

    EULA disabled

    Optional: The End User License Agreement (EULA) is not displayed when the app starts.

    Connect to Intune

    Optional: The app automatically starts the Intune connection wizard.

    Table 2. Settings for the Sophos Intercept X for Mobile iOS app

    Setting

    Description

    email

    (String)

    Optional: The email address of the user you want to assign to the device in Sophos Mobile.

    If a user with that email address doesn’t exist, Sophos Mobile creates them.

    smcData

    (String)

    The connection code you copied from Sophos Mobile.

    deviceId

    (String)

    The unique device identifier used by the EMM.

    deviceName

    (String)

    Optional: The device name.

    Sophos Mobile uses this name when it adds the device.

    macAddress

    (String)

    Optional: The device’s MAC address. The value is used to identify the device when it connects to a Sophos Wi-Fi access point.

    Required for Synchronized Security.

    eulaDisabled

    (Boolean)

    Optional: The End User License Agreement (EULA) is not displayed when the app starts.

    startIntuneConnection

    (Boolean)

    Optional: The app automatically starts the Intune connection wizard.

    For details on how to edit the managed configuration, see the documentation of the third-party EMM product.

    Tip If supported by the EMM, we recommend you use placeholders to specify the device and user properties.
  8. Optional Create a configuration profile for web filtering and deploy it to your iPhones and iPads.

    On iPhones and iPads, Sophos Intercept X for Mobile uses a configuration profile to provide web filtering. If you don’t deploy the profile through the EMM, users must install it when Sophos Intercept X for Mobile enrolls with Sophos Mobile.

    For details, see Automate installing the iOS configuration profile.

  9. Install Sophos Intercept X for Mobile through the EMM.
The first time a device starts after installation, Sophos Intercept X for Mobile enrolls with Sophos Mobile. You can manage the app from the Devices page in Sophos Mobile Admin.
If required, you can revoke the connection code to block future app enrollments.