Skip to content

Set up Android Enterprise - Overview

To set up Android Enterprise for your organization, you can choose between two different scenarios.

Note

You can’t change the user management mode after you’ve set up Android Enterprise. For example, you can’t switch from internal user management to an external LDAP directory.

Tip

After you’ve set up Android Enterprise, you can check the active scenario under Setup > Google setup > Android Enterprise > Android Enterprise mode.

Managed Google Play Account scenario

This is the easiest method to set up Android Enterprise for your organization.

  • Sophos Mobile guides you through the process of setting up a managed Google Play account for your organization.
  • Sophos Mobile manages the whole user account lifecycle.
  • A user can only have ten devices enrolled at the same time. This is an Android limitation.
  • You can create several Google Play accounts for your organization, for example, if you have more than one Sophos Mobile customer or want to manage some devices with a different Enterprise Mobility Management (EMM) provider than Sophos Mobile.

Managed Google Domain scenario

Use this method if you already have a Managed Google Domain or if you want to manage the accounts of your Android Enterprise users outside Sophos Mobile.

  • You register a Managed Google Domain with Google and prove domain ownership.
  • You bind Sophos Mobile as an EMM provider to your Managed Google Domain.
  • Sophos Mobile creates user accounts as needed. Other than that, Sophos Mobile does not manage the account lifecycle.
  • Users enroll their devices in Sophos Central Self Service Portal. You can't enroll them in Sophos Mobile Admin.

Restriction

If your organization has multiple domains added to their Google Workspace account, you can bind only one to Sophos Mobile. Users with an email address at one of the other domains can’t enroll devices with Sophos Mobile.