Skip to content

Use Sophos Intercept X for Mobile with third-party EMM software

You can manage Sophos Intercept X for Mobile on devices enrolled with a third-party EMM.

In Sophos Mobile, you generate a connection code that contains the enrollment details.

In the third-party Enterprise Mobility Management product (EMM), you enter this connection code and other options in the managed configuration of Sophos Intercept X for Mobile. When the EMM installs the app, it automatically enrolls with Sophos Mobile.

Requirement

For Android, the device must be enrolled in Android Enterprise mode.

  1. On the menu sidebar, under SETTINGS, select Setup > Sophos setup and then the Third-party EMM tab.
  2. Select Generate connection code.

    The code contains the information required by Sophos Intercept X for Mobile to enroll with Sophos Mobile.

  3. Configure the following settings:

    • Owner: Choose whether the devices are owned by your organization (Corporate) or not (Personal).
    • Device group: The Sophos Mobile device group devices are assigned to.
    • Mobile Threat Defense policy (Android) (Optional): The Sophos Mobile policy for Sophos Intercept X for Mobile on Android devices.
    • Mobile Threat Defense policy (iOS) (Optional): The Sophos Mobile policy for Sophos Intercept X for Mobile on iPhones and iPads.
  4. Click Save.

  5. Select Copy next to Connection code to copy the value to the clipboard.

    You need the connection code to configure the EMM.

  6. Add Sophos Intercept X for Mobile to the EMM.

  7. In the EMM, edit the app’s managed configuration.

    • For the Android app, settings are given and you enter the values.
    • For the iOS app, you must enter each setting’s name, type (String or Boolean), and value.

    For details on how to edit the managed configuration, see the documentation of the third-party EMM product.

    Tip

    If supported by the EMM, we recommend you use placeholders to specify the device and user properties.

  8. Optional: Create a configuration profile for web filtering and deploy it to your iPhones and iPads.

    On iPhones and iPads, Sophos Intercept X for Mobile uses a configuration profile to provide web filtering. If you don’t deploy the profile through the EMM, users must install it when Sophos Intercept X for Mobile enrolls with Sophos Mobile.

    For details, see Automate installing the iOS configuration profile.

  9. Install Sophos Intercept X for Mobile through the EMM.

The first time a device starts after installation, Sophos Intercept X for Mobile enrolls with Sophos Mobile. You can manage the app from the Devices page in Sophos Mobile Admin.

If required, you can revoke the connection code to block future app enrollments.

Settings for the Sophos Intercept X for Mobile Android app

Setting Description
Email Optional: The email address of the user you want to assign to the device in Sophos Mobile.

If a user with that email address doesn’t exist, Sophos Mobile creates them.

Connection code The connection code you copied from Sophos Mobile.
Device ID The unique device identifier used by the EMM.
Device name Optional: The device name.

Sophos Mobile uses this name when it adds the device.

EULA disabled Optional: The End User License Agreement (EULA) is not displayed when the app starts.
Connect to Intune Optional: The app automatically starts the Intune connection assistant.

Settings for the Sophos Intercept X for Mobile iOS app

Setting Type Description
email string Optional: The email address of the user you want to assign to the device in Sophos Mobile.

If a user with that email address doesn’t exist, Sophos Mobile creates them.

smcData string The connection code you copied from Sophos Mobile.
deviceId string The unique device identifier used by the EMM.
deviceName string Optional: The device name.

Sophos Mobile uses this name when it adds the device.

macAddress string Optional: The device’s MAC address. The value is used to identify the device when it connects to a Sophos Wi-Fi access point.

Required for Synchronized Security.

eulaDisabled boolean Optional: The End User License Agreement (EULA) is not displayed when the app starts.

Possible values are true and false. The default is false.

startIntuneConnection boolean Optional: The app automatically starts the Intune connection assistant.

Possible values are true and false. The default is false.