Sophos Mobile. administrator help. product version: 9
|
|
- Agatha Chase
- 5 years ago
- Views:
Transcription
1 administrator help product version: 9
2 Contents About this help... 1 About Admin... 2 Dashboard... 2 Table views...3 User roles... 3 Key steps for managing devices with...5 Reports... 6 Tasks... 7 Monitor tasks... 7 Setup Configure personal settings...10 Configure SMC app settings Configure Configure IT contact...11 Configure privacy settings...11 Configure ios settings Apple Push Notification service certificates Configure ios AirPlay destinations...15 Android settings...16 Set Android management mode Host Sophos apps on your web server Configure the synchronization interval of the Control app...17 Enable Baidu Cloud Push service Register Samsung Knox license Configure polling interval for Windows devices Simple Certificate Enrollment Protocol (SCEP) Create customer properties...19 Configure Self Service Portal...21 Configure Self Service Portal settings Create enrollment texts Available Self Service Portal actions Compliance policies Create compliance policy Available compliance rules...28 Assign a compliance policy to device groups...32 Check devices for compliance Devices Add devices Enroll devices Unenroll devices Manage devices Synchronized Security...54 Custom device properties...56 Zero-touch enrollment Knox Mobile Enrollment Apple DEP TeamViewer remote control Device groups Create device group...74 Delete device groups Users Configure Self Service Portal user management...75 (2019/02/14)
3 Configure LDAP connection...76 Profiles and policies Get started with device policies Create profile or policy...80 Import ios device profiles created with Apple Configurator Import provisioning profiles for ios apps...81 About macos policies...82 Windows password complexity rules Samsung Knox support...83 Placeholders in profiles and policies...83 Install a profile onto devices Assign a policy to devices Uninstall profile Download profiles and policies Configurations for Android device profiles Configurations for Android enterprise work profile policies Configurations for Android enterprise device policies Configurations for Sophos container policies for Android Configurations for Mobile Security policies for Android Configurations for Knox container profiles Configurations for ios device profiles Configurations for Sophos container policies for ios Configurations for Mobile Security policies for ios Configurations for macos device policies Configurations for macos user policies Configurations for Windows Mobile policies Configurations for Windows policies Task bundles Create task bundle Available Android task types Available ios task types Available macos task types Available Windows task types Duplicate task bundles Transfer task bundles to individual devices or to device groups Apps Add app Install app Uninstall app App settings (Android) App settings (ios) App settings (macos) App settings (Windows Mobile) App settings (Windows) Determine settings for Windows MSI links Managed apps for ios Manage Apple VPP apps Assign a VPN connection to an ios app Add a managed app configuration to an ios app App groups Create app group Import app group Corporate documents Add corporate documents Android enterprise Set up Android enterprise - Overview (2019/02/14)
4 Set up Android enterprise (Managed Google Play Account scenario) Set up Android enterprise (Managed Google Domain scenario) Configure Android enterprise device enrollment Manage users for Android enterprise (Managed Google Domain scenario) Create work profile Lock work profile Remove work profile from device User-initiated work profile removal Android Factory Reset Protection Managed Google Play apps Intune app protection Set up Microsoft Intune integration Create Intune app protection policy Assign apps to an Intune app protection policy Assign users to an Intune app protection policy Intune app protection policy settings (Android) Intune app protection policy settings (ios) Intune Mobile Threat Defense Set up Intune Mobile Threat Defense integration Intune Mobile Threat Defense device status Manage Security Security compliance rules Configure third-party EMM integration Send message to devices Standalone EAS proxy Download the EAS proxy installer Install the standalone EAS proxy Request an SSL/TLS certificate Set up access control through PowerShell Configure a connection to the standalone EAS proxy server Determine the server URL Sophos container Configure Sophos container enrollment Mobile Advanced license Manage Sophos container apps Reset Sophos container password Lock and unlock the Sophos container Transferring items to Sophos Central Export items Import items Glossary Technical support Legal notices (2019/02/14)
5 1 About this help This help provides information about the product in Sophos Central and explains procedures step by step. It covers the features available for the Mobile Standard and Mobile Advanced license types. For other versions of this help, see the documentation web page. Copyright 2019 Sophos Limited 1
6 2 About Admin Admin is the central instrument for managing devices with. It is the web interface of the server used for device management. With the web portal you can implement a corporate policy for the use of devices and apply it to the devices that are enrolled with Sophos Mobile. In Admin you can: Configure the system, for example personal settings or platform-specific settings. Configure compliance policies and define actions to be taken if devices no longer comply with the rules specified. See Compliance policies (page 26). Enroll devices with. See Add devices (page 34). Provision new devices. See Enroll devices (page 35). Install apps on enrolled devices. See Apps (page 264). Define security policies for devices. See Profiles and policies (page 78). Create task bundles to bundle several tasks and transfer them to the devices in one transaction. See Task bundles (page 252). Configure settings for the Self Service Portal. See Configure Self Service Portal (page 21). Carry out administrative tasks on devices, for example reset the password of devices, lock or wipe devices if they are lost or stolen, unenroll devices. See Manage devices (page 42). Create and view reports. See Reports (page 6). 2.1 Dashboard The customizable Dashboard is the regular start page of and provides access to the most important information at a quick glance. It consists of several widgets providing information about: Devices, all or per group Compliance status by platform or for all devices Managed status by platform or for all devices The SSP registration status The managed platform versions You can also add devices from the Dashboard. See Use the Add device wizard (page 36). The following options are available to customize the Dashboard: To add a widget to the page, click Add widget. To remove a widget from the page, click the Close button in its header. To reset the page to its default layout, click Restore default layout. To rearrange the widgets on the page, drag a widget header. 2 Copyright 2019 Sophos Limited
7 2.2 Table views In Admin, many pages display information in a tabular form. These tables have common controls that you can interact with. Above the table: Use the Show or hide columns icon to configure which table columns are visible. Enter text in the Search all fields field to only display data rows that contain that text in any column. In the table: Click a column header to sort the table rows by that property. Click again to revert the sort order. Click an entry name to perform the default action on that entry (usually Edit). Click the blue triangle next to an entry name to perform more actions on that entry. Below the table: Use the navigation buttons to display a specific table page. Use the Export icon to export either the whole table or the current page to a Microsoft Excel file or a CSV file. If you have configured a row filter, only the currently visible rows are exported. 2.3 User roles administrators have different roles. The role affects what an administrator can do. The available roles are: Role Administrator Helpdesk Read-only This role can perform all available actions. This role can perform actions for support purposes, including enrolling devices and installing apps. This role does not have access to critical functions, such as defining settings and creating, deleting or editing devices/device groups, packages and policies. This role has read-only access to all settings that are available to the Administrator role. The roles relate to the administration roles you assign in Sophos Central Admin as follows: Sophos Central role Super Admin Admin role Administrator Administrator Copyright 2019 Sophos Limited 3
8 Sophos Central role Help Desk Read-only User role Helpdesk Read-only No access 4 Copyright 2019 Sophos Limited
9 3 Key steps for managing devices with offers a wide range of management functions depending on device types, security policies and specific requirements in your organization. The key steps for managing devices with are: Configure compliance policies for devices. See Compliance policies (page 26). Create device groups. See Create device group (page 74). Device groups are used to categorize devices. We recommend that you put devices into groups. This helps you to manage them efficiently as you can carry out tasks on a group rather than on individual devices. Enroll and provision devices. See Add devices (page 34) and Enroll devices (page 35). Devices can either be enrolled and provisioned by administrators in Admin or by device users in the Sophos Central Self Service portal. Set up policies for devices. See Profiles and policies (page 78). Create task bundles. See Task bundles (page 252). Configure the available features of the Sophos Central Self Service portal. See Configure Self Service Portal (page 21). Apply new or updated policies to enrolled devices. Copyright 2019 Sophos Limited 5
10 4 Reports You can create reports of the items managed by. 1. On the menu sidebar, under INFORM, click Reports, and then click the name of the required report. 2. In the Choose format dialog, click one of the available icons to select the output format: Click to export the report to a Microsoft Excel file. Click to export the report to a CSV file. The report is saved to your computer. 6 Copyright 2019 Sophos Limited
11 5 Tasks The Task view page gives you an overview of all tasks you created and started and displays their current state. You can monitor all your tasks and intervene in case of problems. For example, you can delete a task that cannot be completed but blocks the device. To delete a task, click the Delete icon next to it. You can filter tasks according to their type and state and sort them by device name, package name, creator and scheduled date. 5.1 Monitor tasks In Admin, you can monitor all existing tasks for devices. The Tasks page shows all unfinished and failed tasks as well as the finished tasks of the last few days. The Task view page is refreshed automatically, so you can watch the states of the tasks evolve. The Task details page shows general information about a task from the Tasks page or the Task archive page. The Task archive page shows all tasks View unfinished, failed and latest finished tasks 1. On the menu sidebar, under INFORM, click Tasks. 2. On the Task view page, the State column shows the task status, for example, Completely failed. 3. In the Refresh interval (in sec.) field, you can select how often the Task view page is to be refreshed. 4. To view further details about a task, click the Show magnifier icon next to the required task. The Task details page is displayed. Besides general information on the task (for example, device name, package name and creator) it shows the states a specific task went through, including timestamps and error codes. If there are commands to be executed by the device, an additional Details button is available on the Task details page. 5. If available, click Details to view the commands to be processed by the device. If there was no error, the error code is 0. If a command has failed, the error code is displayed. In most cases there is also a description of what may have caused the command to fail. 6. To return to the Task details page, click Back View task archive 1. On the menu sidebar, under INFORM, click Tasks. 2. On the Task view page, click Task archive. The Task archive page is displayed. It shows all finished and failed tasks in the system. 3. On this page, you can: Click Reload to refresh the Task archive page. Copyright 2019 Sophos Limited 7
12 Delete a task from the archive by clicking the Delete icon next to the relevant task. Select several tasks and click Delete selected to delete them from the archive. To go back to the Task view page, click Tasks on the menu sidebar Task states The following table provides an overview of the task states shown on the Task view and on the Task archive pages. Every state is associated with a color code that indicates the state category. Color code State Accepted Task has been created. Will be retried Task will be retried later. Started Task has been started. In progress Execution of the task is being prepared. Task bundle in progress Execution of the task bundle is being prepared. Notified The Control app was notified. Commands sent Result evaluation started Result incomplete Waiting for user interaction Waiting for task completion Device is locked The Control app has received the package and/or the commands. The Control app has answered and the evaluation of the result has been started. Result evaluation showed that not all commands results have been received by now. There is a pending user action on the device. An installation task was sent to the device, but it may take some time to complete. Task waits for the device to become unlocked (ios). 8 Copyright 2019 Sophos Limited
13 Color code State Successful Package has been installed or the commands have been successfully executed. For the initial provisioning of the Control app the task must finish with the state Installed. Installed Result evaluation failed Task partly failed Delayed Failed (retry queued) Task failed Completely failed Not started Skipped Unknown The Control app has been installed successfully. The device is provisioned now. Result evaluation could not be executed. Not all commands of the task could be executed successfully. Task will be restarted later. Task has failed and will be retried later. Task has failed and no further retries are queued. Task has failed, and it is not possible to retry it. Task is part of a task bundle and was not processed yet. Task is not supported by device. Task bundle execution continues with the next task. The server has no information about the task status. Color code Category Open In progress Success Failure Other Copyright 2019 Sophos Limited 9
14 6 Setup In the Setup menu section you configure the general behavior of, the interaction with devices, and the interaction with external components like Google or Apple portals. 6.1 Configure personal settings You can adjust the appearance of Admin to your personal preferences. For example, you can set the language, the time zone, or the visible device platforms. These settings only affect the administrator account you re currently signed in with. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the Personal tab. 2. Configure the following settings: Option Time zone Unit system Lines per page in tables Expert mode The time zone in which dates are shown. The unit system for lengths (Metric or Imperial). The maximum number of entries displayed per table page. This setting turns on additional features: The Show device page includes the Custom properties tab with your custom device properties. The Show device page includes the Internal properties tab with additional properties the device reports. Several policy configuration pages include the Extra settings section to configure optional settings. Activated platforms The device platforms you want to view. In Admin, only pages and settings relevant for the selected platforms are shown. 3. Click Save. 6.2 Configure SMC app settings On the SMC app tab of the General settings page, you configure settings for the Control app on Android, ios and Windows Mobile devices. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the SMC app tab. 2. Configure the following settings: 10 Copyright 2019 Sophos Limited
15 Option Disable unenrollment through app Remove the Unenroll button from the Control app to prevent users from unenrolling their device through the app. To completely prevent user-initiated unenrollment, also disable the Unenroll device option in the Self Service Portal settings. See Configure Self Service Portal settings (page 21). 3. Click Save. 6.3 Configure On the configuration tab, you configure settings for s that are sent by. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the configuration tab. 2. In Language, select the language. 3. Click Save. 6.4 Configure IT contact Provide your IT contact details so that users can get help with questions or problems. The information you enter here is displayed on the users devices. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the IT contact tab. 2. Enter the contact information. 3. Click Save. 6.5 Configure privacy settings You can turn off the following privacy-related settings in Admin: Device location Installed apps When turned off, you can t view the device location. Users can still view their device s location in the Sophos Central Self Service portal. When turned off, you can t view the apps installed on a device. The Installed apps tab in the device details is not displayed and the Apps per device report is not available. You can still view summary reports of installed apps for all devices. Copyright 2019 Sophos Limited 11
16 To configure privacy settings: 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the Privacy tab. 2. To turn off viewing device locations, click Forbid admins to locate devices. 3. To turn off displaying installed apps, click Hide installed apps. records the following privacy-related events: An administrator requests a device location. A user requests a device location in the Sophos Central Self Service portal. Viewing device locations in Admin is turned on or off. Viewing installed apps in Admin is turned on or off. 6.6 Configure ios settings On the ios tab of the Apple setup page, you configure settings for ios devices. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the ios tab. 2. Configure the following settings: Option Activation Lock bypass Select Enable to be able to clear the Activation Lock on supervised devices. When this option is selected, retrieves a bypass code when syncing with a supervised device that has Activation Lock enabled. If required, you can perform the Activation Lock bypass action from the device's Show device page to clear Activation Lock when the device needs to be erased and re-deployed. Activation Lock is an ios security feature to prevent the reactivation of lost or stolen devices. Normally, you need the correct Apple ID and password to clear Activation Lock. With the Activation Lock bypass feature, you can clear Activation Lock by providing the bypass code only. Synchronize device name Select Enable to manage ios devices under the name that is configured on the device. When this option is selected, the device name that Sophos Mobile uses is set every time the device synchronizes with. When this option is deselected, you set the device name during device enrollment. 3. Click Save. 12 Copyright 2019 Sophos Limited
17 6.7 Apple Push Notification service certificates To use the built-in Mobile Device Management (MDM) protocol of ios and macos devices, Sophos Mobile must use the Apple Push Notification service (APNs) to trigger the devices. APNs certificates have a validity period of one year Create APNs certificate Prerequisite: You have not uploaded a certificate for the Apple Push Notification service (APNs) to yet. To renew an existing certificate, see Renew APNs certificate (page 13). 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 2. Click APNs certificate wizard. 3. On the Mode page, click Create a new APNs certificate. 4. On the CSR page, click Download certificate signing request. This saves the certificate signing request file apple.csr to your local computer. 5. You need an Apple ID. Even if you already have an ID, we recommend that you create a new one for use with. On the Apple ID page, click Create Apple ID in the Apple portal. This opens an Apple web page where you can create an Apple ID for your company. Store the credentials in a safe place where your colleagues can access them. Your company will need these credentials to renew the certificate each year. 6. In the wizard, enter your new Apple ID in the Apple ID field. 7. On the Certificate page, click Create certificate on the Apple portal. This opens the Apple Push Certificates Portal. 8. Log in with your Apple ID and upload the certificate signing request file apple.csr. 9. Download the.pem APNs certificate file and save it to your computer. 10. On the Upload page, click Upload certificate and then browse for the.pem file that you received from the Apple Push Certificates Portal. 11. Click Save. reads the certificate and displays the certificate details on the APNs tab Renew APNs certificate Prerequisite: You have uploaded a certificate for the Apple Push Notification service (APNs) to that is about to be expire and needs to be renewed. To create and upload a new certificate, see Create APNs certificate (page 13). Copyright 2019 Sophos Limited 13
18 Important In the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all ios and macos devices. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 2. Click APNs certificate wizard. 3. On the Mode page, click Renew my APNs certificate. 4. On the CSR page, click Download certificate signing request. This saves the certificate signing request file apple.csr to your local computer. 5. On the Apple ID page, the Apple ID used to create the initial APNs certificate is displayed. You need this ID to log into the Apple portal. 6. On the Certificate page, click Renew certificate on the Apple portal. This opens the Apple Push Certificates Portal. 7. Log in with the Apple ID that was displayed in the wizard. 8. In the Apple Push Certificates Portal, click Renew next to your APNs certificate. 9. Upload the certificate signing request file apple.csr you prepared earlier. 10. Download the.pem APNs certificate file and save it to your computer. 11. On the Upload page, click Upload certificate and then browse for the.pem file that you received from the Apple Push Certificates Portal. 12. Click Save. Important If the following message is shown, you are not renewing the correct certificate: The topic of the new certificate does not correspond to the old one. If devices have been set up with the previous certificate, they have to be set up again. Do you really want to save your changes? This message indicates that you are about to create a new APNs certificate with a different identifier. If you confirm the message, all existing ios and macos devices are not manageable any more and you have to re-enroll them. For information on how to select the correct certificate, see Identify the correct APNs certificate for renewal (page 14) Identify the correct APNs certificate for renewal When you renew your Apple Push Notification service (APNs) certificate for the server as described in Renew APNs certificate (page 13), it is important that on the Apple portal you select the correct APNs certificate for renewal. This section describes how to identify the APNs certificate that is currently uploaded to the Sophos Mobile server. Retrieve the certificate identifier: 1. Log in to Sophos Central Admin and open the Mobile view from the My Products section of the main menu. 2. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 3. Make a note of the Topic value that is displayed under APNs certificate. Identify the certificate: 14 Copyright 2019 Sophos Limited
19 4. Use your web browser to open the URL of the Apple Push Certificates Portal, identity.apple.com/pushcert/. If you are experiencing issues with certain features of the Apple portal when using Microsoft Internet Explorer, we recommend that you use the latest version of the Firefox, Opera, Chrome or Safari browser instead. 5. Log in with the Apple ID that you used for the creation of the initial APNs certificate. 6. In the list of APNs certificates, click the Certificate Info icon This displays the certificate details. next to a certificate entry. 7. In the Subject DN field, locate the value that follows the string UID=. If this matches the identifier that you determined in Admin, you have identified the correct certificate Check APNs connectivity of devices Users of the Control app for ios can check if their devices are able to connect to the Apple Push Notification service (APNs) server. 1. In the Control app, tap the Information icon to open the About screen. 2. Tap Check APNs. The app tries to connect to the Apple APNs server. The expected server response time is 5 seconds or less. Check your firewall settings if the APNs server can t be reached. For a list of required connections see the server deployment guide. 6.8 Configure ios AirPlay destinations With you can remotely trigger AirPlay mirroring between an ios device and predefined AirPlay destinations (for example AppleTV). AirPlay only works for devices within the same network. You can define destinations for AirPlay mirroring. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the ios AirPlay tab. 2. In the AirPlay destinations section, click Create AirPlay destination. The AirPlay destination page is displayed. 3. Enter the device name and, optionally, the MAC address of the AirPlay destination device. If required, enter the password of the device. 4. Click Apply. The device is shown under AirPlay destinations in the ios AirPlay tab of the Apple setup page. 5. Click Save. You can trigger AirPlay mirroring between an ios device and this destination by clicking Request AirPlay mirroring from the Actions menu on the Show device page for the relevant device. Copyright 2019 Sophos Limited 15
20 6.9 Android settings On the Android tab of the Android setup page, you configure settings for Android devices: Set Android management mode (page 16) Enable Baidu Cloud Push service (page 17) Host Sophos apps on your web server (page 16). Configure the synchronization interval of the Control app (page 17) Set Android management mode For Android devices, you can choose between the Device administrator and Android enterprise management modes. Device administrator Android enterprise Control is a device administrator and uses Android mobile device management (MDM) to manage a device. Control is the device or profile owner and uses Android enterprise to manage a device or a work area on the device. We recommend you use Android enterprise. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. In Management mode, select the management mode for Android devices. 3. Click Save. This setting affects which policy types are available in the user interface. If you ve selected the Android enterprise mode, you must set up Android enterprise for your organization before you can enroll devices. See Set up Android enterprise - Overview (page 288) Host Sophos apps on your web server You can host the Sophos apps that users install during enrollment on an internal web server instead of Google Play. Important This option introduces a security risk. When you host the Sophos apps on an internal web server, you must allow app installations from outside Google Play in general. Make sure the latest app versions are installed on the mobile devices. Regularly upload new versions from the Sophos Product Downloads and Updates web page to your web server and then use a task bundle to install them onto the devices. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. Under Select installation source, select Hosted APK file. 16 Copyright 2019 Sophos Limited
21 3. Enter the URL of the Control app in URL of the SMC APK file. For example, if you have copied the APK file to an smc subdirectory below the deployment directory of your web server, enter this URL: <web_server_address>/smc/smc.apk The devices must be able to access the URL. 4. Likewise, enter the URL of the Security app in URL of the SMSec APK file. This requires a Mobile Advanced license. 5. Click Save Configure the synchronization interval of the Control app The Control app synchronizes with the server at these times: Immediately, when it needs to communicate device-side changes. On request, when it is triggered by the server through the push notification services Google Cloud Messaging (GCM) and, optionally, Baidu Cloud Push. Time scheduled, every 24 hours by default. If required, you can use a shorter interval for the time scheduled synchronization. For on Premise, this is configured by the super administrator. Important The default value of 24 hours is sufficient in most cases. We recommend that you only use a shorter interval if the push notification services do not work in your environment. Using shorter intervals impacts battery life and data consumption and causes higher server load. To configure the synchronization interval that the Control app on Android devices uses: 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. Under SMC app sync interval, select a value between 15 minutes and 24 hours from the Sync interval list. 3. Click Save Enable Baidu Cloud Push service uses the Google Firebase Cloud Messaging (FCM) service to send push notifications to Android devices, to trigger them to contact the server. In China, FCM will likely not work. Therefore, can also use Baidu Cloud Push, which is a Chinese push notification service. If you manage Android devices that are located in China, enable the Baidu Cloud Push service as follows: 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. In the Baidu Cloud Push service section, select Enable Baidu Cloud Push service. 3. Click Save. Copyright 2019 Sophos Limited 17
22 When Baidu Cloud Push is enabled, sends all push notifications through FCM and through Baidu Cloud Push Register Samsung Knox license If you have a Samsung Knox Premium license, you can manage the Knox container on your Samsung devices with. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Samsung Knox license tab. 2. Enter your Samsung Knox Premium license key. You can enter a license key of type KPE Premium or KLM Workspace. 3. Click Save Configure polling interval for Windows devices For Windows devices, you can configure the polling interval at which the Windows MDM client contacts the server. Usually, the server contacts the client using push notifications. Polling is used as a safety measure when the push notification service is not available. The default values are sufficient in most cases. Using shorter intervals impacts battery life and data consumption and causes higher server load. 1. On the menu sidebar, under SETTINGS, click Setup > Microsoft setup, and then click the Windows tab. 2. Select polling intervals for the different Windows operating systems. You can configure individual settings for: Windows 10 Mobile and Windows Phone 8.1 devices Windows 10 computers 3. Click Save Simple Certificate Enrollment Protocol (SCEP) With, you can distribute certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). You define the settings required for devices in an SCEP configuration of a device profile (Android and ios) or a policy (Windows Mobile) Prerequisites In order to use the Simple Certificate Enrollment Protocol, the following prerequisites must be fulfilled: An SCEP-enabled Windows CA exists in the environment. 18 Copyright 2019 Sophos Limited
23 Login credentials for a user who can create a challenge code are available. The server has http or https access to the following sites: Configure SCEP 1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the SCEP tab. 2. Specify the following: a) In the SCEP server URL field, enter b) In the Challenge URL field, enter If you use a Windows 2003 server as the SCEP server, enter SERVER/CertSrv/MSCEP. c) In the User and Password fields, enter the user credentials of the user who can create a challenge code. In the User field, enter a user who has the necessary rights to enroll certificates. Use the logon format: username@domain d) In the Challenge characters field, select the character types that are used for the challenge password. e) In the Challenge length field, accept the default length. f) Optional: Clear the Use HTTP proxy option if you want to bypass the HTTP proxy when connecting to the SCEP server. This option is only available if the HTTP proxy is enabled. 3. Click Save. tests the connection to your SCEP server. To deploy a profile using SCEP, add a SCEP configuration to an Android or ios device profile or to a Windows Mobile policy. Tip In the profile or policy, you can configure an interval after which the device automatically requests a certificate renewal Create customer properties When you create a property with name my property, you can refer to the value of the property by using the placeholder %_CUSTPROP(my property)_%. For details on placeholders, see Placeholders in profiles and policies (page 83). Copyright 2019 Sophos Limited 19
24 To create a customer property: 1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the Customer properties tab. 2. Click Add customer property. 3. Enter a name and a value for the customer property. 4. Click Apply. 5. Click Save. The customer property is added to. 20 Copyright 2019 Sophos Limited
25 7 Configure Self Service Portal With the Self Service Portal you can reduce IT efforts by allowing users to enroll devices on their own and carry out other tasks without having to contact the helpdesk. With a Self Service Portal configuration you define the following: The user groups allowed to use the Self Service Portal. The types of devices users can enroll. The device actions users can perform. The Self Service Portal is available for the following platforms: Android ios macos Windows Mobile Windows 7.1 Configure Self Service Portal settings Important Because of the complexity of the Self Service Portal settings configuration, we recommend that you test device enrollment for different user groups before you roll out the settings to your actual users. 1. On the menu sidebar, under SETTINGS, click Setup > Self Service Portal. 2. Click Enrollment texts and then add a terms of use text and a post-enrollment text. When you assign these texts to your Self Service Portal configuration, they are displayed before and after the enrollment, respectively. For details, see Create enrollment texts (page 23). 3. On the Self Service Portal configurations page, click Add to create a configuration. You can create several configurations and assign these to different user groups. 4. Configure the following settings: Option Name The name of the configuration. In the Self Service Portal, users select a configuration by this name. User groups Click Add and then enter a user group. The configuration is applied to all members of that group. You can add more than one user group to a configuration, but you can t add the same user group to different configurations. Maximum number of devices The maximum number of devices a user can enroll in the Self Service Portal. Copyright 2019 Sophos Limited 21
26 Option Actions Click Show and then select the management actions a user can perform in the Self Service Portal. For details of actions supported by a device platform, see Available Self Service Portal actions (page 23). 5. Click Add and then click the device platform you want to configure. 6. In the Configure platform settings dialog, configure the following settings: Option Display name The name of the platform settings. In the Self Service Portal, users select an enrollment type by this name. A description of the platform settings. This description is displayed in the Self Service Portal next to the name. Owner Device group Enrollment package Terms of use The owner mode (corporate or personal) of devices enrolled with this configuration. The device group the device is added to. The task bundle (for Android, ios, and macos) or policy (for Windows and Windows Mobile) sent to the device. The text to be displayed in the Self Service Portal before the enrollment. Leave this field empty to display no text. Users must agree to the text to proceed with the enrollment. Post-enrollment text The text to be displayed in the Self Service Portal after the enrollment. Leave this field empty to display no text. 7. Click Apply to add the platform settings to the Self Service Portal configuration. 8. If required, configure additional platforms. For each platform, you can configure different settings for corporate and for personal devices. 9. On the Edit Self Service Portal configuration page, click Save. If required, add more Self Service Portal settings for other user groups. On the Self Service Portal configurations page, you can use the arrow icons next to a configuration to change its priority. If Self Service Portal users match more than one configuration (because they are a member of several groups), the configuration with the highest priority is used. There always is a Default configuration. This configuration has the lowest priority, so that it is only used when no other configuration matches a user. 22 Copyright 2019 Sophos Limited
27 7.2 Create enrollment texts A Self Service Portal configuration can include a terms of use text and a post-enrollment text that are displayed before and after the enrollment, respectively. You create these texts separate from the Self Service Portal configuration and then assign them as required. 1. On the menu sidebar, under SETTINGS, click Setup > Self Service Portal. 2. Click Enrollment texts and then click the type of text to create: Terms of use: A mobile policy, disclaimer or agreement text that is displayed before the enrollment. Users must agree to the text to proceed with the enrollment. Post-enrollment text: Text to be displayed after the enrollment, for example a description of post-enrollment tasks the user must perform. 3. On the Edit enrollment text page, enter a name for the text and the text itself. You may use HTML markup to format the text. 4. Click Save. When you configure a Self Service Portal setting, you can select one terms of use text and one postenrollment text for every type of enrollment. Related tasks Configure Self Service Portal settings (page 21) 7.3 Available Self Service Portal actions Self Service Portal actions let users manage their devices. You set the available actions in the Self Service Portal configuration. Action Platforms Locate device Locate a device if it s lost or stolen. Android ios Windows Mobile Windows Lock device Lock a device if it s lost or stolen. Android ios macos Windows Mobile Reconfigure device Reconfigure the Control app, for example if the user uninstalled it accidentally. Android ios macos Windows Mobile Windows Copyright 2019 Sophos Limited 23
28 Action Platforms Show compliance violations Refresh data For non-compliant devices, show violation details. Synchronize a device with the server. Depending on your compliance policy, devices might become non-compliant when they don t synchronize regularly, for example when they are switched off for a long time. If this happens, users can perform this action to make the device compliant again. Android ios macos Windows Mobile Windows Android ios macos Windows Mobile Windows This function is not available for devices on which only manages the Sophos container. Reset password Wipe Wipe Android work profile Reset the lock screen password. For Android and ios devices, sets a temporary password. After the user has unlocked the device, they must set a new password. For Android enterprise devices in profile owner mode, the work profile s password is reset. For ios devices, deletes the password. The user must set a new password within 60 minutes. Reset a device to its factory settings if it s lost or stolen. All data on the device is deleted. Remove the work profile from a device. This also unenrolls the device from. Android ios Windows Mobile Android ios macos Windows Mobile Windows Android 24 Copyright 2019 Sophos Limited
29 Action Platforms Unenroll device Unenroll a device from. Android ios macos Windows Mobile Windows Delete unmanaged device Delete a device from. Android ios macos Windows Mobile Windows Reset App Protection password Reset Sophos container password Reconfigure the SMC app Reset the App Protection password. Users must enter this password to use apps you ve defined as protected. Reset the Sophos container password. Users must enter this password to use the Sophos container apps Sophos Secure and Sophos Secure Workspace. Reconfigure an already installed Sophos Mobile Control app. Android Android ios ios Windows Mobile Managed Lost Mode Turn Managed Lost Mode on or off. ios Play Lost Mode sound Play a sound on a device in Managed Lost Mode. ios Related tasks Configure Self Service Portal settings (page 21) Copyright 2019 Sophos Limited 25
30 8 Compliance policies With compliance policies you can: Allow, forbid or enforce certain features of a device. Define actions that are executed when a compliance rule is violated. You can create different compliance policies and assign them to device groups. This allows you to apply different levels of security to your managed devices. Tip If you are planning to manage both corporate and private devices, we recommend that you define separate compliance policies for at least these two device types. 8.1 Create compliance policy 1. On the menu sidebar, under CONFIGURE, click Compliance policies. 2. On the Compliance policies page, click Create compliance policy, and then select the template the policy will be based on: Default template: A selection of compliance rules, with no actions defined. PCI template, HIPAA template: Compliance rules and actions based on the HIPAA and the PCI DSS security standard, respectively. Your choice of template doesn t restrict your subsequent configuration options. 3. Enter a name and, optionally, a description for the compliance policy. Repeat the following steps for all required platforms. 4. Make sure that the Enable platform check box on each tab is selected. If this check box is not selected, devices of that platform are not checked for compliance. 5. Under Rule, configure the compliance rules for the particular platform. Each compliance rule has a fixed severity level (high, medium, low) that is depicted by a blue icon. The severity helps you to assess the importance of each rule and the actions you should implement when it is violated. For devices where manages the Sophos container instead of the whole device, only a subset of compliance rules is applicable. In Highlight rules, select a management type to highlight the rules that are relevant. 6. Under If rule is violated, define the actions that will be taken when a rule is violated: Option Deny Forbid access. 26 Copyright 2019 Sophos Limited
31 Option Lock container Set health Create alert Transfer task bundle This action can only be taken if you have configured a connection to the standalone EAS proxy. See Configure a connection to the standalone EAS proxy server (page 330). This action is only available for Android, ios, Windows and Windows Mobile devices. Disable the Sophos Secure Workspace and Secure apps. This affects document, and web access that is managed by these apps. This action can only be taken when you have activated a Mobile Advanced license. This action is only available for Android and ios devices. Select the health status (Red, Yellow, Green) the device gets if it violates this rule. If the device violates more than one rule, it gets its health status from the rule that s associated with the worst health. reports the health status to Sophos Wireless. Depending on your Sophos Wireless configuration, network access is restricted. This action is available for Android and ios devices if you ve turned on Synchronized Security. See Turn on Synchronized Security (page 55). Trigger an alert. The alerts are displayed on the Alerts page of Sophos Central Admin. Transfer a specific task bundle to the device. Select a task bundle from the list, or select None to transfer no task bundle when the compliance rule is violated. This action is only available for Android, ios, macos and Windows devices. Important When used incorrectly, task bundles may misconfigure or even wipe devices. To assign the correct task bundles to compliance rules, an in-depth knowledge of the system is required. When a device in Android enterprise device owner mode becomes non-compliant, all apps are disabled. 7. When you have made the settings for all required platforms, click Save to save the compliance policy under the name that you specified. Copyright 2019 Sophos Limited 27
32 8.2 Available compliance rules This section lists the compliance rules that you can select for the individual platforms. Rule Platforms Managed required Minimum SMC version Root access allowed Define the action that will be executed when a device is no longer managed. Enter the minimum Control app version that has to be installed onto the device. Select whether devices with root rights are allowed. Android ios macos Windows Mobile Windows Android ios Windows Mobile Android For Sony devices with Enterprise API version 4 or above and for Samsung devices with Knox version 5.5 or below, this includes all devices that are classified insecure by the MDM API, for example because the bootloader is unlocked. Google SafetyNet compatibility required Apps from unknown sources allowed Android Debug Bridge (ADB) allowed Allow jailbreak The device must pass the Compatibility Test Suite (CTS), a Google SafetyNet test for Android compatibility. Select whether apps from unknown sources are allowed. This rule only affects devices with Android 7.x or earlier. With Android 8, the system setting to restrict app installation sources was removed. Select whether ADB (Android Debug Bridge) is allowed. Select whether jailbroken devices are allowed. Android Android Android ios 28 Copyright 2019 Sophos Limited
33 Rule Platforms Screen lock required Minimum OS version Maximum OS version Mandatory OS updates Maximum synchronization gap Maximum SMC synchronization gap Maximum SMSec synchronization gap Select whether a device password or other screen lock mechanism (like pattern or PIN) is required. For Android, this includes the display lock types Pattern, PIN and Password, but not Swipe. Windows Mobile devices that have no password policy assigned are always reported as non-compliant. This is a Windows limitation. Select the earliest operating system version required. Select the latest operating system version allowed. Select if devices must have the latest available or the latest required update installed. Some ios updates are classified as required by Apple. The latest available update might be newer than the latest required update. The maximum allowed gap between device synchronization events. The maximum allowed gap between Control app synchronization events. The maximum allowed gap between Security app synchronization events. Android ios Windows Mobile Windows Android ios macos Windows Mobile Windows Android ios macos Windows Mobile Windows ios Android ios macos Windows Mobile Windows ios Windows Mobile Android ios Copyright 2019 Sophos Limited 29
34 Rule Platforms Maximum SMSec scan gap Denial of SMSec permissions allowed Malware apps allowed Suspicious apps allowed PUAs allowed Encryption required Third-party profiles allowed The maximum allowed gap between malware scans performed by the Security app. Security needs permissions on the device to work properly. The user has to grant these permissions when the app is installed. Select whether a denial of the required permissions results in a compliance violation. Select whether malware apps that have been detected by Sophos Mobile Security are allowed. Select whether suspicious apps that have been detected by Sophos Mobile Security are allowed. Select whether Potentially Unwanted Apps (PUAs) that have been detected by Security are allowed. Select whether encryption is required for devices. Users must additionally enable the Require PIN to start device or Require Password to start device setting when they set a screen lock. See Sophos knowledge base article For macos, this setting applies to FileVault full-disk encryption. For Windows Mobile, a violation is only reported if the restriction Forbid unencrypted device is set as well. This is a Windows limitation. This rule is not available for ios because iphones and ipads are always encrypted. Configuration profiles not managed by are allowed. Android Android Android Android Android Android macos Windows Mobile Windows ios Data roaming allowed Data roaming is allowed. Android ios 30 Copyright 2019 Sophos Limited
Sophos Mobile in Central
administrator help Product Version: 8 Contents About this help...1 About Sophos Mobile Admin... 2 User interface... 2 Table views... 2 User roles... 3 Key steps for managing devices with Sophos Mobile...4
More informationSophos Mobile in Central administrator help. Product version: 7.1
Sophos Mobile in Central administrator help Product version: 7.1 Contents 1 About this help...6 2 Key steps for managing devices with Sophos Mobile...7 3 Dashboard...8 4 Reports...9 5 Tasks...10 5.1 Monitor
More informationSophos Mobile. administrator help. product version: 9
administrator help product version: 9 Contents About this help... 1 About...2 About Admin... 3 Dashboard... 3 Table views...4 Prerequisites... 4 User roles... 4 Change your password... 5 Password recovery...
More informationSophos Mobile on Premise
administrator help product version: 8.6 Contents About this help... 1 About Sophos Mobile...2 About Sophos Mobile Admin... 3 User interface... 3 Table views...3 Prerequisites... 4 User roles... 4 Change
More informationSophos Mobile Control Administrator guide. Product version: 5.1
Sophos Mobile Control Administrator guide Product version: 5.1 Document date: June 2015 Contents 1 About Sophos Mobile Control...5 1.1 Sophos Mobile Control on premise and as a Service...5 1.2 About this
More informationSophos Mobile. startup guide. Product Version: 8.1
Sophos Mobile startup guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are
More informationSophos Mobile administrator help. Product version: 7.1
Sophos Mobile administrator help Product version: 7.1 Contents 1 About this help...6 2 About Sophos Mobile...7 3 About the Sophos Mobile console...8 3.1 User interface...8 3.2 Table views...9 3.3 Prerequisites...9
More informationSophos Mobile. startup guide. Product Version: 8.5
Sophos Mobile startup guide Product Version: 8.5 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are
More informationSophos Mobile Control startup guide. Product version: 7
Sophos Mobile Control startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 Sophos Mobile Control licenses...7 3.1 Trial licenses...7 3.2 Upgrade trial licenses
More informationSophos Mobile as a Service
startup guide Product Version: 8 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses...5 Check your licenses...6
More informationSophos Mobile in Central
startup guide Product Version: 8.1 Contents About this guide... 1 What are the key steps?... 2 Activate Mobile Advanced licenses... 3 Configure settings... 4 Configure personal settings...4 Configure technical
More informationSophos Mobile in Central
startup guide product version: 8.6 Contents About this guide... 1 What are the key steps?... 2 Activate Mobile Advanced licenses... 3 Configure settings... 4 Configure personal settings...4 Configure IT
More informationSophos Mobile SaaS startup guide. Product version: 7.1
Sophos Mobile SaaS startup guide Product version: 7.1 Contents 1 About this guide...4 2 What are the key steps?...5 3 Change your password...6 4 Change your login name...7 5 Activate SMC Advanced licenses...8
More informationSophos Mobile as a Service
startup guide product version: 8.6 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses... 5 Check your licenses...6
More informationSophos Mobile. super administrator guide. Product Version: 8
Sophos Mobile super administrator guide Product Version: 8 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...
More informationSophos Mobile. super administrator guide. product version: 8.6
Sophos Mobile super administrator guide product version: 8.6 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...
More informationSophos Mobile Control SaaS startup guide. Product version: 7
Sophos Mobile Control SaaS startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8 5 Change your login
More informationSophos Mobile. super administrator guide. product version: 9
super administrator guide product version: 9 Contents About this guide... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer... 3 Log in as super administrator... 3 Switch
More informationSophos Mobile super administrator guide. Product version: 7.1
Sophos Mobile super administrator guide Product version: 7.1 Contents 1 About this guide...4 1.1 Document conventions...4 2 Super administrator...5 2.1 Super administrator tasks...5 2.2 Super administrator
More informationSophos Mobile Control Super administrator guide. Product version: 3.5
Sophos Mobile Control Super administrator guide Product version: 3.5 Document date: July 2013 Contents 1 About Sophos Mobile Control...3 2 Super administrator accounts...4 3 The super administrator customer...5
More informationSophos Mobile Control SaaS startup guide. Product version: 6.1
Sophos Mobile Control SaaS startup guide Product version: 6.1 Document date: September 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your
More informationSophos Mobile. user help. product version: 8.6
user help product version: 8.6 Contents About this help... 1 About...2 Set up on your device... 3 Enrollment steps for Android devices... 3 Enrollment steps for ios devices...3 Enrollment steps for Macs...
More informationSophos Central Self Service Portal help
Sophos Central Self Service Portal help Contents 1 About this Help...3 2 Email...4 2.1 Manage Quarantined Email...4 2.2 Emergency Inbox...4 3 Mobile Control...5 3.1 Set up Sophos Mobile Control on your
More informationVerizon MDM UEM Unified Endpoint Management
Verizon MDM UEM Unified Endpoint Management Version: 1.0 Last Updated: 3/29/18 Table of Contents Unified Endpoint Management (UEM) Overview... 4 Account Dashboard... 4 Unified Endpoint Management (UEM)
More informationSophos Mobile user help. Product version: 7.1
Sophos Mobile user help Product version: 7.1 Contents 1 About this help...4 2 About Sophos Mobile...5 3 Login to the Self Service Portal...6 3.1 First login...6 3.2 Login...6 3.3 Password recovery...6
More informationIntegration with Apple Configurator 2. VMware Workspace ONE UEM 1902
Integration with Apple Configurator 2 VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about
More informationZENworks 2017 Update 4 Troubleshooting Mobile Device Management
ZENworks 2017 Update 4 Troubleshooting Mobile Device Management January 2019 This section provide solutions to the problems you might encounter while using the Mobile Management feature. Section 1, Log
More informationVMware Workspace ONE UEM Integration with Apple School Manager
VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation
More informationSophos Mobile. installation guide. Product Version: 8.5
installation guide Product Version: 8.5 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...
More informationSophos Mobile. installation guide. product version: 8.6
installation guide product version: 8.6 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...
More information1 About this document System environment Communication between devices and push servers Technical support...
Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push servers... 13 4 Technical support... 15 5 Legal notices... 16 Installation prerequisites form 1 About
More informationVMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch
VMware Workspace ONE UEM Apple tvos Device Management VMware Workspace ONE UEM 1811 VMware AirWatch You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationSophos Mobile Control Installation guide
Sophos Mobile Control Installation guide Product version: 1.0 Document date: May 2011 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Apple Push
More informationSophos Mobile. installation guide. product version: 9
installation guide product version: 9 Contents About this guide... 1 About...2 licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses... 3 Set up... 4 Installation
More informationNotifyMDM Device Application User Guide Installation and Configuration for Android
NotifyMDM Device Application User Guide Installation and Configuration for Android NotifyMDM for Android, Version 3.x NotifyMDM for Android 1 Table of Contents NotifyMDM for Android 3 Installation Instructions
More informationVMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes
VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes Workspace ONE UEM v9.6 Have documentation feedback? Submit
More informationSophos Mobile. server deployment guide. product version: 9
server deployment guide product version: 9 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 16 EAS proxy usage scenarios...20 EAS proxy architecture
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationSophos Mobile Control Administrator guide. Product version: 2 Document date: December 2011
Sophos Mobile Control Administrator guide Product version: 2 Document date: December 2011 Contents 1 Glossary... 3 2 About Sophos Mobile Control... 4 3 Prerequisites... 6 4 Login... 7 5 Overview... 8 6
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationSophos Mobile. installation guide. Product Version: 8
installation guide Product Version: 8 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses...3 Update licenses...3
More informationGoogle Sync Integration Guide. VMware Workspace ONE UEM 1902
Google Sync Integration Guide VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,
More informationVMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes
VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes AirWatch v9.3 Have documentation feedback? Submit a Documentation
More informationSophos Mobile. server deployment guide. product version: 8.6
Sophos Mobile server deployment guide product version: 8.6 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 9 Usage scenarios for the standalone
More informationVMware AirWatch tvos Platform Guide Deploying and managing tvos devices
VMware AirWatch tvos Platform Guide Deploying and managing tvos devices AirWatch v9.3 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationCompliance Manager ZENworks Mobile Management 2.7.x August 2013
www.novell.com/documentation Compliance Manager ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this
More informationForeScout Extended Module for VMware AirWatch MDM
ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5
More informationSystems Manager Cloud-Based Enterprise Mobility Management
Datasheet Systems Manager Systems Manager Cloud-Based Enterprise Mobility Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, monitoring, and
More informationSophos Mobile Control installation prerequisites form. Product version: 7
Sophos Mobile Control installation prerequisites form Product version: 7 Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push servers... 11 4 Technical
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationCompliance Manager ZENworks Mobile Management 3.0.x January 2015
www.novell.com/documentation Compliance Manager ZENworks Mobile Management 3.0.x January 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this
More informationMobility Manager 9.5. Users Guide
Mobility Manager 9.5 Users Guide LANDESK MOBILITY MANAGER Copyright 2002-2013, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks
More informationVMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments
VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback
More informationLookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management
Lookout Mobile Endpoint Security Deploying Lookout with BlackBerry Unified Endpoint Management June 2018 2 Copyright and disclaimer Copyright 2018, Lookout, Inc. and/or its affiliates. All rights reserved.
More informationWorkspace ONE UEM Mobile Device Management Guide. VMware Workspace ONE UEM 1810
Workspace ONE UEM Mobile Device Management Guide VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationVodafone Secure Device Manager Administration User Guide
Vodafone Secure Device Manager Administration User Guide Vodafone New Zealand Limited. Correct as of June 2017. Vodafone Ready Business Contents Introduction 3 Help 4 How to find help in the Vodafone Secure
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationWorkspace MDM Management Site Manual
Workspace MDM Management Site Manual 8. Appendix (Web site ver 8.1.1) 1 1 Appendix... 3 1.1 Function list... 4 1.2 Easy Setup procedure... 8 1.3 Input method of import data... 10 1.4 Details on CSV for
More informationPulse Workspace Appliance. Administration Guide
Pulse Workspace Appliance Administration Guide Product Release 2.0, 1743.1 Document Revisions 1.0 Published Date January 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 The Pulse
More informationIntegrating AirWatch and VMware Identity Manager
Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationVMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager
VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Table of Contents Lab Overview - HOL-1857-03-UEM - Workspace ONE UEM with App & Access Management... 2 Lab Guidance... 3 Module 1 - Workspace
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationForeScout Extended Module for MobileIron
Version 1.8 Table of Contents About MobileIron Integration... 4 Additional MobileIron Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationSophos Mobile. server deployment guide. Product Version: 8.1
Sophos Mobile server deployment guide Product Version: 8.1 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 9 Usage scenarios for the standalone
More informationNotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown
NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown NotifyMDM for ios Devices, Version 3.x NotifyMDM for ios with TouchDown 1 Table of Contents NotifyMDM for ios
More informationVMware AirWatch: Directory and Certificate Authority
Table of Contents Lab Overview - HOL-1857-06-UEM - VMware AirWatch: Directory and Certificate Authority Integration... 2 Lab Guidance... 3 Module 1 - Advanced AirWatch Configuration, AD Integration/Certificates
More informationMcAfee MVISION Mobile epo Extension Product Guide
McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More informationWindows 8/RT Features Matrix
Windows 8/RT Features Matrix The following matrix shows what AirWatch features are available to the Windows 8.0/RT and the Windows 8.1/RT platforms. Feature Windows 8.0/RT Windows 8.1/RT Activation & Enrollment
More informationThe following device commands are used most frequently: Lock/Unlock device O - O O. Reset screen password O - O - Factory reset + Initialize SD Card
10 Device management Administrators can install apps on an activated device using device commands and check the profiles settings. Moreover, they can update, delete, or re-install apps installed on users'
More informationDeploying Lookout with IBM MaaS360
Lookout Mobile Endpoint Security Deploying Lookout with IBM MaaS360 February 2018 2 Copyright and disclaimer Copyright 2018, Lookout, Inc. and/or its affiliates. All rights reserved. Lookout, Inc., Lookout,
More informationVMware Workspace ONE UEM Mobile Device Management Documentation. VMware Workspace ONE UEM 1811
VMware Workspace ONE UEM Mobile Device Management Documentation VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationVMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1
VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June
More informationAdding mobile applications
Adding mobile applications This section describes how to add, configure, and deploy mobile applications for Android, ios, and Mac OS X. You can deploy custom applications as well as applications purchased
More informationSophos Enterprise Console Help. Product version: 5.3
Sophos Enterprise Console Help Product version: 5.3 Document date: September 2015 Contents 1 About Sophos Enterprise Console 5.3...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7
More informationForeScout Extended Module for MaaS360
Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationMDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/
MDM Android Client 5.26.0x - User Guide 7P Mobile Device Management Doc.Rel: 1.0/ 2017-07-16 Table of Contents 1 Objectives and Target Groups... 9 1.1 Important information... 9 1.2 Third-Party Materials...
More informationThe University of Toledo Intune End-User Enrollment Guide:
The University of Toledo Intune End-User Enrollment Guide: Contents Enroll your Android device in Intune... 2 Enroll your ios device in Intune... 15 Enroll your Mac OS X device in Intune... 25 Enroll your
More informationTabPilot Documentation
Table of contents 1 Introduction... 5 2 Control Tower Interface... 7 2.1 Menu Navigation... 7 2.2 Working with Tables... 8 3 Setting Up TabPilot... 10 3.1 Overview... 10 3.2 Setting Up Android Devices...
More informationProvisioning Mobile Device Manager in the Control Panel. Admin Guide
Provisioning Mobile Device Manager in the Control Panel Admin Guide Document Revision Date: Mar. 8, 2013 Provisioning MDM in the Control Panel i Contents Overview... 1 Accessing MDM in the Control Panel...
More informationSophos Mobile Control Installation prerequisites form
Sophos Mobile Control Installation prerequisites form Product version: 5.1 Document date: July 2015 Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push
More informationios Supervised Devices
www.novell.com/documentation ios Supervised Devices ZENworks Mobile Management 3.2.x October 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use
More informationMcAfee Enterprise Mobility Management 12.0 Software
Product Guide McAfee Enterprise Mobility Management 12.0 Software For use with epolicy Orchestrator 4.6.7-5.1 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationSophos Central Admin. help
help Contents About Sophos Central... 1 Activate Your License...2 Endpoint Protection...3 Dashboard...3 Alerts...4 Root Cause Analysis...9 Logs & Reports... 11 People... 24 Computers...33 Computer Groups...40
More informationWorkspace ONE UEM Console Basics Documentation. VMware Workspace ONE UEM 1811
Workspace ONE UEM Console Basics Documentation VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationColligo Briefcase. for Good Technology. Administrator Guide
for Good Technology Administrator Guide Contents Introduction... 2 Target Audience... 2 Overview... 2 Key Features... 2 Platforms Supported... 2 SharePoint Security & Privileges... 3 for Good Technology...
More information3CX Mobile Device Manager
3CX Mobile Device Manager Manual 1 Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples
More informationLink to other configuration guides for information on...
Configuration Guide: Adding Users and Enrolling Devices This guide provides information on...... Adding users manually or via batch import using the Add New User Wizard... Setting up an Organization for
More informationDeploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE
Deploying VMware Workspace ONE Intelligent Hub October 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationConfiguration Guide. BlackBerry UEM Cloud
Configuration Guide BlackBerry UEM Cloud Published: 2018-04-18 SWD-20180411125526296 Contents About this guide... 7 Getting started... 8 Configuring BlackBerry UEM Cloud for the first time... 8 Administrator
More informationDell EM+S Intune. Android Enrollment Guide. Version 1.5
Dell EM+S Intune Android Enrollment Guide Version 1.5 Copyright 2017 Dell Inc. All rights reserved. This publication contains information that is confidential and proprietary to Dell and is subject to
More informationTable of Contents... ii. GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1
Table of Contents... ii GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1 1: Start Using Toggle... 1 Personal... 2 ToggleHub... 2 AT&T Toggle Browser... 2 Downloads... 2 Media... 3 AT&T Toggle
More informationJunos Pulse Mobile Security Gateway
Junos Pulse Mobile Security Gateway Administration Guide Release 4.0 June 22, 2012 R1 Copyright 2012, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered
More informationWorkspace MDM Management Site Manual
Workspace MDM Management Site Manual 1. Using the management site (Web site ver 8.1.1) 1 1 Getting Started... 3 1.1 What is "Workspace MDM"?... 3 1.2 Features... 3 1.3 Roles of the Management Site... 4
More informationUSER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5
USER GUIDE CTERA Agent for Windows June 2016 Version 5.5 Copyright 2009-2016 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written
More informationIBM. Configuration Guide. IBM MobileFirst Protect On-Premise. Version 2 Release 4
IBM MobileFirst Protect On-Premise IBM Configuration Guide Version 2 Release 4 IBM MobileFirst Protect On-Premise IBM Configuration Guide Version 2 Release 4 Note Before using this information and the
More informationGetting Started Guide
Getting Started Guide BlackBerry UEM Version 12.6 Maintenance Release 2 Published: 2017-04-07 SWD-20170407163328365 Contents Getting started with BlackBerry UEM and BlackBerry Dynamics...5 Steps to get
More informationVMware AirWatch Express Guide Managing your organization's mobile devices
VMware AirWatch Express Guide Managing your organization's mobile devices AirWatch Express v1.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More information