Sophos Mobile. administrator help. product version: 9

Size: px
Start display at page:

Download "Sophos Mobile. administrator help. product version: 9"

Transcription

1 administrator help product version: 9

2 Contents About this help... 1 About Admin... 2 Dashboard... 2 Table views...3 User roles... 3 Key steps for managing devices with...5 Reports... 6 Tasks... 7 Monitor tasks... 7 Setup Configure personal settings...10 Configure SMC app settings Configure Configure IT contact...11 Configure privacy settings...11 Configure ios settings Apple Push Notification service certificates Configure ios AirPlay destinations...15 Android settings...16 Set Android management mode Host Sophos apps on your web server Configure the synchronization interval of the Control app...17 Enable Baidu Cloud Push service Register Samsung Knox license Configure polling interval for Windows devices Simple Certificate Enrollment Protocol (SCEP) Create customer properties...19 Configure Self Service Portal...21 Configure Self Service Portal settings Create enrollment texts Available Self Service Portal actions Compliance policies Create compliance policy Available compliance rules...28 Assign a compliance policy to device groups...32 Check devices for compliance Devices Add devices Enroll devices Unenroll devices Manage devices Synchronized Security...54 Custom device properties...56 Zero-touch enrollment Knox Mobile Enrollment Apple DEP TeamViewer remote control Device groups Create device group...74 Delete device groups Users Configure Self Service Portal user management...75 (2019/02/14)

3 Configure LDAP connection...76 Profiles and policies Get started with device policies Create profile or policy...80 Import ios device profiles created with Apple Configurator Import provisioning profiles for ios apps...81 About macos policies...82 Windows password complexity rules Samsung Knox support...83 Placeholders in profiles and policies...83 Install a profile onto devices Assign a policy to devices Uninstall profile Download profiles and policies Configurations for Android device profiles Configurations for Android enterprise work profile policies Configurations for Android enterprise device policies Configurations for Sophos container policies for Android Configurations for Mobile Security policies for Android Configurations for Knox container profiles Configurations for ios device profiles Configurations for Sophos container policies for ios Configurations for Mobile Security policies for ios Configurations for macos device policies Configurations for macos user policies Configurations for Windows Mobile policies Configurations for Windows policies Task bundles Create task bundle Available Android task types Available ios task types Available macos task types Available Windows task types Duplicate task bundles Transfer task bundles to individual devices or to device groups Apps Add app Install app Uninstall app App settings (Android) App settings (ios) App settings (macos) App settings (Windows Mobile) App settings (Windows) Determine settings for Windows MSI links Managed apps for ios Manage Apple VPP apps Assign a VPN connection to an ios app Add a managed app configuration to an ios app App groups Create app group Import app group Corporate documents Add corporate documents Android enterprise Set up Android enterprise - Overview (2019/02/14)

4 Set up Android enterprise (Managed Google Play Account scenario) Set up Android enterprise (Managed Google Domain scenario) Configure Android enterprise device enrollment Manage users for Android enterprise (Managed Google Domain scenario) Create work profile Lock work profile Remove work profile from device User-initiated work profile removal Android Factory Reset Protection Managed Google Play apps Intune app protection Set up Microsoft Intune integration Create Intune app protection policy Assign apps to an Intune app protection policy Assign users to an Intune app protection policy Intune app protection policy settings (Android) Intune app protection policy settings (ios) Intune Mobile Threat Defense Set up Intune Mobile Threat Defense integration Intune Mobile Threat Defense device status Manage Security Security compliance rules Configure third-party EMM integration Send message to devices Standalone EAS proxy Download the EAS proxy installer Install the standalone EAS proxy Request an SSL/TLS certificate Set up access control through PowerShell Configure a connection to the standalone EAS proxy server Determine the server URL Sophos container Configure Sophos container enrollment Mobile Advanced license Manage Sophos container apps Reset Sophos container password Lock and unlock the Sophos container Transferring items to Sophos Central Export items Import items Glossary Technical support Legal notices (2019/02/14)

5 1 About this help This help provides information about the product in Sophos Central and explains procedures step by step. It covers the features available for the Mobile Standard and Mobile Advanced license types. For other versions of this help, see the documentation web page. Copyright 2019 Sophos Limited 1

6 2 About Admin Admin is the central instrument for managing devices with. It is the web interface of the server used for device management. With the web portal you can implement a corporate policy for the use of devices and apply it to the devices that are enrolled with Sophos Mobile. In Admin you can: Configure the system, for example personal settings or platform-specific settings. Configure compliance policies and define actions to be taken if devices no longer comply with the rules specified. See Compliance policies (page 26). Enroll devices with. See Add devices (page 34). Provision new devices. See Enroll devices (page 35). Install apps on enrolled devices. See Apps (page 264). Define security policies for devices. See Profiles and policies (page 78). Create task bundles to bundle several tasks and transfer them to the devices in one transaction. See Task bundles (page 252). Configure settings for the Self Service Portal. See Configure Self Service Portal (page 21). Carry out administrative tasks on devices, for example reset the password of devices, lock or wipe devices if they are lost or stolen, unenroll devices. See Manage devices (page 42). Create and view reports. See Reports (page 6). 2.1 Dashboard The customizable Dashboard is the regular start page of and provides access to the most important information at a quick glance. It consists of several widgets providing information about: Devices, all or per group Compliance status by platform or for all devices Managed status by platform or for all devices The SSP registration status The managed platform versions You can also add devices from the Dashboard. See Use the Add device wizard (page 36). The following options are available to customize the Dashboard: To add a widget to the page, click Add widget. To remove a widget from the page, click the Close button in its header. To reset the page to its default layout, click Restore default layout. To rearrange the widgets on the page, drag a widget header. 2 Copyright 2019 Sophos Limited

7 2.2 Table views In Admin, many pages display information in a tabular form. These tables have common controls that you can interact with. Above the table: Use the Show or hide columns icon to configure which table columns are visible. Enter text in the Search all fields field to only display data rows that contain that text in any column. In the table: Click a column header to sort the table rows by that property. Click again to revert the sort order. Click an entry name to perform the default action on that entry (usually Edit). Click the blue triangle next to an entry name to perform more actions on that entry. Below the table: Use the navigation buttons to display a specific table page. Use the Export icon to export either the whole table or the current page to a Microsoft Excel file or a CSV file. If you have configured a row filter, only the currently visible rows are exported. 2.3 User roles administrators have different roles. The role affects what an administrator can do. The available roles are: Role Administrator Helpdesk Read-only This role can perform all available actions. This role can perform actions for support purposes, including enrolling devices and installing apps. This role does not have access to critical functions, such as defining settings and creating, deleting or editing devices/device groups, packages and policies. This role has read-only access to all settings that are available to the Administrator role. The roles relate to the administration roles you assign in Sophos Central Admin as follows: Sophos Central role Super Admin Admin role Administrator Administrator Copyright 2019 Sophos Limited 3

8 Sophos Central role Help Desk Read-only User role Helpdesk Read-only No access 4 Copyright 2019 Sophos Limited

9 3 Key steps for managing devices with offers a wide range of management functions depending on device types, security policies and specific requirements in your organization. The key steps for managing devices with are: Configure compliance policies for devices. See Compliance policies (page 26). Create device groups. See Create device group (page 74). Device groups are used to categorize devices. We recommend that you put devices into groups. This helps you to manage them efficiently as you can carry out tasks on a group rather than on individual devices. Enroll and provision devices. See Add devices (page 34) and Enroll devices (page 35). Devices can either be enrolled and provisioned by administrators in Admin or by device users in the Sophos Central Self Service portal. Set up policies for devices. See Profiles and policies (page 78). Create task bundles. See Task bundles (page 252). Configure the available features of the Sophos Central Self Service portal. See Configure Self Service Portal (page 21). Apply new or updated policies to enrolled devices. Copyright 2019 Sophos Limited 5

10 4 Reports You can create reports of the items managed by. 1. On the menu sidebar, under INFORM, click Reports, and then click the name of the required report. 2. In the Choose format dialog, click one of the available icons to select the output format: Click to export the report to a Microsoft Excel file. Click to export the report to a CSV file. The report is saved to your computer. 6 Copyright 2019 Sophos Limited

11 5 Tasks The Task view page gives you an overview of all tasks you created and started and displays their current state. You can monitor all your tasks and intervene in case of problems. For example, you can delete a task that cannot be completed but blocks the device. To delete a task, click the Delete icon next to it. You can filter tasks according to their type and state and sort them by device name, package name, creator and scheduled date. 5.1 Monitor tasks In Admin, you can monitor all existing tasks for devices. The Tasks page shows all unfinished and failed tasks as well as the finished tasks of the last few days. The Task view page is refreshed automatically, so you can watch the states of the tasks evolve. The Task details page shows general information about a task from the Tasks page or the Task archive page. The Task archive page shows all tasks View unfinished, failed and latest finished tasks 1. On the menu sidebar, under INFORM, click Tasks. 2. On the Task view page, the State column shows the task status, for example, Completely failed. 3. In the Refresh interval (in sec.) field, you can select how often the Task view page is to be refreshed. 4. To view further details about a task, click the Show magnifier icon next to the required task. The Task details page is displayed. Besides general information on the task (for example, device name, package name and creator) it shows the states a specific task went through, including timestamps and error codes. If there are commands to be executed by the device, an additional Details button is available on the Task details page. 5. If available, click Details to view the commands to be processed by the device. If there was no error, the error code is 0. If a command has failed, the error code is displayed. In most cases there is also a description of what may have caused the command to fail. 6. To return to the Task details page, click Back View task archive 1. On the menu sidebar, under INFORM, click Tasks. 2. On the Task view page, click Task archive. The Task archive page is displayed. It shows all finished and failed tasks in the system. 3. On this page, you can: Click Reload to refresh the Task archive page. Copyright 2019 Sophos Limited 7

12 Delete a task from the archive by clicking the Delete icon next to the relevant task. Select several tasks and click Delete selected to delete them from the archive. To go back to the Task view page, click Tasks on the menu sidebar Task states The following table provides an overview of the task states shown on the Task view and on the Task archive pages. Every state is associated with a color code that indicates the state category. Color code State Accepted Task has been created. Will be retried Task will be retried later. Started Task has been started. In progress Execution of the task is being prepared. Task bundle in progress Execution of the task bundle is being prepared. Notified The Control app was notified. Commands sent Result evaluation started Result incomplete Waiting for user interaction Waiting for task completion Device is locked The Control app has received the package and/or the commands. The Control app has answered and the evaluation of the result has been started. Result evaluation showed that not all commands results have been received by now. There is a pending user action on the device. An installation task was sent to the device, but it may take some time to complete. Task waits for the device to become unlocked (ios). 8 Copyright 2019 Sophos Limited

13 Color code State Successful Package has been installed or the commands have been successfully executed. For the initial provisioning of the Control app the task must finish with the state Installed. Installed Result evaluation failed Task partly failed Delayed Failed (retry queued) Task failed Completely failed Not started Skipped Unknown The Control app has been installed successfully. The device is provisioned now. Result evaluation could not be executed. Not all commands of the task could be executed successfully. Task will be restarted later. Task has failed and will be retried later. Task has failed and no further retries are queued. Task has failed, and it is not possible to retry it. Task is part of a task bundle and was not processed yet. Task is not supported by device. Task bundle execution continues with the next task. The server has no information about the task status. Color code Category Open In progress Success Failure Other Copyright 2019 Sophos Limited 9

14 6 Setup In the Setup menu section you configure the general behavior of, the interaction with devices, and the interaction with external components like Google or Apple portals. 6.1 Configure personal settings You can adjust the appearance of Admin to your personal preferences. For example, you can set the language, the time zone, or the visible device platforms. These settings only affect the administrator account you re currently signed in with. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the Personal tab. 2. Configure the following settings: Option Time zone Unit system Lines per page in tables Expert mode The time zone in which dates are shown. The unit system for lengths (Metric or Imperial). The maximum number of entries displayed per table page. This setting turns on additional features: The Show device page includes the Custom properties tab with your custom device properties. The Show device page includes the Internal properties tab with additional properties the device reports. Several policy configuration pages include the Extra settings section to configure optional settings. Activated platforms The device platforms you want to view. In Admin, only pages and settings relevant for the selected platforms are shown. 3. Click Save. 6.2 Configure SMC app settings On the SMC app tab of the General settings page, you configure settings for the Control app on Android, ios and Windows Mobile devices. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the SMC app tab. 2. Configure the following settings: 10 Copyright 2019 Sophos Limited

15 Option Disable unenrollment through app Remove the Unenroll button from the Control app to prevent users from unenrolling their device through the app. To completely prevent user-initiated unenrollment, also disable the Unenroll device option in the Self Service Portal settings. See Configure Self Service Portal settings (page 21). 3. Click Save. 6.3 Configure On the configuration tab, you configure settings for s that are sent by. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the configuration tab. 2. In Language, select the language. 3. Click Save. 6.4 Configure IT contact Provide your IT contact details so that users can get help with questions or problems. The information you enter here is displayed on the users devices. 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the IT contact tab. 2. Enter the contact information. 3. Click Save. 6.5 Configure privacy settings You can turn off the following privacy-related settings in Admin: Device location Installed apps When turned off, you can t view the device location. Users can still view their device s location in the Sophos Central Self Service portal. When turned off, you can t view the apps installed on a device. The Installed apps tab in the device details is not displayed and the Apps per device report is not available. You can still view summary reports of installed apps for all devices. Copyright 2019 Sophos Limited 11

16 To configure privacy settings: 1. On the menu sidebar, under SETTINGS, click Setup > General, and then click the Privacy tab. 2. To turn off viewing device locations, click Forbid admins to locate devices. 3. To turn off displaying installed apps, click Hide installed apps. records the following privacy-related events: An administrator requests a device location. A user requests a device location in the Sophos Central Self Service portal. Viewing device locations in Admin is turned on or off. Viewing installed apps in Admin is turned on or off. 6.6 Configure ios settings On the ios tab of the Apple setup page, you configure settings for ios devices. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the ios tab. 2. Configure the following settings: Option Activation Lock bypass Select Enable to be able to clear the Activation Lock on supervised devices. When this option is selected, retrieves a bypass code when syncing with a supervised device that has Activation Lock enabled. If required, you can perform the Activation Lock bypass action from the device's Show device page to clear Activation Lock when the device needs to be erased and re-deployed. Activation Lock is an ios security feature to prevent the reactivation of lost or stolen devices. Normally, you need the correct Apple ID and password to clear Activation Lock. With the Activation Lock bypass feature, you can clear Activation Lock by providing the bypass code only. Synchronize device name Select Enable to manage ios devices under the name that is configured on the device. When this option is selected, the device name that Sophos Mobile uses is set every time the device synchronizes with. When this option is deselected, you set the device name during device enrollment. 3. Click Save. 12 Copyright 2019 Sophos Limited

17 6.7 Apple Push Notification service certificates To use the built-in Mobile Device Management (MDM) protocol of ios and macos devices, Sophos Mobile must use the Apple Push Notification service (APNs) to trigger the devices. APNs certificates have a validity period of one year Create APNs certificate Prerequisite: You have not uploaded a certificate for the Apple Push Notification service (APNs) to yet. To renew an existing certificate, see Renew APNs certificate (page 13). 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 2. Click APNs certificate wizard. 3. On the Mode page, click Create a new APNs certificate. 4. On the CSR page, click Download certificate signing request. This saves the certificate signing request file apple.csr to your local computer. 5. You need an Apple ID. Even if you already have an ID, we recommend that you create a new one for use with. On the Apple ID page, click Create Apple ID in the Apple portal. This opens an Apple web page where you can create an Apple ID for your company. Store the credentials in a safe place where your colleagues can access them. Your company will need these credentials to renew the certificate each year. 6. In the wizard, enter your new Apple ID in the Apple ID field. 7. On the Certificate page, click Create certificate on the Apple portal. This opens the Apple Push Certificates Portal. 8. Log in with your Apple ID and upload the certificate signing request file apple.csr. 9. Download the.pem APNs certificate file and save it to your computer. 10. On the Upload page, click Upload certificate and then browse for the.pem file that you received from the Apple Push Certificates Portal. 11. Click Save. reads the certificate and displays the certificate details on the APNs tab Renew APNs certificate Prerequisite: You have uploaded a certificate for the Apple Push Notification service (APNs) to that is about to be expire and needs to be renewed. To create and upload a new certificate, see Create APNs certificate (page 13). Copyright 2019 Sophos Limited 13

18 Important In the Apple portal, it is important that you select the correct APNs certificate for renewal. If you renew the wrong certificate, you might need to re-enroll all ios and macos devices. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 2. Click APNs certificate wizard. 3. On the Mode page, click Renew my APNs certificate. 4. On the CSR page, click Download certificate signing request. This saves the certificate signing request file apple.csr to your local computer. 5. On the Apple ID page, the Apple ID used to create the initial APNs certificate is displayed. You need this ID to log into the Apple portal. 6. On the Certificate page, click Renew certificate on the Apple portal. This opens the Apple Push Certificates Portal. 7. Log in with the Apple ID that was displayed in the wizard. 8. In the Apple Push Certificates Portal, click Renew next to your APNs certificate. 9. Upload the certificate signing request file apple.csr you prepared earlier. 10. Download the.pem APNs certificate file and save it to your computer. 11. On the Upload page, click Upload certificate and then browse for the.pem file that you received from the Apple Push Certificates Portal. 12. Click Save. Important If the following message is shown, you are not renewing the correct certificate: The topic of the new certificate does not correspond to the old one. If devices have been set up with the previous certificate, they have to be set up again. Do you really want to save your changes? This message indicates that you are about to create a new APNs certificate with a different identifier. If you confirm the message, all existing ios and macos devices are not manageable any more and you have to re-enroll them. For information on how to select the correct certificate, see Identify the correct APNs certificate for renewal (page 14) Identify the correct APNs certificate for renewal When you renew your Apple Push Notification service (APNs) certificate for the server as described in Renew APNs certificate (page 13), it is important that on the Apple portal you select the correct APNs certificate for renewal. This section describes how to identify the APNs certificate that is currently uploaded to the Sophos Mobile server. Retrieve the certificate identifier: 1. Log in to Sophos Central Admin and open the Mobile view from the My Products section of the main menu. 2. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the APNs tab. 3. Make a note of the Topic value that is displayed under APNs certificate. Identify the certificate: 14 Copyright 2019 Sophos Limited

19 4. Use your web browser to open the URL of the Apple Push Certificates Portal, identity.apple.com/pushcert/. If you are experiencing issues with certain features of the Apple portal when using Microsoft Internet Explorer, we recommend that you use the latest version of the Firefox, Opera, Chrome or Safari browser instead. 5. Log in with the Apple ID that you used for the creation of the initial APNs certificate. 6. In the list of APNs certificates, click the Certificate Info icon This displays the certificate details. next to a certificate entry. 7. In the Subject DN field, locate the value that follows the string UID=. If this matches the identifier that you determined in Admin, you have identified the correct certificate Check APNs connectivity of devices Users of the Control app for ios can check if their devices are able to connect to the Apple Push Notification service (APNs) server. 1. In the Control app, tap the Information icon to open the About screen. 2. Tap Check APNs. The app tries to connect to the Apple APNs server. The expected server response time is 5 seconds or less. Check your firewall settings if the APNs server can t be reached. For a list of required connections see the server deployment guide. 6.8 Configure ios AirPlay destinations With you can remotely trigger AirPlay mirroring between an ios device and predefined AirPlay destinations (for example AppleTV). AirPlay only works for devices within the same network. You can define destinations for AirPlay mirroring. 1. On the menu sidebar, under SETTINGS, click Setup > Apple setup, and then click the ios AirPlay tab. 2. In the AirPlay destinations section, click Create AirPlay destination. The AirPlay destination page is displayed. 3. Enter the device name and, optionally, the MAC address of the AirPlay destination device. If required, enter the password of the device. 4. Click Apply. The device is shown under AirPlay destinations in the ios AirPlay tab of the Apple setup page. 5. Click Save. You can trigger AirPlay mirroring between an ios device and this destination by clicking Request AirPlay mirroring from the Actions menu on the Show device page for the relevant device. Copyright 2019 Sophos Limited 15

20 6.9 Android settings On the Android tab of the Android setup page, you configure settings for Android devices: Set Android management mode (page 16) Enable Baidu Cloud Push service (page 17) Host Sophos apps on your web server (page 16). Configure the synchronization interval of the Control app (page 17) Set Android management mode For Android devices, you can choose between the Device administrator and Android enterprise management modes. Device administrator Android enterprise Control is a device administrator and uses Android mobile device management (MDM) to manage a device. Control is the device or profile owner and uses Android enterprise to manage a device or a work area on the device. We recommend you use Android enterprise. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. In Management mode, select the management mode for Android devices. 3. Click Save. This setting affects which policy types are available in the user interface. If you ve selected the Android enterprise mode, you must set up Android enterprise for your organization before you can enroll devices. See Set up Android enterprise - Overview (page 288) Host Sophos apps on your web server You can host the Sophos apps that users install during enrollment on an internal web server instead of Google Play. Important This option introduces a security risk. When you host the Sophos apps on an internal web server, you must allow app installations from outside Google Play in general. Make sure the latest app versions are installed on the mobile devices. Regularly upload new versions from the Sophos Product Downloads and Updates web page to your web server and then use a task bundle to install them onto the devices. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. Under Select installation source, select Hosted APK file. 16 Copyright 2019 Sophos Limited

21 3. Enter the URL of the Control app in URL of the SMC APK file. For example, if you have copied the APK file to an smc subdirectory below the deployment directory of your web server, enter this URL: <web_server_address>/smc/smc.apk The devices must be able to access the URL. 4. Likewise, enter the URL of the Security app in URL of the SMSec APK file. This requires a Mobile Advanced license. 5. Click Save Configure the synchronization interval of the Control app The Control app synchronizes with the server at these times: Immediately, when it needs to communicate device-side changes. On request, when it is triggered by the server through the push notification services Google Cloud Messaging (GCM) and, optionally, Baidu Cloud Push. Time scheduled, every 24 hours by default. If required, you can use a shorter interval for the time scheduled synchronization. For on Premise, this is configured by the super administrator. Important The default value of 24 hours is sufficient in most cases. We recommend that you only use a shorter interval if the push notification services do not work in your environment. Using shorter intervals impacts battery life and data consumption and causes higher server load. To configure the synchronization interval that the Control app on Android devices uses: 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. Under SMC app sync interval, select a value between 15 minutes and 24 hours from the Sync interval list. 3. Click Save Enable Baidu Cloud Push service uses the Google Firebase Cloud Messaging (FCM) service to send push notifications to Android devices, to trigger them to contact the server. In China, FCM will likely not work. Therefore, can also use Baidu Cloud Push, which is a Chinese push notification service. If you manage Android devices that are located in China, enable the Baidu Cloud Push service as follows: 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Android tab. 2. In the Baidu Cloud Push service section, select Enable Baidu Cloud Push service. 3. Click Save. Copyright 2019 Sophos Limited 17

22 When Baidu Cloud Push is enabled, sends all push notifications through FCM and through Baidu Cloud Push Register Samsung Knox license If you have a Samsung Knox Premium license, you can manage the Knox container on your Samsung devices with. 1. On the menu sidebar, under SETTINGS, click Setup > Android setup, and then click the Samsung Knox license tab. 2. Enter your Samsung Knox Premium license key. You can enter a license key of type KPE Premium or KLM Workspace. 3. Click Save Configure polling interval for Windows devices For Windows devices, you can configure the polling interval at which the Windows MDM client contacts the server. Usually, the server contacts the client using push notifications. Polling is used as a safety measure when the push notification service is not available. The default values are sufficient in most cases. Using shorter intervals impacts battery life and data consumption and causes higher server load. 1. On the menu sidebar, under SETTINGS, click Setup > Microsoft setup, and then click the Windows tab. 2. Select polling intervals for the different Windows operating systems. You can configure individual settings for: Windows 10 Mobile and Windows Phone 8.1 devices Windows 10 computers 3. Click Save Simple Certificate Enrollment Protocol (SCEP) With, you can distribute certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). You define the settings required for devices in an SCEP configuration of a device profile (Android and ios) or a policy (Windows Mobile) Prerequisites In order to use the Simple Certificate Enrollment Protocol, the following prerequisites must be fulfilled: An SCEP-enabled Windows CA exists in the environment. 18 Copyright 2019 Sophos Limited

23 Login credentials for a user who can create a challenge code are available. The server has http or https access to the following sites: Configure SCEP 1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the SCEP tab. 2. Specify the following: a) In the SCEP server URL field, enter b) In the Challenge URL field, enter If you use a Windows 2003 server as the SCEP server, enter SERVER/CertSrv/MSCEP. c) In the User and Password fields, enter the user credentials of the user who can create a challenge code. In the User field, enter a user who has the necessary rights to enroll certificates. Use the logon format: username@domain d) In the Challenge characters field, select the character types that are used for the challenge password. e) In the Challenge length field, accept the default length. f) Optional: Clear the Use HTTP proxy option if you want to bypass the HTTP proxy when connecting to the SCEP server. This option is only available if the HTTP proxy is enabled. 3. Click Save. tests the connection to your SCEP server. To deploy a profile using SCEP, add a SCEP configuration to an Android or ios device profile or to a Windows Mobile policy. Tip In the profile or policy, you can configure an interval after which the device automatically requests a certificate renewal Create customer properties When you create a property with name my property, you can refer to the value of the property by using the placeholder %_CUSTPROP(my property)_%. For details on placeholders, see Placeholders in profiles and policies (page 83). Copyright 2019 Sophos Limited 19

24 To create a customer property: 1. On the menu sidebar, under SETTINGS, click Setup > Sophos setup, and then click the Customer properties tab. 2. Click Add customer property. 3. Enter a name and a value for the customer property. 4. Click Apply. 5. Click Save. The customer property is added to. 20 Copyright 2019 Sophos Limited

25 7 Configure Self Service Portal With the Self Service Portal you can reduce IT efforts by allowing users to enroll devices on their own and carry out other tasks without having to contact the helpdesk. With a Self Service Portal configuration you define the following: The user groups allowed to use the Self Service Portal. The types of devices users can enroll. The device actions users can perform. The Self Service Portal is available for the following platforms: Android ios macos Windows Mobile Windows 7.1 Configure Self Service Portal settings Important Because of the complexity of the Self Service Portal settings configuration, we recommend that you test device enrollment for different user groups before you roll out the settings to your actual users. 1. On the menu sidebar, under SETTINGS, click Setup > Self Service Portal. 2. Click Enrollment texts and then add a terms of use text and a post-enrollment text. When you assign these texts to your Self Service Portal configuration, they are displayed before and after the enrollment, respectively. For details, see Create enrollment texts (page 23). 3. On the Self Service Portal configurations page, click Add to create a configuration. You can create several configurations and assign these to different user groups. 4. Configure the following settings: Option Name The name of the configuration. In the Self Service Portal, users select a configuration by this name. User groups Click Add and then enter a user group. The configuration is applied to all members of that group. You can add more than one user group to a configuration, but you can t add the same user group to different configurations. Maximum number of devices The maximum number of devices a user can enroll in the Self Service Portal. Copyright 2019 Sophos Limited 21

26 Option Actions Click Show and then select the management actions a user can perform in the Self Service Portal. For details of actions supported by a device platform, see Available Self Service Portal actions (page 23). 5. Click Add and then click the device platform you want to configure. 6. In the Configure platform settings dialog, configure the following settings: Option Display name The name of the platform settings. In the Self Service Portal, users select an enrollment type by this name. A description of the platform settings. This description is displayed in the Self Service Portal next to the name. Owner Device group Enrollment package Terms of use The owner mode (corporate or personal) of devices enrolled with this configuration. The device group the device is added to. The task bundle (for Android, ios, and macos) or policy (for Windows and Windows Mobile) sent to the device. The text to be displayed in the Self Service Portal before the enrollment. Leave this field empty to display no text. Users must agree to the text to proceed with the enrollment. Post-enrollment text The text to be displayed in the Self Service Portal after the enrollment. Leave this field empty to display no text. 7. Click Apply to add the platform settings to the Self Service Portal configuration. 8. If required, configure additional platforms. For each platform, you can configure different settings for corporate and for personal devices. 9. On the Edit Self Service Portal configuration page, click Save. If required, add more Self Service Portal settings for other user groups. On the Self Service Portal configurations page, you can use the arrow icons next to a configuration to change its priority. If Self Service Portal users match more than one configuration (because they are a member of several groups), the configuration with the highest priority is used. There always is a Default configuration. This configuration has the lowest priority, so that it is only used when no other configuration matches a user. 22 Copyright 2019 Sophos Limited

27 7.2 Create enrollment texts A Self Service Portal configuration can include a terms of use text and a post-enrollment text that are displayed before and after the enrollment, respectively. You create these texts separate from the Self Service Portal configuration and then assign them as required. 1. On the menu sidebar, under SETTINGS, click Setup > Self Service Portal. 2. Click Enrollment texts and then click the type of text to create: Terms of use: A mobile policy, disclaimer or agreement text that is displayed before the enrollment. Users must agree to the text to proceed with the enrollment. Post-enrollment text: Text to be displayed after the enrollment, for example a description of post-enrollment tasks the user must perform. 3. On the Edit enrollment text page, enter a name for the text and the text itself. You may use HTML markup to format the text. 4. Click Save. When you configure a Self Service Portal setting, you can select one terms of use text and one postenrollment text for every type of enrollment. Related tasks Configure Self Service Portal settings (page 21) 7.3 Available Self Service Portal actions Self Service Portal actions let users manage their devices. You set the available actions in the Self Service Portal configuration. Action Platforms Locate device Locate a device if it s lost or stolen. Android ios Windows Mobile Windows Lock device Lock a device if it s lost or stolen. Android ios macos Windows Mobile Reconfigure device Reconfigure the Control app, for example if the user uninstalled it accidentally. Android ios macos Windows Mobile Windows Copyright 2019 Sophos Limited 23

28 Action Platforms Show compliance violations Refresh data For non-compliant devices, show violation details. Synchronize a device with the server. Depending on your compliance policy, devices might become non-compliant when they don t synchronize regularly, for example when they are switched off for a long time. If this happens, users can perform this action to make the device compliant again. Android ios macos Windows Mobile Windows Android ios macos Windows Mobile Windows This function is not available for devices on which only manages the Sophos container. Reset password Wipe Wipe Android work profile Reset the lock screen password. For Android and ios devices, sets a temporary password. After the user has unlocked the device, they must set a new password. For Android enterprise devices in profile owner mode, the work profile s password is reset. For ios devices, deletes the password. The user must set a new password within 60 minutes. Reset a device to its factory settings if it s lost or stolen. All data on the device is deleted. Remove the work profile from a device. This also unenrolls the device from. Android ios Windows Mobile Android ios macos Windows Mobile Windows Android 24 Copyright 2019 Sophos Limited

29 Action Platforms Unenroll device Unenroll a device from. Android ios macos Windows Mobile Windows Delete unmanaged device Delete a device from. Android ios macos Windows Mobile Windows Reset App Protection password Reset Sophos container password Reconfigure the SMC app Reset the App Protection password. Users must enter this password to use apps you ve defined as protected. Reset the Sophos container password. Users must enter this password to use the Sophos container apps Sophos Secure and Sophos Secure Workspace. Reconfigure an already installed Sophos Mobile Control app. Android Android ios ios Windows Mobile Managed Lost Mode Turn Managed Lost Mode on or off. ios Play Lost Mode sound Play a sound on a device in Managed Lost Mode. ios Related tasks Configure Self Service Portal settings (page 21) Copyright 2019 Sophos Limited 25

30 8 Compliance policies With compliance policies you can: Allow, forbid or enforce certain features of a device. Define actions that are executed when a compliance rule is violated. You can create different compliance policies and assign them to device groups. This allows you to apply different levels of security to your managed devices. Tip If you are planning to manage both corporate and private devices, we recommend that you define separate compliance policies for at least these two device types. 8.1 Create compliance policy 1. On the menu sidebar, under CONFIGURE, click Compliance policies. 2. On the Compliance policies page, click Create compliance policy, and then select the template the policy will be based on: Default template: A selection of compliance rules, with no actions defined. PCI template, HIPAA template: Compliance rules and actions based on the HIPAA and the PCI DSS security standard, respectively. Your choice of template doesn t restrict your subsequent configuration options. 3. Enter a name and, optionally, a description for the compliance policy. Repeat the following steps for all required platforms. 4. Make sure that the Enable platform check box on each tab is selected. If this check box is not selected, devices of that platform are not checked for compliance. 5. Under Rule, configure the compliance rules for the particular platform. Each compliance rule has a fixed severity level (high, medium, low) that is depicted by a blue icon. The severity helps you to assess the importance of each rule and the actions you should implement when it is violated. For devices where manages the Sophos container instead of the whole device, only a subset of compliance rules is applicable. In Highlight rules, select a management type to highlight the rules that are relevant. 6. Under If rule is violated, define the actions that will be taken when a rule is violated: Option Deny Forbid access. 26 Copyright 2019 Sophos Limited

31 Option Lock container Set health Create alert Transfer task bundle This action can only be taken if you have configured a connection to the standalone EAS proxy. See Configure a connection to the standalone EAS proxy server (page 330). This action is only available for Android, ios, Windows and Windows Mobile devices. Disable the Sophos Secure Workspace and Secure apps. This affects document, and web access that is managed by these apps. This action can only be taken when you have activated a Mobile Advanced license. This action is only available for Android and ios devices. Select the health status (Red, Yellow, Green) the device gets if it violates this rule. If the device violates more than one rule, it gets its health status from the rule that s associated with the worst health. reports the health status to Sophos Wireless. Depending on your Sophos Wireless configuration, network access is restricted. This action is available for Android and ios devices if you ve turned on Synchronized Security. See Turn on Synchronized Security (page 55). Trigger an alert. The alerts are displayed on the Alerts page of Sophos Central Admin. Transfer a specific task bundle to the device. Select a task bundle from the list, or select None to transfer no task bundle when the compliance rule is violated. This action is only available for Android, ios, macos and Windows devices. Important When used incorrectly, task bundles may misconfigure or even wipe devices. To assign the correct task bundles to compliance rules, an in-depth knowledge of the system is required. When a device in Android enterprise device owner mode becomes non-compliant, all apps are disabled. 7. When you have made the settings for all required platforms, click Save to save the compliance policy under the name that you specified. Copyright 2019 Sophos Limited 27

32 8.2 Available compliance rules This section lists the compliance rules that you can select for the individual platforms. Rule Platforms Managed required Minimum SMC version Root access allowed Define the action that will be executed when a device is no longer managed. Enter the minimum Control app version that has to be installed onto the device. Select whether devices with root rights are allowed. Android ios macos Windows Mobile Windows Android ios Windows Mobile Android For Sony devices with Enterprise API version 4 or above and for Samsung devices with Knox version 5.5 or below, this includes all devices that are classified insecure by the MDM API, for example because the bootloader is unlocked. Google SafetyNet compatibility required Apps from unknown sources allowed Android Debug Bridge (ADB) allowed Allow jailbreak The device must pass the Compatibility Test Suite (CTS), a Google SafetyNet test for Android compatibility. Select whether apps from unknown sources are allowed. This rule only affects devices with Android 7.x or earlier. With Android 8, the system setting to restrict app installation sources was removed. Select whether ADB (Android Debug Bridge) is allowed. Select whether jailbroken devices are allowed. Android Android Android ios 28 Copyright 2019 Sophos Limited

33 Rule Platforms Screen lock required Minimum OS version Maximum OS version Mandatory OS updates Maximum synchronization gap Maximum SMC synchronization gap Maximum SMSec synchronization gap Select whether a device password or other screen lock mechanism (like pattern or PIN) is required. For Android, this includes the display lock types Pattern, PIN and Password, but not Swipe. Windows Mobile devices that have no password policy assigned are always reported as non-compliant. This is a Windows limitation. Select the earliest operating system version required. Select the latest operating system version allowed. Select if devices must have the latest available or the latest required update installed. Some ios updates are classified as required by Apple. The latest available update might be newer than the latest required update. The maximum allowed gap between device synchronization events. The maximum allowed gap between Control app synchronization events. The maximum allowed gap between Security app synchronization events. Android ios Windows Mobile Windows Android ios macos Windows Mobile Windows Android ios macos Windows Mobile Windows ios Android ios macos Windows Mobile Windows ios Windows Mobile Android ios Copyright 2019 Sophos Limited 29

34 Rule Platforms Maximum SMSec scan gap Denial of SMSec permissions allowed Malware apps allowed Suspicious apps allowed PUAs allowed Encryption required Third-party profiles allowed The maximum allowed gap between malware scans performed by the Security app. Security needs permissions on the device to work properly. The user has to grant these permissions when the app is installed. Select whether a denial of the required permissions results in a compliance violation. Select whether malware apps that have been detected by Sophos Mobile Security are allowed. Select whether suspicious apps that have been detected by Sophos Mobile Security are allowed. Select whether Potentially Unwanted Apps (PUAs) that have been detected by Security are allowed. Select whether encryption is required for devices. Users must additionally enable the Require PIN to start device or Require Password to start device setting when they set a screen lock. See Sophos knowledge base article For macos, this setting applies to FileVault full-disk encryption. For Windows Mobile, a violation is only reported if the restriction Forbid unencrypted device is set as well. This is a Windows limitation. This rule is not available for ios because iphones and ipads are always encrypted. Configuration profiles not managed by are allowed. Android Android Android Android Android Android macos Windows Mobile Windows ios Data roaming allowed Data roaming is allowed. Android ios 30 Copyright 2019 Sophos Limited

Sophos Mobile in Central

Sophos Mobile in Central administrator help Product Version: 8 Contents About this help...1 About Sophos Mobile Admin... 2 User interface... 2 Table views... 2 User roles... 3 Key steps for managing devices with Sophos Mobile...4

More information

Sophos Mobile in Central administrator help. Product version: 7.1

Sophos Mobile in Central administrator help. Product version: 7.1 Sophos Mobile in Central administrator help Product version: 7.1 Contents 1 About this help...6 2 Key steps for managing devices with Sophos Mobile...7 3 Dashboard...8 4 Reports...9 5 Tasks...10 5.1 Monitor

More information

Sophos Mobile. administrator help. product version: 9

Sophos Mobile. administrator help. product version: 9 administrator help product version: 9 Contents About this help... 1 About...2 About Admin... 3 Dashboard... 3 Table views...4 Prerequisites... 4 User roles... 4 Change your password... 5 Password recovery...

More information

Sophos Mobile on Premise

Sophos Mobile on Premise administrator help product version: 8.6 Contents About this help... 1 About Sophos Mobile...2 About Sophos Mobile Admin... 3 User interface... 3 Table views...3 Prerequisites... 4 User roles... 4 Change

More information

Sophos Mobile Control Administrator guide. Product version: 5.1

Sophos Mobile Control Administrator guide. Product version: 5.1 Sophos Mobile Control Administrator guide Product version: 5.1 Document date: June 2015 Contents 1 About Sophos Mobile Control...5 1.1 Sophos Mobile Control on premise and as a Service...5 1.2 About this

More information

Sophos Mobile. startup guide. Product Version: 8.1

Sophos Mobile. startup guide. Product Version: 8.1 Sophos Mobile startup guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are

More information

Sophos Mobile administrator help. Product version: 7.1

Sophos Mobile administrator help. Product version: 7.1 Sophos Mobile administrator help Product version: 7.1 Contents 1 About this help...6 2 About Sophos Mobile...7 3 About the Sophos Mobile console...8 3.1 User interface...8 3.2 Table views...9 3.3 Prerequisites...9

More information

Sophos Mobile. startup guide. Product Version: 8.5

Sophos Mobile. startup guide. Product Version: 8.5 Sophos Mobile startup guide Product Version: 8.5 Contents About this guide... 1 Sophos Mobile licenses... 2 Trial licenses...2 Upgrade trial licenses to full licenses... 2 Update licenses... 2 What are

More information

Sophos Mobile Control startup guide. Product version: 7

Sophos Mobile Control startup guide. Product version: 7 Sophos Mobile Control startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 Sophos Mobile Control licenses...7 3.1 Trial licenses...7 3.2 Upgrade trial licenses

More information

Sophos Mobile as a Service

Sophos Mobile as a Service startup guide Product Version: 8 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses...5 Check your licenses...6

More information

Sophos Mobile in Central

Sophos Mobile in Central startup guide Product Version: 8.1 Contents About this guide... 1 What are the key steps?... 2 Activate Mobile Advanced licenses... 3 Configure settings... 4 Configure personal settings...4 Configure technical

More information

Sophos Mobile in Central

Sophos Mobile in Central startup guide product version: 8.6 Contents About this guide... 1 What are the key steps?... 2 Activate Mobile Advanced licenses... 3 Configure settings... 4 Configure personal settings...4 Configure IT

More information

Sophos Mobile SaaS startup guide. Product version: 7.1

Sophos Mobile SaaS startup guide. Product version: 7.1 Sophos Mobile SaaS startup guide Product version: 7.1 Contents 1 About this guide...4 2 What are the key steps?...5 3 Change your password...6 4 Change your login name...7 5 Activate SMC Advanced licenses...8

More information

Sophos Mobile as a Service

Sophos Mobile as a Service startup guide product version: 8.6 Contents About this guide... 1 What are the key steps?... 2 Change your password... 3 Change your login name... 4 Activate Mobile Advanced licenses... 5 Check your licenses...6

More information

Sophos Mobile. super administrator guide. Product Version: 8

Sophos Mobile. super administrator guide. Product Version: 8 Sophos Mobile super administrator guide Product Version: 8 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...

More information

Sophos Mobile. super administrator guide. product version: 8.6

Sophos Mobile. super administrator guide. product version: 8.6 Sophos Mobile super administrator guide product version: 8.6 Contents About this guide... 1 Document conventions... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer...

More information

Sophos Mobile Control SaaS startup guide. Product version: 7

Sophos Mobile Control SaaS startup guide. Product version: 7 Sophos Mobile Control SaaS startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your password...8 5 Change your login

More information

Sophos Mobile. super administrator guide. product version: 9

Sophos Mobile. super administrator guide. product version: 9 super administrator guide product version: 9 Contents About this guide... 1 Super administrator... 2 Super administrator tasks...2 Super administrator customer... 3 Log in as super administrator... 3 Switch

More information

Sophos Mobile super administrator guide. Product version: 7.1

Sophos Mobile super administrator guide. Product version: 7.1 Sophos Mobile super administrator guide Product version: 7.1 Contents 1 About this guide...4 1.1 Document conventions...4 2 Super administrator...5 2.1 Super administrator tasks...5 2.2 Super administrator

More information

Sophos Mobile Control Super administrator guide. Product version: 3.5

Sophos Mobile Control Super administrator guide. Product version: 3.5 Sophos Mobile Control Super administrator guide Product version: 3.5 Document date: July 2013 Contents 1 About Sophos Mobile Control...3 2 Super administrator accounts...4 3 The super administrator customer...5

More information

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Sophos Mobile Control SaaS startup guide. Product version: 6.1 Sophos Mobile Control SaaS startup guide Product version: 6.1 Document date: September 2016 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 What are the key steps?...7 4 Change your

More information

Sophos Mobile. user help. product version: 8.6

Sophos Mobile. user help. product version: 8.6 user help product version: 8.6 Contents About this help... 1 About...2 Set up on your device... 3 Enrollment steps for Android devices... 3 Enrollment steps for ios devices...3 Enrollment steps for Macs...

More information

Sophos Central Self Service Portal help

Sophos Central Self Service Portal help Sophos Central Self Service Portal help Contents 1 About this Help...3 2 Email...4 2.1 Manage Quarantined Email...4 2.2 Emergency Inbox...4 3 Mobile Control...5 3.1 Set up Sophos Mobile Control on your

More information

Verizon MDM UEM Unified Endpoint Management

Verizon MDM UEM Unified Endpoint Management Verizon MDM UEM Unified Endpoint Management Version: 1.0 Last Updated: 3/29/18 Table of Contents Unified Endpoint Management (UEM) Overview... 4 Account Dashboard... 4 Unified Endpoint Management (UEM)

More information

Sophos Mobile user help. Product version: 7.1

Sophos Mobile user help. Product version: 7.1 Sophos Mobile user help Product version: 7.1 Contents 1 About this help...4 2 About Sophos Mobile...5 3 Login to the Self Service Portal...6 3.1 First login...6 3.2 Login...6 3.3 Password recovery...6

More information

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902

Integration with Apple Configurator 2. VMware Workspace ONE UEM 1902 Integration with Apple Configurator 2 VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about

More information

ZENworks 2017 Update 4 Troubleshooting Mobile Device Management

ZENworks 2017 Update 4 Troubleshooting Mobile Device Management ZENworks 2017 Update 4 Troubleshooting Mobile Device Management January 2019 This section provide solutions to the problems you might encounter while using the Mobile Management feature. Section 1, Log

More information

VMware Workspace ONE UEM Integration with Apple School Manager

VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM Integration with Apple School Manager VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation

More information

Sophos Mobile. installation guide. Product Version: 8.5

Sophos Mobile. installation guide. Product Version: 8.5 installation guide Product Version: 8.5 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...

More information

Sophos Mobile. installation guide. product version: 8.6

Sophos Mobile. installation guide. product version: 8.6 installation guide product version: 8.6 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses...

More information

1 About this document System environment Communication between devices and push servers Technical support...

1 About this document System environment Communication between devices and push servers Technical support... Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push servers... 13 4 Technical support... 15 5 Legal notices... 16 Installation prerequisites form 1 About

More information

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch VMware Workspace ONE UEM Apple tvos Device Management VMware Workspace ONE UEM 1811 VMware AirWatch You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Sophos Mobile Control Installation guide

Sophos Mobile Control Installation guide Sophos Mobile Control Installation guide Product version: 1.0 Document date: May 2011 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Apple Push

More information

Sophos Mobile. installation guide. product version: 9

Sophos Mobile. installation guide. product version: 9 installation guide product version: 9 Contents About this guide... 1 About...2 licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses... 3 Update licenses... 3 Set up... 4 Installation

More information

NotifyMDM Device Application User Guide Installation and Configuration for Android

NotifyMDM Device Application User Guide Installation and Configuration for Android NotifyMDM Device Application User Guide Installation and Configuration for Android NotifyMDM for Android, Version 3.x NotifyMDM for Android 1 Table of Contents NotifyMDM for Android 3 Installation Instructions

More information

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes Workspace ONE UEM v9.6 Have documentation feedback? Submit

More information

Sophos Mobile. server deployment guide. product version: 9

Sophos Mobile. server deployment guide. product version: 9 server deployment guide product version: 9 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 16 EAS proxy usage scenarios...20 EAS proxy architecture

More information

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware

More information

Sophos Mobile Control Administrator guide. Product version: 2 Document date: December 2011

Sophos Mobile Control Administrator guide. Product version: 2 Document date: December 2011 Sophos Mobile Control Administrator guide Product version: 2 Document date: December 2011 Contents 1 Glossary... 3 2 About Sophos Mobile Control... 4 3 Prerequisites... 6 4 Login... 7 5 Overview... 8 6

More information

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Sophos Mobile. installation guide. Product Version: 8

Sophos Mobile. installation guide. Product Version: 8 installation guide Product Version: 8 Contents About this guide... 1 About Sophos Mobile...2 Sophos Mobile licenses... 3 Trial licenses...3 Upgrade trial licenses to full licenses...3 Update licenses...3

More information

Google Sync Integration Guide. VMware Workspace ONE UEM 1902

Google Sync Integration Guide. VMware Workspace ONE UEM 1902 Google Sync Integration Guide VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation,

More information

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes

VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes VMware AirWatch Integration with Apple School Manager Integrate with Apple's School Manager to automatically enroll devices and manage classes AirWatch v9.3 Have documentation feedback? Submit a Documentation

More information

Sophos Mobile. server deployment guide. product version: 8.6

Sophos Mobile. server deployment guide. product version: 8.6 Sophos Mobile server deployment guide product version: 8.6 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 9 Usage scenarios for the standalone

More information

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices VMware AirWatch tvos Platform Guide Deploying and managing tvos devices AirWatch v9.3 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

VMware AirWatch Google Sync Integration Guide Securing Your  Infrastructure VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

Compliance Manager ZENworks Mobile Management 2.7.x August 2013 www.novell.com/documentation Compliance Manager ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this

More information

ForeScout Extended Module for VMware AirWatch MDM

ForeScout Extended Module for VMware AirWatch MDM ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5

More information

Systems Manager Cloud-Based Enterprise Mobility Management

Systems Manager Cloud-Based Enterprise Mobility Management Datasheet Systems Manager Systems Manager Cloud-Based Enterprise Mobility Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, monitoring, and

More information

Sophos Mobile Control installation prerequisites form. Product version: 7

Sophos Mobile Control installation prerequisites form. Product version: 7 Sophos Mobile Control installation prerequisites form Product version: 7 Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push servers... 11 4 Technical

More information

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

VMware AirWatch Google Sync Integration Guide Securing Your  Infrastructure VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard

More information

Compliance Manager ZENworks Mobile Management 3.0.x January 2015

Compliance Manager ZENworks Mobile Management 3.0.x January 2015 www.novell.com/documentation Compliance Manager ZENworks Mobile Management 3.0.x January 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this

More information

Mobility Manager 9.5. Users Guide

Mobility Manager 9.5. Users Guide Mobility Manager 9.5 Users Guide LANDESK MOBILITY MANAGER Copyright 2002-2013, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or trademarks

More information

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments

VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments VMware AirWatch Integration with Apple Configurator 2 Guide Using Apple Configurator 2 and AirWatch to simplify mass deployments AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback

More information

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management Lookout Mobile Endpoint Security Deploying Lookout with BlackBerry Unified Endpoint Management June 2018 2 Copyright and disclaimer Copyright 2018, Lookout, Inc. and/or its affiliates. All rights reserved.

More information

Workspace ONE UEM Mobile Device Management Guide. VMware Workspace ONE UEM 1810

Workspace ONE UEM Mobile Device Management Guide. VMware Workspace ONE UEM 1810 Workspace ONE UEM Mobile Device Management Guide VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

Vodafone Secure Device Manager Administration User Guide

Vodafone Secure Device Manager Administration User Guide Vodafone Secure Device Manager Administration User Guide Vodafone New Zealand Limited. Correct as of June 2017. Vodafone Ready Business Contents Introduction 3 Help 4 How to find help in the Vodafone Secure

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Workspace MDM Management Site Manual

Workspace MDM Management Site Manual Workspace MDM Management Site Manual 8. Appendix (Web site ver 8.1.1) 1 1 Appendix... 3 1.1 Function list... 4 1.2 Easy Setup procedure... 8 1.3 Input method of import data... 10 1.4 Details on CSV for

More information

Pulse Workspace Appliance. Administration Guide

Pulse Workspace Appliance. Administration Guide Pulse Workspace Appliance Administration Guide Product Release 2.0, 1743.1 Document Revisions 1.0 Published Date January 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 The Pulse

More information

Integrating AirWatch and VMware Identity Manager

Integrating AirWatch and VMware Identity Manager Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager

VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Table of Contents Lab Overview - HOL-1857-03-UEM - Workspace ONE UEM with App & Access Management... 2 Lab Guidance... 3 Module 1 - Workspace

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

ForeScout Extended Module for MobileIron

ForeScout Extended Module for MobileIron Version 1.8 Table of Contents About MobileIron Integration... 4 Additional MobileIron Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...

More information

Sophos Mobile. server deployment guide. Product Version: 8.1

Sophos Mobile. server deployment guide. Product Version: 8.1 Sophos Mobile server deployment guide Product Version: 8.1 Contents About this guide... 1 Sizing considerations... 2 Architecture examples...6 Ports and protocols... 9 Usage scenarios for the standalone

More information

NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown

NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown NotifyMDM Device Application User Guide Installation and Configuration for ios with TouchDown NotifyMDM for ios Devices, Version 3.x NotifyMDM for ios with TouchDown 1 Table of Contents NotifyMDM for ios

More information

VMware AirWatch: Directory and Certificate Authority

VMware AirWatch: Directory and Certificate Authority Table of Contents Lab Overview - HOL-1857-06-UEM - VMware AirWatch: Directory and Certificate Authority Integration... 2 Lab Guidance... 3 Module 1 - Advanced AirWatch Configuration, AD Integration/Certificates

More information

McAfee MVISION Mobile epo Extension Product Guide

McAfee MVISION Mobile epo Extension Product Guide McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Windows 8/RT Features Matrix

Windows 8/RT Features Matrix Windows 8/RT Features Matrix The following matrix shows what AirWatch features are available to the Windows 8.0/RT and the Windows 8.1/RT platforms. Feature Windows 8.0/RT Windows 8.1/RT Activation & Enrollment

More information

The following device commands are used most frequently: Lock/Unlock device O - O O. Reset screen password O - O - Factory reset + Initialize SD Card

The following device commands are used most frequently: Lock/Unlock device O - O O. Reset screen password O - O - Factory reset + Initialize SD Card 10 Device management Administrators can install apps on an activated device using device commands and check the profiles settings. Moreover, they can update, delete, or re-install apps installed on users'

More information

Deploying Lookout with IBM MaaS360

Deploying Lookout with IBM MaaS360 Lookout Mobile Endpoint Security Deploying Lookout with IBM MaaS360 February 2018 2 Copyright and disclaimer Copyright 2018, Lookout, Inc. and/or its affiliates. All rights reserved. Lookout, Inc., Lookout,

More information

VMware Workspace ONE UEM Mobile Device Management Documentation. VMware Workspace ONE UEM 1811

VMware Workspace ONE UEM Mobile Device Management Documentation. VMware Workspace ONE UEM 1811 VMware Workspace ONE UEM Mobile Device Management Documentation VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1 VMware Workspace ONE Quick Configuration Guide VMware AirWatch 9.1 A P R I L 2 0 1 7 V 2 Revision Table The following table lists revisions to this guide since the April 2017 release Date April 2017 June

More information

Adding mobile applications

Adding mobile applications Adding mobile applications This section describes how to add, configure, and deploy mobile applications for Android, ios, and Mac OS X. You can deploy custom applications as well as applications purchased

More information

Sophos Enterprise Console Help. Product version: 5.3

Sophos Enterprise Console Help. Product version: 5.3 Sophos Enterprise Console Help Product version: 5.3 Document date: September 2015 Contents 1 About Sophos Enterprise Console 5.3...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7

More information

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MaaS360 Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...

More information

MDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/

MDM Android Client x - User Guide 7P Mobile Device Management. Doc.Rel: 1.0/ MDM Android Client 5.26.0x - User Guide 7P Mobile Device Management Doc.Rel: 1.0/ 2017-07-16 Table of Contents 1 Objectives and Target Groups... 9 1.1 Important information... 9 1.2 Third-Party Materials...

More information

The University of Toledo Intune End-User Enrollment Guide:

The University of Toledo Intune End-User Enrollment Guide: The University of Toledo Intune End-User Enrollment Guide: Contents Enroll your Android device in Intune... 2 Enroll your ios device in Intune... 15 Enroll your Mac OS X device in Intune... 25 Enroll your

More information

TabPilot Documentation

TabPilot Documentation Table of contents 1 Introduction... 5 2 Control Tower Interface... 7 2.1 Menu Navigation... 7 2.2 Working with Tables... 8 3 Setting Up TabPilot... 10 3.1 Overview... 10 3.2 Setting Up Android Devices...

More information

Provisioning Mobile Device Manager in the Control Panel. Admin Guide

Provisioning Mobile Device Manager in the Control Panel. Admin Guide Provisioning Mobile Device Manager in the Control Panel Admin Guide Document Revision Date: Mar. 8, 2013 Provisioning MDM in the Control Panel i Contents Overview... 1 Accessing MDM in the Control Panel...

More information

Sophos Mobile Control Installation prerequisites form

Sophos Mobile Control Installation prerequisites form Sophos Mobile Control Installation prerequisites form Product version: 5.1 Document date: July 2015 Contents 1 About this document... 3 2 System environment... 3 3 Communication between devices and push

More information

ios Supervised Devices

ios Supervised Devices www.novell.com/documentation ios Supervised Devices ZENworks Mobile Management 3.2.x October 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use

More information

McAfee Enterprise Mobility Management 12.0 Software

McAfee Enterprise Mobility Management 12.0 Software Product Guide McAfee Enterprise Mobility Management 12.0 Software For use with epolicy Orchestrator 4.6.7-5.1 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Sophos Central Admin. help

Sophos Central Admin. help help Contents About Sophos Central... 1 Activate Your License...2 Endpoint Protection...3 Dashboard...3 Alerts...4 Root Cause Analysis...9 Logs & Reports... 11 People... 24 Computers...33 Computer Groups...40

More information

Workspace ONE UEM Console Basics Documentation. VMware Workspace ONE UEM 1811

Workspace ONE UEM Console Basics Documentation. VMware Workspace ONE UEM 1811 Workspace ONE UEM Console Basics Documentation VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

Colligo Briefcase. for Good Technology. Administrator Guide

Colligo Briefcase. for Good Technology. Administrator Guide for Good Technology Administrator Guide Contents Introduction... 2 Target Audience... 2 Overview... 2 Key Features... 2 Platforms Supported... 2 SharePoint Security & Privileges... 3 for Good Technology...

More information

3CX Mobile Device Manager

3CX Mobile Device Manager 3CX Mobile Device Manager Manual 1 Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples

More information

Link to other configuration guides for information on...

Link to other configuration guides for information on... Configuration Guide: Adding Users and Enrolling Devices This guide provides information on...... Adding users manually or via batch import using the Add New User Wizard... Setting up an Organization for

More information

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE Deploying VMware Workspace ONE Intelligent Hub October 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have

More information

Configuration Guide. BlackBerry UEM Cloud

Configuration Guide. BlackBerry UEM Cloud Configuration Guide BlackBerry UEM Cloud Published: 2018-04-18 SWD-20180411125526296 Contents About this guide... 7 Getting started... 8 Configuring BlackBerry UEM Cloud for the first time... 8 Administrator

More information

Dell EM+S Intune. Android Enrollment Guide. Version 1.5

Dell EM+S Intune. Android Enrollment Guide. Version 1.5 Dell EM+S Intune Android Enrollment Guide Version 1.5 Copyright 2017 Dell Inc. All rights reserved. This publication contains information that is confidential and proprietary to Dell and is subject to

More information

Table of Contents... ii. GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1

Table of Contents... ii. GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1 Table of Contents... ii GO AHEAD BRING YOUR OWN DEVICE TO WORK... 1 Requirements... 1 1: Start Using Toggle... 1 Personal... 2 ToggleHub... 2 AT&T Toggle Browser... 2 Downloads... 2 Media... 3 AT&T Toggle

More information

Junos Pulse Mobile Security Gateway

Junos Pulse Mobile Security Gateway Junos Pulse Mobile Security Gateway Administration Guide Release 4.0 June 22, 2012 R1 Copyright 2012, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered

More information

Workspace MDM Management Site Manual

Workspace MDM Management Site Manual Workspace MDM Management Site Manual 1. Using the management site (Web site ver 8.1.1) 1 1 Getting Started... 3 1.1 What is "Workspace MDM"?... 3 1.2 Features... 3 1.3 Roles of the Management Site... 4

More information

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5 USER GUIDE CTERA Agent for Windows June 2016 Version 5.5 Copyright 2009-2016 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written

More information

IBM. Configuration Guide. IBM MobileFirst Protect On-Premise. Version 2 Release 4

IBM. Configuration Guide. IBM MobileFirst Protect On-Premise. Version 2 Release 4 IBM MobileFirst Protect On-Premise IBM Configuration Guide Version 2 Release 4 IBM MobileFirst Protect On-Premise IBM Configuration Guide Version 2 Release 4 Note Before using this information and the

More information

Getting Started Guide

Getting Started Guide Getting Started Guide BlackBerry UEM Version 12.6 Maintenance Release 2 Published: 2017-04-07 SWD-20170407163328365 Contents Getting started with BlackBerry UEM and BlackBerry Dynamics...5 Steps to get

More information

VMware AirWatch Express Guide Managing your organization's mobile devices

VMware AirWatch Express Guide Managing your organization's mobile devices VMware AirWatch Express Guide Managing your organization's mobile devices AirWatch Express v1.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information