The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Applies to the following Sophos product(s) and version(s) Mobile Control 4.0
Operating systems iOS
Can I still use the spreadsheets containing the redemption codes I used before? Yes, you can still upload these spreadsheets to Sophos Mobile Control 3.6.
What is the sToken? The sToken is used to authenticate you against the Apple Volume Purchase Program service. This way it is checked which apps you have purchased and which users are authorized to download your purchased apps.
Where do I get the sToken which I enter in the Sophos Mobile Control (SMC) web console? Login at vpp.itunes.apple.com using your VPP enabled Apple-ID. Click on the 'Download' button on the bottom next to 'Generate a VPP service token and download it in a text file'.
Does Sophos Mobile Control require an additional connection to use the new VPP process? Yes. The SMC server must be able to connect to vpp.itunes.apple.com. But as it is recommended to open the whole 17.*.*.* network this should already be possible.
How do I invite users to participate in the VPP? You can send out invitation emails to your users using the built-in functionality of Sophos Mobile Control. The users will receive an email with an activation link. After clicking on the link, they have to sign in with their Apple ID. For further information, please check the Sophos Mobile Control administrator guide.
When is a user authorized to use the VPP? A user is authorized as soon as he clicked on the activation link and logged in with his Apple ID.
How do I assign purchased applications to an authorized VPP user? Once a user is authorized you can add him to the application package within the Sophos Mobile Control web console.
How does the SMC server check if a user is authorized? Every time a user is edited or an VPP application package is touched by the server the user status is checked first before processing. To check this the SMC server connects to the VPP portal and uses the sToken for authentication.
Is there anything to consider when deploying apps purchased via VPP? Yes. We recommend to deactivate the automatic download of apps within the iOS settings ('General | iTunes & App Store | Automatic Downloads') Otherwise, VPP apps which are deployed using Sophos Mobile Control are not listed as managed apps. In case of removing the Sophos Mobile Control enrollment profile the app will not be uninstalled. Deactivating the background download of apps has to be done manually on each device by the user. There is no possibility to do this with Sophos Mobile Control.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.