Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
This article provides additional information about the limitations regarding the "Locate" feature on iOS devices.
Applies to the following Sophos product(s) and version(s) Sophos MobileCentral Mobile
Operating systems iOS
On iOS devices, apps can only use the "Locate" command if certain requirements are fulfilled.
General requirements for the "Locate" command to work, regardless of the iOS version
General technical limitations, regardless of the iOS version
iOS 13 specific limitations (Changes to the "Location Access permission")
Starting with iOS 13, an app cannot be granted the "Always" permission for "Location Access" directly the first time the app asks for it. Compare the two pop-ups below. In both cases, the Sophos Mobile Control app asks for the "Always" permission for "Location Access".
On iOS 12, the user is shown a dialog with the option "Always Allow". On iOS 13, this option is not available anymore.
On iOS 13, once the app is in the background while a location update is triggered by the app is ongoing, a second dialog is shown. Here on this dialog, the user is able to grant the app the "Always" permission for "Location Access":
This dialog is shown only once. If the user decides to choose the option "Keep Only While Using", the only way for the app to get the "Always" permission later on is if the user manually changes the value in the system settings as mentioned above.
Additionally, after the Sophos Mobile Control client triggers a location update a couple of times while in the background, another dialog will be shown some time later, informing the user of the fact that the Sophos Mobile Control client is using the device location in the background:
Again, the user must choose the option "Always Allow". Otherwise the app won't be able to continue to locate in the background. Should the app not have the "Always" permission for "Location Access" at any given point for whatever reason, the server-side task will be stuck at "Commands Sent" until it expires.
Alternative ways to locate iOS devices
On supervised devices the Lost mode can be activated. While in Lost mode the device can be located using the Apple locate mechanism which the Find My app relies on.
On non-supervised devices which have an Apple ID configured it is recommended to locate the device using the Find My app.
Configure iOS Managed Lost Mode Apple: developer documentation Apple: Find My app
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.