This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Securing Zebra TC20 /TC25 hand scanners

We are investigating moving from Windows CE hand scanners in the warehouse to Android based Zebra TC20 and TC25 hand held scanners. The Zebra reseller advises SOTI for Mobile Device Management. I prefer a one solution environment as Sophos Central. 

What we want to do is lock down the device:

- user cannot change the configuration of the device.

- remote install apps, some are from the app store like Wavelink Velocity or Zebra Enterpise Browser but one is from our own Neptune for SAP development tool. 

- user can only access predefined apps and destinations and cannot change the configuration of the device.

- Administer the devices remotely

- Be able to connect to a device remotely as help desk.

- Allow the user to create print screens and send it to the help desk

These are things the reseller could do with SOTI. 

On the TC25 the user can also call and receive calls. 


I have enrolled one Android test device in Sophos Central Mobile but I fail to see how I can creat user profiles and lock profiles down.

Further more does it have a remote connection manager to administer the device? Create print sceens.

Pointers are appreciated.

Kind regards,

Fred Blum




This thread was automatically locked due to age.
  • Hi  

    I have reported the following issues to the pre-sales consultant, but they remain silent.

    -       Sophos assumes that users will install the devices themselves, download the app and enroll from an e-mail. The Enroll QR code is only shown once to administrators in central just after creating of the device. The QR code or manual code cannot be accessed anymore in central. - While Adding a new device, during enrollment process itself, you will be shown with QR code, there is the alternate procedure as well just to add information manually about enrollment token and Sever URL which is present in Sophos Central.

    -       The google account for downloading the app afw#sophos in the app store does not work. Used own google account to download and removed it afterwards. The devices do not have a google account. - The google account is needed in order to download the SMC or you can use the Sophos Mobile control apk to install on all the devices.

    -       App installs without problems. User needs to acknowledge giving rights to the app. After allowing everything the right to change system settings are still set to no in android settings. Also Follow User rights are set to off. Are does not require by the Control and Intercept APPs? - Permissions required for both the applications are mentioned in these KB articles and

    -       Enrollen both Mobile Control and Intercept X with the same QR code won't work. Message code already used on another device. - If you have enrolled the device Sophos mobile control, you don't need to enroll for Intercept X for mobile. You can push the Intercept X for mobile through policy but for that, you need google play store.

    -       Removing of not allowed apps (task bundle remove apps) has to be accepted by the user on the device! Forced delte not possible. - That needs detailed troubleshooting. Please let us know if you have open a case for that.

    -       Some none essential Android and device manufacturer system apps can't be removed with task bundle remove apps. This will give a non-complaince but better would have been blocking access to the apps. - Please refer to these documents -, applications section in

    -       Allthough Android Enteprise is setup in Central, the devices remain in device management after enrolling. Apply task bundle update policy with Android Enterprise will not work. App Control block list won't block apps as the status is that the device never received the policy. - It needs detailed troubleshooting, please ask pre sales whether they have case open with support or not.

    -       Compliance Policy with an allowed app list does not work as a white list (all other apps still work) - Applications out of the allowed apps list will work but device will show as non-complaint.

    -       In Mobile Control and Intercept X apps is no list of controlled apps received. - Please describe more about the issue.

    -       Users are allowed to unenrollen themselves and remove the apps. This will only give a non-complaince for not synchronizing after one day. - to disable uninstallation for apps, please check the security section in 


    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • - How do I get Android Enterprise MDM management mode enabled on the device?

    Connect to Sophos Play Store during initial setup of the device or after factory defaults reset with afw#sophos. It might take a couple of tries on several days as connecting to the play store with afw#sophos and after instalation to the managed play store might not work as you expect.

    How do I enroll both Control and Intercept without ending up with two identical devices in Central?

    I have two task bundles, one is for a new install with all the approved apps to push, enroll Mobile Control and push the Enterprise policy and Mobile Defence policy,  and another task bundle to update the policies. The mobile defence policy will take care of registering and enrolling Intercept. If it does not work with an update policy task buncle, try by pushing the new install policy even when the apps are already installed.