Recently we've had a few Windows devices that have failed to fully enroll in Sophos Mobile. Windows will recognize that they are connected to the Sophos MDM, but will fail to sync with the Sophos Server and will appear as un-managed and non-compliant as a result. The status within the Sophos Admin Center will show the device as "enrolling" (when hovering over the red-X), but won't fully complete the enrollment process. I have tried removing the MDM from within Windows Settings, deleting the device from within the admin panel, and then re-enrolling the device though that doesn't fix the issue. In some cases, Windows refuses to remove the MDM from within settings.
Some people within our organization have multiple machines, in which I will enroll each machine separately and have them run separate configuration files for each device (manual enrollment seems to result in the same issue). Some people have accidentally used the same configuration file for different machines and usually this is when problems start to arise. I don't know if this is the exact cause of the problem, as I am unsure if each configuration file needs to be unique per machine and am having them do it this way just in case.
Does anyone have any suggestions for fixing this issue / Removing the MDM completely so we can try again?
I managed to resolve this issue by having each device enroll manually, rather than using the automatic configuration package. We had tried manual enrollment when we first encountered this issue, but it…
HI Justin John
Would you please help us with version details of Sophos Mobile and the OS details on which you are seeing this issue? How many approximately are facing this issue? An error screenshot from the dashboard would be more helpful.
Only 3 devices have been known to have this issue so far.
The Operating Systems for those devices include Include: Windows 10 10.0.18363 (For the two devices that are labeled as connected within Windows, but not in Sophos Central) and Windows 10 10.0.18362 (For the one device that refuses to connect to either Windows or Sophos Central)
I believe that we are on Sophos Mobile 9.5, but I will have to double check and update at a later time if we are on something else.The error code that we are receiving for the device that cannot connect to either Windows or Sophos Central is - 0x80072f0c.
Hi Justin John
This might be related to windows certification issues. Please see this KB article. Are you able to unenroll the device and try again? You can just "disconnect" the current MDM solution to remove it. (Settings > Accounts > Access work or school.) We only support a single MDM per machine, so check if this might be the issue as well.
I managed to resolve this issue by having each device enroll manually, rather than using the automatic configuration package. We had tried manual enrollment when we first encountered this issue, but it did not work initially. For whatever reason, the same steps that gave us issues at first seemed to work this time, so I am not entirely sure what went wrong to begin with.
Hi Justin John
Thank you for the update, glad to know that it has been resolved for you.