This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Mobile - 'add device wizard' to add 'fully managed' Android Enterprise device

Hi, 

I configured 'qr code enrolment' for Android Enterprise devices and it works fine, but not having any 'Self Service Portal user', i can't associate user to devices (except the one which i use to log into Sophos Central Console).

I'd like to enroll devices using the 'add device' wizard as done before, so i can lookup the user to associate in my Active Directory environment. But everytime i scan the qr code to enroll the device, the procedure goes wrong:

As read in the documentation, i should be able to enrol a 'Full Managed' Android Enterprise Device even from the 'add device wizard', with an android enterprise task bundle containing an 'enroll' action.

Can someone explain how to do that?

Thanks in advance to anyone who'll reply.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Yashraj,

    thanks for your reply.

    I already watched these videos, and they were very helpful to set up qr-code enrolment. It works perfectly.

    Anyway, i would not like to set up a self-service portal. Without a self-service portal, you can't associate users to devices using qr-code enrolment.

    So, my interest with this post is to understand how to enroll a device using the 'Add Device Wizard': in this scenario i could associate users to devices by myself, as an Admin (making a lookup of existing users in my AD):

    Thanks for any suggestion.

    Regards,

    Fabio

  • Hi

    Sorry for the delayed response. You can assign the user when adding a new device from the "Add Device" wizard. However, you can also do it later on once the device has been added to Sophos Mobile by following this article: https://docs.sophos.com/central/Mobile/help/en-us/esg/Sophos-Mobile/tasks/DevicesAddLDAPLink.html

    I believe you’ll need an admin account to associate devices with different users. Please let me know if there's anything else that I can help you with.

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Yashraj, thanks for your response.

    Devices enrolled with legacy 'Device Admin' management mode allows me to change user assignment, and that's ok.

    But as you can see in the screenshot below, I'm not allowed to change user assignment with Android Enterprise management mode, after qr-code enrolment:

    So i guess i need to assign the right user from the beginning, as long as i can't change assignation later.

    Summarizing:

    I would like to find a way to:

    - enroll devices in "Android Enterprise Full Device" management mode and assign an ActiveDirectory user.

    ... but i can't because:

    - "qr-code enrolment" works but allows me to assign only a self-service portal user (i want to link an ActiveDirectory user)

    - "add device wizard" allows me to link ad ActiveDirectory user, but enroll task fails as you can see in the original post (task bundle includes 1-'enroll' task followed by 2-'assign policy' task ("android enterprise device policy" policy type).

    Thanks for your feedback.

    Regards,

    Fabio.

  • Hi ,

    To further check this, can you raise a support case for this issue that you're currently facing. It seems like there’s a miss configuration on the task bundle which leads to this incorrect enrollment method. Once the case has been created, please share with us the case ID.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi

    thanks for your advice, I opened case number 03985246.

    Thank you!

    Regards,

    Fabio

  • Hi @Fabio,

    Thank you for your update. From what I can see on the case, the issue you're facing has been solved after following the steps in this Knowledge-based article. I will now proceed with marking this post as a verified answer to this query of yours. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi 

    the KB you posted was way more explanatory than the one i was looking at (https://docs.sophos.com/central/Mobile/help/en-us/esg/Sophos-Mobile/tasks/ConfigureWorkEnrollment.html)

    I was missing the afw#sophos part during factory setup: thats was mandatory to add a device with the 'add device wizard'.

    I suggest you to integrate some procedures explained in docs.sophos.com, they are very synthetic!

    Sophos support was very fast and kind answering any doubt.

    Thanks for your support