Sophos Mobile - 'add device wizard' to add 'fully managed' Android Enterprise device

Hi Ath_, 

Thanks for reaching out to us on Sophos Community! 

Please see if the following videos help you out: 

1. https://www.youtube.com/watch?v=EgxaPXLr8c0&t=0s

2. https://www.youtube.com/watch?v=bTV-mtbA8Fw

Hi Ath_, 

Thanks for reaching out to us on Sophos Community! 

Please see if the following videos help you out: 

1. https://www.youtube.com/watch?v=EgxaPXLr8c0&t=0s

2. https://www.youtube.com/watch?v=bTV-mtbA8Fw

Hi Yashraj,

thanks for your reply.

I already watched these videos, and they were very helpful to set up qr-code enrolment. It works perfectly.

Anyway, i would not like to set up a self-service portal. Without a self-service portal, you can't associate users to devices using qr-code enrolment.

So, my interest with this post is to understand how to enroll a device using the 'Add Device Wizard': in this scenario i could associate users to devices by myself, as an Admin (making a lookup of existing users in my AD):

Thanks for any suggestion.

Regards,

Fabio

Hi Ath_, 

Sorry for the delayed response. You can assign the user when adding a new device from the "Add Device" wizard. However, you can also do it later on once the device has been added to Sophos Mobile by following this article: https://docs.sophos.com/central/Mobile/help/en-us/esg/Sophos-Mobile/tasks/DevicesAddLDAPLink.html. 

I believe you’ll need an admin account to associate devices with different users. Please let me know if there's anything else that I can help you with.

Hi Yashraj, thanks for your response.

Devices enrolled with legacy 'Device Admin' management mode allows me to change user assignment, and that's ok.

But as you can see in the screenshot below, I'm not allowed to change user assignment with Android Enterprise management mode, after qr-code enrolment:

So i guess i need to assign the right user from the beginning, as long as i can't change assignation later.

Summarizing:

I would like to find a way to:

- enroll devices in "Android Enterprise Full Device" management mode and assign an ActiveDirectory user.

... but i can't because:

- "qr-code enrolment" works but allows me to assign only a self-service portal user (i want to link an ActiveDirectory user)

- "add device wizard" allows me to link ad ActiveDirectory user, but enroll task fails as you can see in the original post (task bundle includes 1-'enroll' task followed by 2-'assign policy' task ("android enterprise device policy" policy type).

Thanks for your feedback.

Regards,

Fabio.

Hi Ath_,

To further check this, can you raise a support case for this issue that you're currently facing. It seems like there’s a miss configuration on the task bundle which leads to this incorrect enrollment method. Once the case has been created, please share with us the case ID.

Hi GlennSen

thanks for your advice, I opened case number 03985246.

Thank you!

Regards,

Fabio

Hi @Fabio,

Thank you for your update. From what I can see on the case, the issue you're facing has been solved after following the steps in this Knowledge-based article. I will now proceed with marking this post as a verified answer to this query of yours. 

Hi GlennSen

the KB you posted was way more explanatory than the one i was looking at (https://docs.sophos.com/central/Mobile/help/en-us/esg/Sophos-Mobile/tasks/ConfigureWorkEnrollment.html)

I was missing the afw#sophos part during factory setup: thats was mandatory to add a device with the 'add device wizard'.

I suggest you to integrate some procedures explained in docs.sophos.com, they are very synthetic!

Sophos support was very fast and kind answering any doubt.

Thanks for your support