Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 7 subscribers
  • Views 1854 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Set up mobile devices as Andriod Enterprise

Frank Sommerfeld

Since I was given the task of managing the existing MDM in the company, I have a few questions that would make it easier for me to understand. I really hope that there are a few colleagues here who can help me.
My goal is to manage existing Samsung Galaxy devices (after a factory reset) completely in Sophos Moblie. Only approved apps should be installed and no open Google Play Store should be installed. Managed Play Store only. The Galaxy Store must not be installed either.
Existing Samsung Galaxy A51 should be managed with Sophos Mobile (on Premise) as a COBO (Corporate Owned, Business Only) device.
- Android Enterprise is set up in Sophos Mobile (mode = Managed Google Play Account)
- A policy type Android Enterprise Device Policy has already been created
- Order packages have been created
- Apps are approved

Ask:
What do I have to do on the Samsung device myself in order to operate it as a COBE device with Android Enterprise?
Must I
1. Go through the normal initial setup
2. Download Sophos Control from the Play Store
3. Start the QR code from Sophos Moble with Sophos Control
???????
I have to enter an account for the Play Store. Which? That of the future user or that which I use for Android Enterprise?
How does the Managed Play Store get onto the device?

Thank you for helpful answers



This thread was automatically locked due to age.
  • +1

    Hello Frank Lunau,

    Thank you for reaching out to the Sophos Community. 

    To achieve your desired configs, you will need to do the following. 
    - Perform a factory reset on the devices you are enrolling
    - During the initial setup process of the device, enter the code "afw#sophos" into the e-mail address field when it is requesting a "Google Account" 

    This will trigger the COBO setup process. This downloads the SMC application onto the device and after accepting the requested permissions you will be prompted to scan a QR Code to enroll. The QR Code can be generated using the SMC "Add-Device-Wizard" after having set up a task bundle that will enroll the device as "AE Full Device".

    A reference to aid you in creating the policy/task bundle: https://docs.sophos.com/central/Mobile/help/en-us/esg/Sophos-Mobile/tasks/ConfigureWorkEnrollment.html 

    Once the device is enrolled, you can restrict access to the "Galaxy Store" by using the following steps. 
    - Go to: SMC > Settings > App Groups > Android
    - Create a group called "Forbidden Apps"
    - Add the "Galaxy Store" to this app group and Save
    - Go to: Configure > Policies > Android > "Your AE Full Device Policy"
    - Select: Add Configuration > App Control
    - From the drop-down menu specify "Forbidden Apps"

    Once this policy is applied to your mobile device, you will no longer be able to see the Galaxy Store. 

    If you wish to restrict the available apps on the mobile device from the play store, this can be done by using the following steps. 
    - Open "Your AE Full Device Policy"
    - Select: Add Configuration > Google Play 
    - From the drop-down select "Approved apps from managed Google Play"

    Hopefully, this information helps you out.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Many thanks for the quick response. Yes this helped me. It worked exactly as described. Except for one little thing in your last paragraph:

    Open "Your AE Full Device Policy"
    - Select: Add Configuration> Google Play
    - From the drop-down select "Approved apps from managed Google Play"

    If I go to my policy (type: Adroid Enterprise device policy) and want to add a configuration, there is nothing there with Google Play. Or have I misunderstood something?

    However, this is not a bad thing. I have included all the required apps from the managed pay store in the app list. And only these are displayed on the device in the Play Store. Just as I wanted.

    Thanks. That solved my case.

  • 0 in reply to Frank Sommerfeld

    Hello Frank Lunau,

    I suspect the lacking "Google Play" option to configure which version of the store to present to end-users (Managed list /or All apps) may be related to the version of SMC you are using to administer the environment. 

    Since everything is working as desired I guess we are all set! Glad I was able to lend a hand.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML