We have recently migrated over to utilise Android Enterprise and fully managed devices.
Currently 'normal' none IT staff have access to our Private Google Play Store apps only, however, our IT staff have access to both private and public.
Having used other MDM's in the past there were methods to deploy apps out to specific devices not through the managed play store.
Is this possible within Sophos Mobile at all?
This is app is a custom app we created in house that only a specific number of our IT staff require and cannot be made available to any other staff members, hence it cannot be added to the managed Google Play Store as a private app.
We are currently having to enable side loading on these devices and manually copying and installing the APK from a PC which is not great.
Thank you for reaching out to the Sophos Community.
I found that devices enrolled via Android Enterprise can only have apps pushed to them via Google Play. It looks like the "Private Apps" option is the only one that will work for AE devices. If you wish to prevent the app from being installed on end-user devices, I recommend using the "App Control" option to define that this app in specific is forbidden for end-users. Doing so will require you to have two AE Policies, one for IT Staff and one for Endusers.
With the "Legacy Device Management" option, it's possible to push apps directly to the device. Uploading an apk file for deployment using the Legacy options does not allow you to install the app to a device enrolled via Android Enterprise. Legacy app upload only works with Legacy Enrolled devices
Hopefully, some of this feedback helps. If you would like to see direct upload/deployment support for APK's (Without Google Play) added to SMC for AE devices, I recommend sending in a feature request using the following URL. - https://ideas.sophos.com/forums/143212-sophos-mobile
If anything is unclear, feel free to reach back out on this thread.
Hi Kushal, thank you for your response. I have raised a new idea via the link you provided as it doesn't look like this is something that can be done at present.
All users in your organization install the app, select Entire organization.To allow only certain users to install the app, click Select groups or Select organizational units. You can add both groups and organizational units.