Android Enrollement with work profile - unable to finalize process

Hello to the community,

I'am trying to enroll an Android Device with the Work Profile Task Bundle.

All is well configure (policies, tasks bundle, self portal, etc).

I've already enrolled Android devices as Corporate Full Device. Everyhthing is OK.

But when i trying to enroll Android device with work profile, the SMC tells me that : "you are using the app outside the work profile".

this appear when the SMC ask me for the authotization : "display over others apps".

The step i followed:

1) Settings > Add account > Google > set my email pro account

2) SMC is then installed on personnal profile (i give it all authorizations)

3) Work Profile is created

3) SMC is going to be installed on Work Profile and ask me for the auth "display over others apps"....and its looping...

Unable to set this authorization !!! Telling me the same message as described above.

I dont know how, and why ?!?



Added TAGs
[edited by: Gladys at 8:30 AM (GMT -8) on 30 Dec 2022]
  • Hi Franck,

    Thanks for reaching out to the Sophos Community Forum.

    When proceeding with the "Work Profile" setup, is the device in a factory reset state? 

    Work Profile setup is done once you have set up the mobile device for personal use. You will only need to browse the google play store to download the SMC app to begin with the setup. Let me know if the following video helps explain this.
    - Sophos Mobile: Android Enterprise Management and Enrollment

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    Thank you for your Reply.

    The mobile device was already set with a personnal Google account.

    It is during the setup of work profile with SMC thats failed...

    Update: i noticed that i Can not add Android device as Work Profile with the wizard, in the central admin console.

    I set up the self portal, and done the following step : 

    0) preconfigure my phone with personnal Google account

    1) download SMC on perso profile, and give all authz

    2) connect to sophos self portal, click "Enroll new device", and choose Android work profile enrollment (previously set up)

    3) Scan the enrollment Qrcod with SMC

    4) SMC is then creating a Work Profile, and a "SMC Pro",winch asking me my phone secured password.

    5) Then i authnlentified my self with my business Google account. And its works

    But the " SMC pro " is still asking me (in looping mode) the "Over others app" authorization....

  • If you're using the "Managed Google Domain" scenario, enrollment via the Self-Service Portal will be the only option. 

    When trying the enrollment through the Self-Service Portal using a Managed Google Play account, I did not see the same pages as you described here. I'd suggest opening a support case with our team if you haven't already so you can get more hands-on assistance.

    Feel free to share your case Id with me via private message so I may update the notes on the case.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    Exactly, we used the "Managed Google Domain" scenario, and we have to use the Self-Service portal to enroll new android device.

    The error occured when we first add a Google Pro account to the device, and then follow the procedure with the SMC and QRCOD.

    Here are the steps working : 

    1) uninstall existing Work Profile

    2) Download SMC (on perso profile) + accept all auth

    3) Open Self-Service Protal, Enroll Device (with Android Work Profile Task Bundle+Policy)

    4) Scan QRCOD with SMC

    5) This will create the Work Profile, and install SMC on work profile

    6) At this step we can give authorization "Over others App", to SMC into Work Profile.

    7) Then authenticate with the Google Pro account

    And it's works like a charm !

  • Thanks for following up, I'm glad you found the solution.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids