Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

E-Mail Settings are not beeing applied to Android Devices

Hi Sophos Community,

yesterday we made a change to our policy which is also beeing used to deploy mail settings company wide for our android devices.

We simply wanted a specific user to be able to add another e-mail account which was initially not possible due to the policy not allowing this to happen.

We use the Samsung E-Mail App for all our Android Devices.

Screenshot1 no changes

Screenshot2 changes

Unfortunately this lead to all mailaccountconfigurations to be deleted of our devices after synchronizing the changes with sophos central.

After realizing these changes we rolled back our configuration in hopes of being able to just add the accounts to those device which had received the changes so far but, we were not able to get any auto enrollment information on the devices again. Weirdly all android devices synchronizing with sophos central kept losing their mailaccount settings too.

We tried using another policy and applied it to one of the device which lost its configuration but this got us the same result no auto configuration possible.

We tried deleting and reinstalling the Samsung Mail App that was also no solution for our problem.

After being discouraged and no solution in sight we proceeded to using a managed configuration for the application.

Screenshot3 managed configuration

With this we had the following issue. Instead of domain\username we just had \username missing the domain in front.

So we tried adding our domain in Screenshot3 using domain\$USERNAME and now we received domain\domain\$USERNAME on our test device.

How can we get this working again? We would appreaciate any insight.



This thread was automatically locked due to age.
Parents
  • Hi Marc,

    Thanks for reaching out to the Sophos Community Forum. 

    If you are using an Exchange Server, then entering the variable %_USERNAME_% may work.

    If you're using Office 365, or if your users are permitted to log in with their UPN, I suggest using the %_EMAILADDRESS_% variable for both Username as well as email address. This is explained further in the following docs page.
    - Email account configuration (Android device policy)


    If you wish to configure multiple email accounts, using the Managed Configuration would be the best way to accomplish this. You can use the $EMAILADDRESS variable for both username and email address as well. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    let me clarify. we use an on premise Exchange Server. So the above step you mentioned we already tried.

    For the managed configuration part we would love to try that out but we are not aware of a way to deploy this setting without reconfiguring all previously deployed accounts again. Is there any way we can deploy this custom managed configuration to a single device without affecting all devices already owning a custom configuration of this app.

    Thanks in Advance.

    Kind Regards

    Marc

  • I'm not currently aware of a way to test the "Managed App" configuration on a small subset of devices outside of creating a free trial for Sophos Central using a new email address to set up Sophos Mobile, which may not be ideal. 

    If you haven't already, I'd suggest opening a support case in relation to this issue so our team can do further testing on this.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Qoosh,

    thanks for your reply. We anticipated this already and have opened a support case with sophos.

    I will relay any information concerning this issue if we have found a solution to our problem, so that it might help other people.

    Kind Regards

    Marc Dostal

Reply
  • Hi Qoosh,

    thanks for your reply. We anticipated this already and have opened a support case with sophos.

    I will relay any information concerning this issue if we have found a solution to our problem, so that it might help other people.

    Kind Regards

    Marc Dostal

Children
  • Hi guys,

    we now have a solution at hand on how to properly deploy the samsung e-mail app on android device.

    If you are using on permise exchange servers you need to fill the fields in my recent posted Screenshot3 as well as the EAS domain field. It is mandatory to insert your domain otherwiese you need everybody to manually enter your domain. This helped us to propagate the fields properly to our android devices and we were able to automatically connect users with their mail accounts after they entered their passwords again.

    As for Screenshot2. This Exchange Configuration has been confirmed to offically only work with GMAIL App owned by Google. If you own Office365 it is mandatory to use modern authentication as well as %_EMAILADDRESS_% for both Username and email address variable.

    If you use exchange on premise do not use modern authentication. For variable email address you need to use %_EMAILADDRESS_% and for  variable username %_USERNAME_%.

    Kind Regards

    Marc Dostal