This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Mobile Control Policy Violation Detection

Hello community

Web Filtering is dependent on the Sophos Accessibility Service. I have not found a way to restrict a User from disabling the Accessibility Service. Is there some way to do this? 

Therefore the next best possibility I found was to apply Compliance Policies and lock the Container if a User has deactivated the Accessibility Service.

What I was not able to solve or understand is why does the Sophos Mobile Control App does not detect the Policy Violation immediately? At the Moment the lowest interval setting I could find was 6 hours. 

Is there any possibility to have a faster detection of policy violations?

I have read through the documentation and through the Community Forums but was not able to find anything regarding this.

It would be nice if someone could answer me this question.

Scenario:

Android Enterprise Fully Managed Devices through Sophos Central. Android Versions 12 and 13

Thanks for the help.



This thread was automatically locked due to age.
Parents
  • Hi Dominic,

    Thanks for reaching out to the Sophos Community Forum.

    While Accessibility service management is an option Google makes available for Android Enterprise configuration, it is currently limited to an allowed list. It is not possible to enforce the settings. 

    When applying the Compliance Policy, are you referring to the setting "SMC permissions can be denied"? 

    Compliance checks will occur more frequently on the local device as long as the SMC application is open in the background, the Compliance Policy defines a maximum time the device can go without checking in. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Dominic,

    Thanks for reaching out to the Sophos Community Forum.

    While Accessibility service management is an option Google makes available for Android Enterprise configuration, it is currently limited to an allowed list. It is not possible to enforce the settings. 

    When applying the Compliance Policy, are you referring to the setting "SMC permissions can be denied"? 

    Compliance checks will occur more frequently on the local device as long as the SMC application is open in the background, the Compliance Policy defines a maximum time the device can go without checking in. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • Hello Kushal

    Thank you for your reply. You are correct, im referring to the setting "SMC permissions can be denied" 

    Is there an approximate value for the checks on the local device?

    I have checked that Battery Optimization is disabled for the SMC App so that should not be the problem. 

    With the tests i have done till now it seem that it takes several hours until a Violation is detected.