This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Password Policy Android Work Profile

Hello,

iam currently running tests for migrating my company's mobile devices from the on-premises Sophos mobile to the cloud version since the former is retired now.

I've stumbled into a configuration which does not seem to work in the cloud version. We are using the Android enterprise management with a work profile.

One Policy we used was to enforce some kind of display lock. Be it pattern, pin or password - doesn't matter - just has to be there.

In the on-premises version it does apply to the entire device - not just the work profile. In the cloud version it does only apple when opening work profile apps. Is there something iam missing or is this just a lost feature from on-premises?

On a side note: Whenever I try to go to https://support.sophos.com and then click eighther on "Login" or "Chat support" it redirects me about 7-8 times before putting me on the registration page - which i've already done.

Best Regards,

Flo



This thread was automatically locked due to age.
Parents
  • Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    Did you use the "Lock" option as described in this document? - Lock device

    If yes, for devices where Sophos Mobile manages the Android Enterprise work profile, it should lock the device, not just the work profile.

    There's a different way to use the Lock option if you want to lock just the work profile and not the whole device, which is described here - Lock work profile

    Regarding your Support Portal registration, it looks like your account is still under review. You'll receive an email notification once it's approved, and that's when you'll be able to log in to the Support Portal.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    I think there was a misunderstanding.

    I dont want to lock/remote lock a device. I want to enforce a policy in a way that users have to use a Pattern, Pin or Password to unlock the device.

    This currently only seems to work when using apps inside the work profile. IN the old on-prem version it worked for the entire device.

    The user should not be allowed to disable this protection.

  • Hi  ,

    Thanks for providing more details. Apologies for the confusion. May I know what configurations you currently have under your Android Enterprise Work Profile policy? Do you have any of these configurations?


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I got both of these set to Pin or Password (roughly translated from German). If it helps - I will attach some german screenshots from the portal.

    Both are configured as shown below:



    Edit: The Forum didn't like my Upload methodology and replaced one with the other :(

  • I tested this out on an Android Device enrolled under "Work Profile" management. I see a compliance violation alert from the SMC app within the Work Profile container when I update the device screen lock settings to not require a password/pin.

    The Work Profile management mode cannot make changes on the device as a whole, whereas a device enrolled as under "Full Device Management" will have the options for "No screen lock" greyed out.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello, this sounds like the source of it.
    However, the on-prem sophos mobile was able to do so. At least my work phone did lock the options which were not configured (as intended).

    There is a new observation as well.
    My test device showed the behaviour above (settings only apply to work profile apps only) whereas my actual work phone did require a lock according to my configuration after I kicked it out of the on-prem sophos and enrolled it into the cloud based sophos.

    As far as I know - "Full device Management" requires us to go a different route and have our phones registered by the distributor into some management suits from apple or samsung. Is that correct?

Reply
  • Hello, this sounds like the source of it.
    However, the on-prem sophos mobile was able to do so. At least my work phone did lock the options which were not configured (as intended).

    There is a new observation as well.
    My test device showed the behaviour above (settings only apply to work profile apps only) whereas my actual work phone did require a lock according to my configuration after I kicked it out of the on-prem sophos and enrolled it into the cloud based sophos.

    As far as I know - "Full device Management" requires us to go a different route and have our phones registered by the distributor into some management suits from apple or samsung. Is that correct?

Children