Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 4330 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Password Policy Android Work Profile

Florian Kieschnick

Hello,

iam currently running tests for migrating my company's mobile devices from the on-premises Sophos mobile to the cloud version since the former is retired now.

I've stumbled into a configuration which does not seem to work in the cloud version. We are using the Android enterprise management with a work profile.

One Policy we used was to enforce some kind of display lock. Be it pattern, pin or password - doesn't matter - just has to be there.

In the on-premises version it does apply to the entire device - not just the work profile. In the cloud version it does only apple when opening work profile apps. Is there something iam missing or is this just a lost feature from on-premises?

On a side note: Whenever I try to go to https://support.sophos.com and then click eighther on "Login" or "Chat support" it redirects me about 7-8 times before putting me on the registration page - which i've already done.

Best Regards,

Flo



This thread was automatically locked due to age.
Parents
  • 0

    Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    Did you use the "Lock" option as described in this document? - Lock device

    If yes, for devices where Sophos Mobile manages the Android Enterprise work profile, it should lock the device, not just the work profile.

    There's a different way to use the Lock option if you want to lock just the work profile and not the whole device, which is described here - Lock work profile

    Regarding your Support Portal registration, it looks like your account is still under review. You'll receive an email notification once it's approved, and that's when you'll be able to log in to the Support Portal.

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Hello,

    I think there was a misunderstanding.

    I dont want to lock/remote lock a device. I want to enforce a policy in a way that users have to use a Pattern, Pin or Password to unlock the device.

    This currently only seems to work when using apps inside the work profile. IN the old on-prem version it worked for the entire device.

    The user should not be allowed to disable this protection.

  • 0 in reply to Florian Kieschnick

    Hi  ,

    Thanks for providing more details. Apologies for the confusion. May I know what configurations you currently have under your Android Enterprise Work Profile policy? Do you have any of these configurations?

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    I got both of these set to Pin or Password (roughly translated from German). If it helps - I will attach some german screenshots from the portal.

    Both are configured as shown below:



    Edit: The Forum didn't like my Upload methodology and replaced one with the other :(

  • 0 in reply to Florian Kieschnick

    I tested this out on an Android Device enrolled under "Work Profile" management. I see a compliance violation alert from the SMC app within the Work Profile container when I update the device screen lock settings to not require a password/pin.

    The Work Profile management mode cannot make changes on the device as a whole, whereas a device enrolled as under "Full Device Management" will have the options for "No screen lock" greyed out.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Hello, this sounds like the source of it.
    However, the on-prem sophos mobile was able to do so. At least my work phone did lock the options which were not configured (as intended).

    There is a new observation as well.
    My test device showed the behaviour above (settings only apply to work profile apps only) whereas my actual work phone did require a lock according to my configuration after I kicked it out of the on-prem sophos and enrolled it into the cloud based sophos.

    As far as I know - "Full device Management" requires us to go a different route and have our phones registered by the distributor into some management suits from apple or samsung. Is that correct?

  • 0 in reply to Florian Kieschnick

    Full Device Management does not require you to go through your distributor, although this is an option that can make the enrollment process simpler for you when obtaining new devices. You can find more information on this in the following link. 
    - Zero-touch enrollment

    You can enroll devices in the Full Device management mode by first performing a factory reset. The following video explains a bit further. 
    - Sophos Mobile: Android Enterprise Management and Enrollment

    The behaviour you observed here is a little odd. Can you confirm that both devices are enrolled under the "Work Profile" management mode?

    Florian Kieschnick said:
    whereas my actual work phone did require a lock according to my configuration after I kicked it out of the on-prem sophos and enrolled it into the cloud based sophos.
    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
No Data
Unfiltered HTML