This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android & iOS and Sophos MDM

Hi everyone,

I'm having a few issues with our Sophos Central setup. We have a mix of Windows, Mac, and Linux computers, as well as iOS and Android devices. We recently started setting up Sophos EAS and got it working with Android devices. The Android devices are managed with Sophos Mobile as BYOD, and they have mail access without VPN and their apps.

Issue 1: The phone book app almost never shows the caller name. It only shows the caller's number, but it doesn't match the saved name in the address book. We have the option to read turned on, but for some reason, it works fine on some devices, but on most devices, it only shows the number. This is very annoying for my colleagues.

What is the best way to investigate and fix this behavior?

Issue 2: Enrolling iOS devices seems to be difficult. I followed this guide: community.sophos.com/.../enrol-ios-devices-in-supervised-mode

I was able to enroll the device and log in with their Sophos ID, but I couldn't do much else. Once it was set up, I couldn't push any apps to the device. The Apple Business Manager is set up and syncing, and the device shows up in Central. After enrollment, it is classified as "supervised" in Central as well.

When I tried to set it up with a managed Apple ID (generated through ABM), and then try to send the app task, it says "this Apple ID is not eligible for purchases" (or something along those lines), and I can't install any apps. Then I tried to create a brand new Apple ID, set up the device again, and it still wouldn't work. Sophos Central says "accepted" and then "moved" for those tasks, eventually abandoning them.

Is this still the latest guide for iOS devices? Or do we have other best practices?

Thanks!



This thread was automatically locked due to age.
  • Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    Is issue 1 only affecting iOS devices? Do you have any restrictions policy configured?

    For issue 2, have you had a chance to look at this document about adding apps to Sophos Mobile?


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    Thank you.

    No, Issue No. 1 is only true for Android Devices. The policy is set up so that the phone should be able to read the incoming callers name from its address book, but it doesnt. Again, some phones (Android only) do it just fine others basically never and only show the incoming number.

    Issue No. 2 Yes I did. I did add the Apps in ABM, then assigned those licenses to the Device (not a User) through Sophos Central.

    Ideally I'd be looking at a recent Guide from start to finish on how to enroll iOS Devices.

  • Hi  ,

    Thanks for confirming. Given that this option is turned on, and it works fine on other devices, it seems to be configured correctly.

    By any chance, are there multiple policies assigned to the affected devices? In this case, we'll also need to check if there are any conflicting configurations.

    We'll investigate this further, and I'll keep you updated. In the meantime, you may also try to remove and re-add the affected devices from the policy, and see if that makes any difference.

    For the enrollment guide for iOS devices, the following integrated guide is the recent document that we have for Central Mobile.

    doc.sophos.com/.../index.html


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    For Issue No.1, I just checked again, the Android Devices do have only one Policy applied, and the applied Policy is correct, the Restrictions are set to allow for the last 4 Options from Security (Appliance in German, unsure if sorting is different).
    The devices do sync and have no other Problems. No open tasks, nothing.

    For Issue No. 2 Ok Il'll check this again, thank you. However Im not sure the difference with and without ABM?

    For small Business, which do not buy iPhones in Bulk, does it make sense to use Apple Business Manager? 
    For my understanding this is only helpful if you manage a lot of devices, app licenses and locations?

    What if I just enroll the iPad through the "Add Device" Assistant in Central? I will only have 5 iOS Devices to manage anyway.

    Thank you!




  • Hi  ,

    Regarding the Android policy issue, have you tried the suggested step above which is to remove and re-add the affected devices from the policy? If that doesn't help, I would also suggest to try recreating the policy, assign it to at least 1 device for testing, and see how it goes.

    For the iOS enrollment, Apple Business Manager is recommended to easily deploy devices in volume. If you only have 5 devices, using the Add device assistant shouldn't take that much time, so yes, you may also use that option.


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids