Hello everyone,
We use Sophos as our MDM and use Microsoft 365 alongside it. We're looking to create compliance policies that for a user to be enrolled in Sophos MDM before they can access our Microsoft 365 assets. This will enable us to control Android, iOS, and Windows devices, and we're not too worried about MacOS and Linux devices or can create separate policies for those if required. I'm aware we can make the email go through Sophos as a proxy but that's just for email, not Teams, SharePoint, OneDrive, etc. I know there's some compliance policies in M365 that are designed around MDM but they seem to be focused on InTune and nothing else. Speaking with Sophos Support they seem to suggest this should be possible but couldn't provide documentation or direction on how to go about doing it.
At best what I've managed to accomplish thus far is configuring Android devices into both Sophos MDM and InTune and I believe I should be able to do that with Windows devices as well once I make the correct alterations to my domain but this ultimately still isn't referring to Sophos at all, it's just if I manage to enroll it in InTune as well, which is problematic for Apple Devices which don't allow for multiple MDM enrollments.
Has anyone managed to pull this off and before or have any indication on what I could try myself to get this going? I'm happy to try anything so all suggestions are welcome.
Quote