Disclaimer: This information is posted as-is and the content should be referenced at your own risk.
This article provides details on how to integrate Sophos Intercept X for Mobile with Microsoft Intune. Details are also available in the Sophos Mobile admin guide at docs.sophos.com
The key steps involved are:
Bind Sophos Mobile with Microsoft Intune
Confirm the connection in Microsoft Intune
Deploy Intercept X for Mobile to Intune managed devices
In this stage we will deploy the Intercept X for Mobile app to iOS and Android devices.
Nb It is also necessary for the Intune Company Portal app and Microsoft Authenticator app (on iOS) to be deployed to devices. The steps for deploying these apps are not shown here.
Deploying to iOS devices
This Intercept X iOS app has now been deployed. Optionally, we can also choose to pass managed settings to the app to remove some steps for end users.
Optional - deploy web filtering profile
Intercept X for Mobile on iOS uses a web content configuration profile to provide web filtering on supervised iOS devices. Administrators can deploy the profile to devices, preventing end users having to install it themselves.
After saving the policy, the web content configuration policy will be deployed to devices.
Deploying to Android devices
This Intercept X Android app has now been deployed. Optionally, we can also choose to pass managed settings to the app to remove some steps for end users.
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!
Hi, is it only possible in the Cloud-Solution of Sophos? (Sophos Central) - Or is is also possible to do it in the on-prem Solution of Sophos Mobile? - On Prem I can only see the Tab "Microsoft Azure" - Not "Intune MTD"...
We use Sophos Mobile Version 9.7.3
Hi, yes this is only available in Sophos Central. Please note that our migration tool is now fully available, enabling migration from on-premise Sophos Mobile to Sophos Central.
I´m not familiar with the licensing-terms when moving from on-prem to the cloud solution.
Are there any licensing-changes? - Will I move from kind of "pay-per-user license one" to a "rental-license" per month?
Can you describe how it will behave...?
Central licensing is user based. Please could you contact your Sophos Partner to discuss? They will be able to talk through the options.
i did the configuration exactly as you but it doesnt work. The MTD Connector State on Microsoft is still "Unavailable". The permissions für Mobile Threat Defense are granteed and Sophos Central Mobile MTD is binded.
I already had a support case with Sophos but without solution :(
Do you have any idea?
Please could you try removing the binding and re-adding it? There were some recent changes to the required Azure permissions, so its possible that the issue was caused by this. If this still doesn't work, please could you send me the support ticket number so we can dig into it further.
Thank you for the directions. This is very helpful. Do you have any insight into bypassing the app permissions required with Android devices for Sophos Intercept X for Mobile on corporate owned devices? There are 3 pop ups for permissions specifically.
Appreciate the time and effort put into this.
I was able to locate some more detailed steps in the following Microsoft Intune documentation.- https://docs.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android#preconfigure-the-permissions-grant-state-for-apps
Some of the same steps are referenced in this Recommended Read article wherein the JSON configurations are used. The Intune documentation differs in step 5 where it states to: Select Permissions > Add. From the list, select the available app permissions > OK.
Let me know if this works for you.
I have no option in my mobile part to connect to Intune?
It looks like this integration is only available with a Sophos Intercept X Mobile license. You can see this on the following Sophos Mobile Product and Licensing Overview page.