Disclaimer: This information is posted as-is and the content should be referenced at your own risk.
Intercept X for Mobile can be deployed through 3rd party device management products. This article provides an overview of the steps involved in deploying Sophos Intercept X through VMware Workspace ONE.
The key steps involved are:
Generate a connection code in Sophos Central
Deploy Intercept X for Mobile through Workspace ONE
Complete the installation on end user devices
I'm currently testing intensively the integration with WSO and seems to work quite easly but I have few questions:
1) MTD rule appied
When enrolment is done, Sophos InterceptX Mobile is succesfully deployed to the device. Then I have to open the app and from threre a message told me the device is enrolled into Mobile Control (I confirm) ...but MTD rule is not yet deployed. From Sophos Mobile side, I have no message or no status telling me the rules are not applied, do you confirm ? The status I have is Managed = Managed
To make it working, I have to close Sophos InterceptX Mobile and reopen it. From threre a new popup appears and I need to install a new configuration profile (from a user experience, it's not really nice because it is a kind of a "new enrolement". From there, my security rules are applied.
2) Unenroll the device
Now I want to unenroll my device from Workspace One. I'm using the offical way to "entreprise wipe" the device and the process ended correctly, except my Sophos InterceptX Mobile app is still there and security rules too. Sophos Mobile Security profile is still installed.
So I'm going now to Sophos Mobile, the status is still "management mode = Mobile Threat defense" and Managed = managed.
I select an action for the device = Unenroll and i receive on the device a message saying "Device successfully Unenrolled"...but my security profile is still present.
Regarding my security rules, there are deactivated. Is it normal my security profile remains installed ? Is it normal to have Sophos InterceptX Mobile App still installed on the device (even the rules are deactivated)?
On Sophos Mobile, the status of the device is Management mode = not managed and Managed = Unenrolled
And a last questions : In term of reporting, do we have the possibilty to see the user activity ? (when a filter block something etc..etc.)?
Thanks for your feedback.
Thanks for getting in touch. It sounds like you are using iOS devices? If so, the Intercept X configuration profile can be deployed via Workspace One which removes the need for the user to download it. Please see this page https://docs.sophos.com/central/Mobile/help/en-us/AdminHelp/MTDWithIXM/AutomateProfileInstallation/index.html
For the 2nd point, please could you raise a Support Ticket so the team can take a look at what you are seeing.
I was a bit long to answer but it was due to intensive test
So all my points are solved. Technically it works fine and on the user experience side it is much better. Thanks for your link, it allow me to integrate the mobile provision file into my managed profiles (I add to trick a bit the file but at the end, working well).
Appreciate your help.
Have a great day !