Advisory: Sophos Endpoint - "Your connection isn't private" We're aware of a certificate issue and are actively working to resolve. Please see: KB-000045954 for the latest updates.

Sophos Mobile and Android Enterprise

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

This article provides a high level overview of managing devices in Sophos Mobile with Android Enterprise. For more details, please see the Sophos Mobile admin guide which has further information.

What is Android Enterprise?

Android Enterprise is a method for managing Android devices. It is not a product itself, rather is leveraged by device management solutions (such as Sophos Mobile) to manage Android devices.

Android Enterprise replaces its predecessor, ‘Device Admin’, which Google is phasing out. Compared to 'Device Admin', Android Enterprise provides greater control over devices, including remote app installs, app configuration and native support for Bring-Your-Own-Devices (BYOD).

Android Enterprise Management Modes

With Sophos Mobile, customers can manage Android devices in two ways:

  • Android Enterprise ‘Full Device Management’ – this is designed for company owned devices and gives deep control over device functions and apps. A device needs to be new or factory reset to be enrolled in Device Owner mode.
  • Android Enterprise ‘Work Profile’– this is primarily designed for Bring-Your-Own-Device (BYOD) scenarios. The admin manages only a specific area of the device (the ‘work profile’) where company apps and data are stored. The rest of the device (the ‘personal profile’) is not managed.

Setting up and enrolling devices

At a high level, below are the key steps for getting up and running with managing Android devices.

  1. Set up a Managed Google Play account or Managed Google Domain.
  2. Create policies – ‘Android Enterprise device policies’ or ‘Android Enterprise work profile policies’ based on the desired management mode
  3. Decide which apps should be available to users
  4. Create a Task Bundle that contains the policies and apps you want to apply to devices
  5. Enrol devices.
    • Fully managed devices can be enrolled via the Add Device wizard, Self Service portal, QR code enrolment or Zero-touch enrolment
    • Work profile devices can be enrolled via the Add Device wizard or Self Service portal

 

The Sophos Mobile admin guide provides much more detail on each of these points. Please refer to this for more specific information.



Updated the disclaimer.
[edited by: Gladys at 5:08 AM (GMT -7) on 6 Apr 2023]