As of Android 10, device administrator enrollment (legacy) is no longer possible due to google depreciating the usage of this on the OS. Android Enterprise device management is Google's new initiative to allow companies to manage Android devices within the workplace.
The reason this error occurs is due to the type of Profile being used for the enrollment and the method of enrollment that is being followed.
Within Sophos mobile we currently offer two Android Enterprise management modes with their respective enrollment methods:
If you are seeing this error, it’s likely that you are trying to use a full device management policy, but the device hasn’t been factory reset. Alternatively, it can be because you are trying to use a work profile with a device that has been factory reset.
You will need to make sure the device is factory reset and the Policy you are using is an Android Enterprise full device management policy. During the initial setup of the phone, you will need to enter AFW#Sophos in the email address field on the google account screen which will download the Sophos mobile control app. For a full guide on this, please see the following recommended read: https://community.sophos.com/sophos-mobile/f/recommended-reads/132167/sophos-mobile---android-enterprise-full-device-management-enrollment
You will need to make sure that the Policy that is being used for the enrollment is a work profile policy. To complete the enrollment, you will need to fully set up the device for normal use, then head into the app store and install the Sophos Mobile Control app. Once you have installed the mobile control app you can then open the app and scan the QR code. For a full guide on this, please see the following recommended read: https://community.sophos.com/sophos-mobile/f/recommended-reads/132235/sophos-mobile---android-enterprise-work-profile-enrollment