Sophos mobile enrollment error “wrong management mode”
As of Android 10, device administrator enrollment (legacy) is no longer possible due to google depreciating the usage of this on the OS. Android Enterprise device management is Google's new initiative to allow companies to manage Android devices within the workplace.
Why am I seeing this error?
The reason this error occurs is due to the type of Profile being used for the enrollment and the method of enrollment that is being followed.
Within Sophos mobile we currently offer two Android Enterprise management modes with their respective enrollment methods:
- Android Enterprise full device management: This allows you to fully control the device using the settings and policies google give access to. This is commonly used for devices that a company purchases to distribute to their users.
- Android Enterprise Work profile management: This allows you to manage a dedicated workspace that is given on a user’s device. This is commonly used for "Bring Your Own Device" environments as you can only control the restrictions within the created workspace on the phone. (This doesn't allow the administrator to control the entire phone)
If you are seeing this error, it’s likely that you are trying to use a full device management policy, but the device hasn’t been factory reset. Alternatively, it can be because you are trying to use a work profile with a device that has been factory reset.
Android Enterprise Full device management policy
You will need to make sure the device is factory reset and the Policy you are using is an Android Enterprise full device management policy. During the initial setup of the phone, you will need to enter AFW#Sophos in the email address field on the google account screen which will download the Sophos mobile control app. For a full guide on this, please see the following recommended read: https://community.sophos.com/sophos-mobile/f/recommended-reads/132167/sophos-mobile---android-enterprise-full-device-management-enrollment
Android Enterprise Work profile policy
You will need to make sure that the Policy that is being used for the enrollment is a work profile policy. To complete the enrollment, you will need to fully set up the device for normal use, then head into the app store and install the Sophos Mobile Control app. Once you have installed the mobile control app you can then open the app and scan the QR code. For a full guide on this, please see the following recommended read: https://community.sophos.com/sophos-mobile/f/recommended-reads/132235/sophos-mobile---android-enterprise-work-profile-enrollment