Moving from Sophos Container management to Apple User Enrolment or Full Device Management

Introduction

This article gives an overview of how to move a device from Sophos Container management to Apple User Enrolment or Full Device Management.

 

Moving to Apple User Enrolment

Apple User Enrolment is a management mode designed for devices owned by the user, that is, for a Bring Your Own Device (BYOD) scenario.

This section explains how a Sophos Mobile admin can initiate device enrolment. The same process could also be initiated by the user via the Self Service Portal. For information on the Self Service Portal please see: https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/GlobalSettings/UserAccess/index.html

Prerequisites

• Existing device(s) is enrolled in Sophos Container management
• Integration with Apple Business Manager has been set up. For information on this please see: https://docs.sophos.com/central/Mobile/help/en-us/AdminHelp/EnrollDevices/ABM/index.html

 

Remove Sophos Container settings

• Go to Mobile> Devices and locate the device(s) in Sophos Container management
• Go to Actions> Unenroll
  • This triggers a message to the device to reset the Secure Email and Secure Workspace apps

 

 

 

 

Enrol the device in Apple User Enrolment

• Follow the steps in the Admin Guide for setting up and enrolling a device in Apple User Enrolment
• After the device has successfully been enrolled, it will be displayed as a new entry in the Devices page in the Sophos Mobile console. The previous entry (from when the device was managed in Container Only mode) can be deleted.

 

 

Moving to Full Device Management

This section explains how a Sophos Mobile admin can initiate a move to Full Device Management. Full Device Management is designed for scenarios where the company owns the device.

 

Remove Sophos Container settings

• Go to Mobile> Devices and locate the device(s) in Sophos Container management
• Go to Actions> Unenroll
  • This triggers a message to the device to reset the Secure Email and Secure Workspace apps

 

 

• Go to Task Bundles> iOS and iPadOS and create a Task Bundle
  • Add the Enroll task, and select ‘Full MDM’ as the enrolment type 

• Add any further tasks to assign desired apps to the Task Bundle
• Save the Task Bundle
• Select the Task Bundle that has just been created and select Transfer

 

 

 

• Select the device from the list and click Next
  • Nb – if you are setting up multiple devices, you can transfer the Task Bundle to multiple devices or device groups

 

• Select the execution data as Now and click Finish
• An email with instructions will now be sent to the user assigned to the device

 

Complete enrolment on the device

• Locate the email sent to the user
  • If opening the email on the mobile device, click the ‘Configure app’ button to begin setup
  • If opening the email on another machine, open the Sophos Mobile app and scan the QR code provided in the email
• Follow the steps to complete device enrolment

 

 

Updated formatting
[edited by: tom_w at 9:25 AM (GMT -7) on 15 Aug 2022]