This article lists the most important step which have to be done to start the deployment of Sophos Cloud for mobile devices.
Applies to the following Sophos product(s) and version(s)
Sophos Cloud Mobile
Sophos Cloud Mobile - Getting started
After you have successfully logged in, the first step you have to to is to upload an Apple Push Notification Service (APNS) certificate.
1. Create an APNS certificate (only required for iOS devices)
An APNS certificate is required to enable the communication to your iOS devices. To create an APNS certificate an Apple ID is required. This Apple ID should not be a personal account of an employee as the certificate is bound to the ID which created it. It is recommended to use a corporate Apple ID for this purpose, creating one if required.
To create the certificate follow the steps below assuming you are logged in to Sophos Cloud.
- Click on 'Users & Devices' and click on 'Enable Mobile'.
- Click on the 'Download Certificate Signing Request' section.
- Click on the 'Download' button and save the file 'apple.csr'.
- Go to the Apple Push Certificates Portal and log in with an Apple ID.
Note: Internet Explorer is not supported for this Apple site.
- Press the 'Create a certificate' button.
- Press the "Choose File" button and select the file you have downloaded in step 3 above
- Click "Upload". The certificate signing request will be signed by Apple.
- Download the certificate using the "Download" button and save it on your computer.
- Back to Sophos Cloud click on "Upload APNS Certificate" and upload the file you have downloaded in the step before.
- In addition, specify the Apple ID you have used to create the certificate.
- Your Sophos Cloud account is now prepared for the deployment of iOS devices. This status can be confirmed in the 'APNS Certificate Status' section of the page.
2. Adding users
If you have already created your Sophos Cloud users you can skip this step. If you are yet to create your Sophos Cloud users do as follows:
- Click on 'Users & Devices'.
- Click on 'Email Deployment'
- Click the "New deployment" button and provide a user name, e.g. Bob Smith, and an email address for the user.
- Optionally provide an Exchange login and add them to an existing Sophos Cloud group.
- Choose which type of devices the user will be protecting, i.e. Computers and/or Mobile devices.
- After clicking the 'Save' button (or Save & Deploy Another) the user will be created and the deployment email will be sent to the user with instructions on how to install.
Note: For more information on deployment see article 119265.
3. Creating a new policy for mobile devices and users
Once you have added users, you can create your own policy for mobile devices. If no additional policy is created and assigned to your users / groups, the 'Base Policy' will be applied automatically. Therefore, you can also skip this step if you want to use the "Base Policy" for testing purposes.
To create a new policy for mobile devices follow these steps:
- Click on 'Users & Devices' and then on 'Policies'.
- To add a new Policy click the 'Add' button.
- Enter a name for the policy and select which policy settings should appear. For mobile device make sure the check box next to 'Control policy for mobile devices' is selected
Note: If check boxes are greyed out your license does not cover this feature.
- Click 'Next'.
- Now, select users and/or groups to which the policy should apply to. Simply double-click the users/groups to move them to the right side.
- Click 'Next' again
- The settings for mobile devices will appear which you can define as you require them. A description of all available mobile settings can be found in our knowledgebase article 120811
Note: Changing the policy settings is possible at any later point. Every change will be automatically applied to the users after the policy change is saved.
- Press 'Next'.
- In a final step you can disable the policy if you want to and in addition define an expiry date for it.
- Click "Save" to complete the policy creation.
4. Completing the device registration
To complete the device enrollment users are required to follow the steps described in the email sent by Sophos Cloud. This includes the download of the Sophos Mobile Control app which can be found in the App Store of the respective platform. Furthermore, all configuration you have defined in a policy assigned to that user are applied. If no additional policy was created the 'Base Policy' is applied.
Once a user has successfully registered a device it will appear in the "Devices" view together with the user who has registered it. It will be named using the model name the device has reported. This can be changed afterwards.
Sophos Cloud Mobile - Frequently Asked Questions - 120777
Sophos Cloud Mobile - Available configuration settings for iOS devices - 120811