This article lists the most important step which have to be done to start the deployment of Sophos Central for mobile devices.
Applies to the following Sophos product(s) and version(s)
Sophos Cloud Mobile
Sophos Central Mobile - Getting started
After you have successfully logged in, the first step you have to do is to upload an Apple Push Notification Service (APNS) certificate if you want to manage iOS devices.
1. Create an APNS certificate (only required for iOS devices)
An APNS certificate is required to enable the communication to your iOS devices. To create an APNS certificate an Apple ID is required. This Apple ID should not be a personal account of an employee as the certificate is bound to the ID which created it. It is recommended to use a corporate Apple ID for this purpose, creating one if required.
To create the certificate follow the steps below assuming you are logged in to Sophos Central.
- Click on "System settings" and click on 'iOS Settings for MDM'.
- On the "iOS Settings for MDM" page, click "Enable iOS support now". The IOS Support setup dialog is displayed.
- In the "Download Certificate "Signing" step, click "Download the certificate signing request".
This saves the certificate signing request file "apple.csr" to your local computer.
- You need an Apple ID. Even if you already haven an ID, we recommend that you create a new one for use with Sophos Central. In the "Create Apple ID" step, click "Create Apple ID".
- This opens an Apple web page where you can create an Apple ID for your company. Note: Store the credentials in a safe place where your colleagues can access them. Your company will need these credentials to renew the certificate each year.
- In the "Create / Renew" APNs Certificate step, click "Apple Push Certificate Portal".
This opens the Apple Push Certificate Portal.
- Log in with your Apple ID and upload the certificate signing request file "apple.csr" you prepared before. Download the .pem APNs certificate file and save it to your computer.
- In the "Upload APNs Certificate" step, enter your Apple ID. Then click "Browse". Select the .pem file that you have received from the Apple Push Certificate Portal.
- Click SDave to add the APNs certificate to Sophos Central and to close the dialog.
- Your Sophos Central account is now prepared for the deployment of iOS devices. This status can be confirmed in the "APNS Certificate Status" section of the page.
2. Adding users
If you have already created your Sophos Central users you can skip this step. If you are yet to create your Sophos Cloud Central do as follows:
- Click on "People".
- Click on "Add User".
- Provide a user name, e.g. Bob Smith, and an email address for the user.
- Optionally provide an Exchange login and add them to an existing Sophos Central group.
You can also expand the "Email Setup Link" section and mark the checkbox for "iOS and Android mobile devices" to immediately start the enrollment process.
- After clicking the "Save" button (or "Save & Add Another") the user will be created and if enabled an enrollment email will be sent.
Note: For more information on deployment see article 119265.
3. Creating a new policy for mobile devices and users
Once you have added users, you can create your own policy for mobile devices. If no additional policy is created and assigned to your users / groups, the "Base Policy" will be applied automatically. Therefore, you can also skip this step if you want to use the "Base Policy" for testing purposes.
To create a new policy for mobile devices follow these steps:
- Click on "Policies".
- To add a new Policy click the "Add policy" button.
- Enter a name for the policy and select the users or groups to which the policy should be applied.
- Ton configure a mobile device policy, click on "Mobile Device Management" and enable this section.
- Configure the available setting according to your requirements.
A description of all available mobile settings can be found in our knowledgebase article 120811.
Note: Changing the policy settings is possible at any later point. Every change will be automatically applied to the users and devices after the policy change is saved.
- Press "Save" to complete the policy creation.
4. Completing the device registration
To complete the device enrollment users are required to follow the steps described in the email sent by Sophos Central. This includes the download of the Sophos Mobile Control app which can be found in the App Store of the respective platform. Furthermore, all configuration you have defined in a policy assigned to that user are applied. If no additional policy was created the 'Base Policy' is applied.
Once a user has successfully registered a device it will appear in the "Mobile Devices" view together with the user who has registered it. It will be named using the model name the device has reported. This can be changed afterwards.
Sophos Central Mobile - Frequently Asked Questions - 120777
Sophos Central Mobile - Available configuration settings for iOS devices - 120811