Mobile device management and more with the Sophos UEM solution

Today, many companies actively use not only computers, but also mobile devices and laptops in their work. In this regard, there is the problem of managing these devices using a unified solution. Sophos Mobile successfully accomplishes this task and opens up great opportunities for the administrator:

1. Management of mobile devices owned by the company;
2. BYOD, corporate data access containers.

In more detail about the tasks to be solved, I will tell under the cat ...

A bit of history

Before turning to the technical side of securing mobile devices, you need to figure out how the solution from Sophos MDM (Mobile Device Management) became the UEM (Unified Endpoint Management) solution, and briefly explain what the essence of both technologies is.



In 2010, the Sophos Mobile MDM solution was released. It allowed to manage mobile devices and did not support other platforms - PCs and laptops. Among the functionalities were available: install and uninstall applications, lock the phone, reset to factory settings, etc.

')

In 2015, several more technologies were added to MDM: Mobile Application Management (MAM) and Mobile Content Management (MCM). MAM technology allows you to manage corporate mobile applications. And MCM technology allows you to control access to corporate email and corporate content.



In 2018, Sophos Mobile began to support MacOS and Windows operating systems as part of the API provided by these operating systems. Computer management was as easy and unified as mobile devices, so the solution became a unified management platform - UEM.

BYOD and Sophos Container concept

Sophos Mobile also supports the well-known concept of BYOD (Bring Your Own Device). It consists in the ability to donate for corporate management not the entire device, but only the so-called Sophos Container, which consists of the following components:



Secure workspace

• built-in browser and bookmark pages;
• local storage;
• built-in workflow system.

Sophos Secure Email is an email client with contacts and calendar support.

How does an admin manage this?

The control system itself can be installed both locally and work from the cloud.



The admin control panel is very informative. It reflects summary information on managed devices. If you wish, you can customize it - add or remove various widgets.





The system also supports a large number of reports. All administrator actions are displayed on the taskbar with their status. Also available are all notifications that are ranked by importance with the ability to upload them.



This is one of the devices managed by Sophos Mobile.





The control menu of the target PC device is shown below. It is worth noting that the control interfaces of a mobile phone and a PC are quite similar.





The administrator has a very wide range of options, including:

• displaying profiles and policies that control the device;
• remote message sending to the device;
• device location request;
• remote lock screen of the mobile device;
• remote password reset Sophos Container;
• remove a device from the list of managed ones;
• Remote reset phone to factory settings.

It is worth noting that the last action leads to the removal of all information on the phone and reset to factory settings.



A complete list of Sophos Mobile-supported features depending on the platform is available in the Sophos Mobile Feature Matrix document.

Compliance Policy

Compliance policy allows the administrator to set policies that will check the device for compliance with corporate or industry requirements.





Here you can set a check for root access to the phone, the requirements for the minimum version of the operating system, a ban on the presence of malware, and much more. If the rule fails, you can block access to the container (mail, file), deny access to the network, and create a notification. Each configuration has its own degree of importance (Low Severity, Medium Severity, High Severity). Also in the policies there are two templates: under the requirements of the PCI DSS standards for financial institutions and HIPAA for medical institutions.



Thus, in this article, we have uncovered the concept of Sophos Mobile, which is a comprehensive UEM solution that allows you to protect not only mobile devices on iOS and Android, but laptops based on Windows and Mac OS platforms. You can easily try this solution by making a test request for 30 days.



If you are interested in the decision, you can contact us - Factor Group , Sophos distributor. It is enough to write in free form at sophos@fgts.ru .