Sophos Mobile Control - Device management & security

Sophos Mobile serves as a Unified Endpoint Management (UEM) solution, enabling organizations to effectively manage, oversee, and safeguard devices running on Android, iOS, macOS, Windows 10, and Chrome (such as Chromebooks) through a centralized web console. The Sophos Mobile Control application facilitates the enrollment of your device within the Sophos Mobile system. Once enrolled, your organization can set device policies, distribute applications, and enhance security measures for your device.

IMPORTANT: This application will not operate effectively without the required Sophos management console being set up. Only download the app if instructed by your organization.

Key features

• Report the compliance status of the device.

• Initiate device synchronization with the Sophos Mobile management console.

• Install applications from an Enterprise App Store.

• Show all compliance infractions.

• Assist in locating the device when it is lost or stolen.

• Receive notifications from the Sophos Mobile management console.

• Provide privacy and support information.

The app utilizes Device Administrator permission.

It can access the device’s location in the background to help your organization track the device when it has been misplaced or stolen. However, the app does not regularly monitor or log your whereabouts.

Sophos Mobile also supports advanced MDM management capabilities for devices equipped with Samsung Knox, LG GATE, or SONY Enterprise API.

Hello Everyone,

To better support our customers, we're changing our telecoms partner. This allows us to leverage world-class telephony options globally in a way we couldn't before.

We have updated our Support Portal with new phone numbers with this transition. We're currently in the process of transitioning out legacy numbers for the new inbound numbers. As of July 1st, 2023, we'll be shutting down the legacy inbound numbers, and you'll be required to use the new Support numbers when calling in.

This is a global change, so we highly encourage you to delete the old numbers from your database and find the new numbers for your region here: 

https://doc.sophos.com/support/help/en-us/contact/index.html 

Event logs

You can select the log types to store the logs locally and see them in the Log viewer or send them to Sophos Central or external syslog servers.

You can select logs to store or send by module or feature, or you can select all logs.

To save the logs for traffic matching the following rules, do as follows:

Firewall rules: Select Log firewall traffic in each rule.

SSL/TLS inspection rules: Select Log connections in each rule.

To make sure the saved logs are shown locally or sent externally, go to System services > Log settings and select the log types under Log settings as follows:

Log viewer: Under Local reporting

Sophos Central: Under Central reporting

Syslog servers: Under the syslog servers you configure

Locally

To store event logs locally and show them in the Log viewer, select the log types under Local reporting.

Note

These logs are shown in the log viewer. They aren't on-box reports. To turn reporting on or off, see Continuous generation of application reports.

Central reporting

To send logs to Sophos Central, you must go to the Sophos Central page and turn on Sophos Central services. See Sophos Central services overview.

On the Log settings page, you can change the log types to send to Sophos Central under Central reporting.

The selection only applies to logs. It doesn't apply to reports.

Syslog servers

You can configure up to five syslog servers to send the event logs to. The firewall sends these logs to the servers. The syslog protocol normally uses UDP port 514 for communication.

Syslog servers provide a central logging facility and long-term protected storage for event logs.

To send logs to a syslog server, click Add and specify the syslog server details. The syslog server appears on the log settings page.

Note

Establishing a TLS connection with the syslog server in LINCE mode requires the certificate's Common Name (CNAME) or Subject Alternative Name (SAN) to match the syslog server's domain. If LINCE is turned off, the firewall only verifies the CNAME.

Log suppression

You can suppress logs, eliminating multiple consecutive log entries for an event. Log suppression saves logging space and processing cycles.

The feature applies to logs sent to the log viewer, Sophos Central, and third-party syslog servers.

Under Suppress logs, select All to suppress all logs. Currently, you can only suppress the logs under Firewall.

You can see the number of log entries for an event under Log occurrence in the log viewer.

Log type

Firewall: Information about traffic associated with the firewall configuration, such as firewall rules, MAC filtering, and DoS attacks.

IPS: Logs of detected and dropped attacks based on unknown or suspicious patterns (anomalies) and signatures.

Antivirus: Details of viruses detected in HTTP, SMTP, FTP, POP3, IMAP4, HTTPS, SMTPS, IMAPS, and POPS traffic.

Anti-spam: Details of SMTP, POP3, IMAP4, SMTPS, POPS, IMAPS spam, and probable spam emails.

Content filtering: Details of web and application filtering events, such as those associated with web policies.