Sophos Mobile: How to create compliance policy

With compliance policies you can:

. Allow, forbid or enforce certain features of a device

. Define actions that are executed when a compliance rule is violated

You can create different compliance policies and assign them to device groups. This allows you to apply different levels of security to your managed devices

** If you are planning to manage both corporate and private devices,  we recommend that you define separate compliance policies for at least these two device types

Guide to config compliance policy

  • Login to Sophos Central by Admin account
  • If you do not have an Admin account, create a Sophos Central account
  • Mobile -> CONFIGURE -> Compliance policies -> Create compliance policy -> Default template

** Default template: A selection of  compliance rules, with no actions defined

** PCI template, HIPAA template: Compliance rules and actions based on the HIPAA and the PCI DSS security standard, respectively


  • Import Name and optionally, a description for the compliance policy
  • Tick Enable platform check box (if it is not selected, devices of that platform are not checked for compliance)
  • Under If rule is violated, define the actions that will be taken when a rule is violated

Deny email: Forbid email access ( This action can only be taken if you have configured a connection to standalone EAS proxy)

Lock container: Disable the Sophos Secure Workplace and Secure Email apps (This actions can only be taken when you have activated a Mobile Advanced license)

Deny network: Forbid network access (This action can only be taken if you have configured Network Access Control)

Create alert: Create an alert. The alerts are displayed on the Alerts page

Transfer task bundle: Transfer a specific task bundle to the device (This action is only available for Android, iOS, macOS and Windows devices)

** When a device in Android enterprise device owner mode becomes non-compliance, all apps are disabled

-> Click Save to save the compliance policy


  • MANAGE -> Device groups -> Choose group which you want to apply compliance policy
  • In Compliance -> Corporate devices and Personal devices -> Choose Policy which created before -> Click Save

Be the first to comment

Leave a Reply

Your email address will not be published.