A work profile is created when users enroll their devices in the Self Service Portal in Android enterprise profile owner mode. You can delete the work profile in Sophos Mobile Admin, for example to delete corporate data from the device in case of lost or theft.
A work profile can be set up on an Android device to separate work apps and data from personal apps and data. With a work profile you can securely and privately use the same device for work and personal purposes—your organization manages your work apps and data while your personal apps, data, and usage remain private.
The article will guide you how to configure the deployment of Android Enterprise Work Profile policy for users to self-register their devices on Self Service Portal.
Step 1: Create Android Enterprise Work Profile policy.
Log in to Sophos Central. In the My Products section select Mobile.
Go to Configure > Android > Create > Android Enterprise Work Profile policy.
In Edit Policy:
Name: Enter the name of the policy you want
Click Add configuration.
In the Basic Configurations section you can select Password Policies – Work Profile or any other configurations you want.
You can choose Password type as PIN or Password and select the parameters as shown below. Click Apply.
Continue click Add configuration. Select App Permissions (The App Permissions configuration allows you to set responses to permission requests from work apps.)
Click Select app and choose an app like Gmail.
Adjust the permissions for Gmail according to parameters such as Denied, Granted, Selectable. Click Apply.
Step 2: Create Task Bundle.
Scroll down and select Task Bundle > Android > Create > Create task bundle.
In Edit task bundle: Enter a name for the Task and click Add task.
Select Add task as Enroll.
In Add Enroll Task select deploy Work Profile. Click Next.
Select the name Work Profile Policy just created in step 1. Click Finish.
In addition to deploying work profiles, you can also install applications included in the Google Play App that have been approved by Sophos Mobile. Click Add Task > Install manage Google Play app.
Choose an app like Gmail. Click Apply.
Step 3: Configure Self Service Portal.
Scroll down to Settings > Setup > Self Service Portal > Default.
Click Add > Android.
Display Name: Enter the name you want
Enrollment package: Select the name of the task bundle created in step 2. Click Apply.
The next step is configure the account that users can log in to the Self Service Portal.
You can refer to how to follow this link: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/tasks/SSPAccessEmail.html
After successful login. Click Mobile > Enroll Device.
Under Device Type select type Google Android.
Next select the Self Service Portal policy name configured above. Click Next.
In Device Setup section, use the camera on your phone will install Sophos Mobile, scan the QR code.
Step 4: Apply Work Profile Policy to device.
After scanning the QR code, you will get a link. Go to the website, you will be redirected to Google play to download and install Sophos Mobile Control. After the installation is complete, a Create work profile message will appear. Click Next.
You follow the instructions as below.
Once you’ve apply the Work Profile, you’ll have two Sophos Mobile Control apps on your phone. One is the Sophos Mobile Control you installed from scan QR code and the Sophos Mobile Control installed with the Work Profile Policy.
The Sophos Mobile Control app you installed from scan QR code, show a message that needs to be uninstalled. You click Uninstall.
After removing Sophos Mobile Control. You will see the interface of Work Profile are applications with orange locks next to them.
You can log in your company mail into the Gmail app to use.
Google Play in Work Profile can only load apps that have been Approve in Sophos Mobile App.