Sophos Mobile
Product Matrix, June 2016
Feature | Sophos Mobile Control Advanced | Sophos Mobile Control Standard | Sophos Central Mobile | Sophos Central Mobile Security |
---|---|---|---|---|
Deployment method | SaaS or on-premise | SaaS or on-premise | via Sophos Central | via Sophos Central |
Management console | Dedicated console | Dedicated console | via Sophos Central | via Sophos Central |
Reports | Extensive | Extensive | Limited | Limited |
Dashboard | Advanced | Advanced | Basic | Basic |
Mobile Device Management |
||||
Profiles and policies | Extended | Extended | Basic | AV only |
Certificate support | Root, client, SCEP | Root, client, SCEP | ||
Inventory tracking | Advanced | Advanced | Basic | Basic |
iOS device support | ||||
Android device support | ||||
Windows 10 Mobile device support | ||||
Windows 10 Desktop device support | ||||
Mobile Application Management |
||||
Enterprise App Store | ||||
Deliver apps | ||||
Apple VPP support | ||||
Apple DEP support | ||||
View installed apps per device | ||||
Whitelisting and blacklisting | ||||
Samsung KNOX Workspace | ||||
App Management SDK | ||||
Mobile Content Management |
||||
Secure document publishing | ||||
Secure document collaboration | ||||
Text and PDF editing | ||||
File encryption for cloud storage | ||||
Containerized Corporate Browser | ||||
Mobile Email Management |
||||
Remote email configuration | ||||
Containerized Secure Email | ||||
Email Gateway | ||||
BYOD support |
||||
Self Service Portal | ||||
Display editable use policy | ||||
Track ownership |
For more information, please see the full feature matrix.
Sophos Mobile Control
Feature Matrix, June 2016
Apple iOS | Android | ||
---|---|---|---|
Server |
|||
Device compliance rules |
|||
Group-based compliance rules | |||
Jailbreak or rooting detection | |||
Minimum or maximum OS version required | |||
Last synchronization of the device | |||
Last synchronization of the Sophos app | |||
Sideloading of apps | |||
Inventory and device information |
|||
User and device based inventory | |||
Automatic device model detection | |||
Automatic OS version detection | |||
Management state | |||
Compliance state | |||
Device user | |||
Enrollment date | |||
Last check in | |||
Device enrollment |
|||
By email with either QR code, link or server information | |||
Automatic assignment of policies based on user directory group membership | |||
Devices |
|||
SMC app functionality |
|||
Device enrollment via QR code | |||
Show compliance violations | |||
Trigger device check-in | |||
Device commands |
|||
Check-in (request the device to sync with Sophos Cloud) | |||
Password reset | |||
Device Wipe | |||
Device Lock | |||
Company Wipe and delete (removal of all profiles and data associated to it) | |||
Locate | |||
Password settings |
|||
Password complexity (none, PIN, alphabetic, complex) | |||
Minimum length of the password | |||
Inactivity time (time in minutes up to the query of the password) | |||
Maximum number of attempts until the device will be reset | |||
Minimum length of the password | |||
Maximum password age (expiration) | |||
Restrictions |
|||
Disable App Store | 1, 2, 3 | ||
Disable camera | |||
Block taking screenshots | 1 | ||
Disable native browser | 1, 2, 3 | ||
Disable sending diagnostic data on app crashes | 1, 2, 3 | ||
Disable iCloud backup | |||
Disable TouchID to unlock | |||
Disable sharing docs from managed to unmanaged accounts or apps | |||
Disable sharing docs from unmanaged to managed accounts or apps | |||
Hide control center on the lock screen (e.g. Wi-Fi, volume, Bluetooth,…) | |||
Hide notifications on the lock screen (e.g. SMS, email, calls,…) | |||
Exchange e-mail configuration |
|||
Configure Microsoft Exchange settings | 1, 2, 3 | ||
Generic account and user account | 1, 2, 3 | ||
Wi-Fi configuration |
|||
Configure Wi-Fi settings (WEP, WPA, WPA2) | |||
Connect automatically | |||
Support hidden networks | |||
Support proxy configuration |
1) requires Samsung SAFE v2 or higher compatible devices
2) requires LG Gate compatible phones
3) requires Sony Enterprise API compatible phones
Sophos Mobile Control 6.0
Feature Matrix 12/2015
Apple iOS | Android | Windows10 Mobile | |
---|---|---|---|
Server |
|||
Admin User Interface |
|||
Easy-to-use web interface | |||
Flexible Dashboard with 18 different widgets | |||
Flexible filter mechanism | |||
Role-based access | |||
Multitenancy | |||
Communication from superadmin to all tenants (administration and SSP UI) | |||
Sophos technical notifications | |||
Sending of text messages (via APNS, GCM, Baidu, MPNS) | |||
Self Service Portal |
|||
Register new device | |||
Device wipe | |||
Device lock | |||
Device locate | |||
Passcode reset for Device, App Protection (Android), Sophos Container (iOS, Android) | |||
Trigger device checkin | |||
Decommission device from management (incl. corporate wipe on iOS, Samsung SAFE, Windows 10 Mobile) | 5 | ||
Delete decommissioned device from inventory | |||
Monitor device status and compliance information | |||
Show acceptable use policy with new device registration | |||
Display post-enrollment message | |||
Control registration by OS type | |||
Configure maximum number of devices per user | |||
Company specific configuration of commands available to users | |||
User Directory and Management |
|||
Comprehensive password policies | |||
Password recovery by the user | |||
Internal user directory including batch upload capability | |||
Microsoft ActiveDirectory integration | |||
Novell eDirectory integration | |||
Lotus Notes Directory integration | |||
Red Hat Directory integration | |||
Zimbra Directory integration | |||
Device compliance enforcement rules |
|||
Group assignment or ownership-based compliance rules | |||
Compliance violations analytics | |||
Device under management | |||
Jailbreak or rooting detection | |||
Encryption required | |||
Passcode required | |||
Minimum OS version required | |||
Maximum OS version allowed | |||
Last synchronization of the device | |||
Last synchronization of the SMC app | |||
Blacklisted apps | |||
Whitelisted apps | |||
Mandatory apps | |||
Block installation from unknown sources (sideloading) | |||
Data roaming setting | |||
USB debugging setting | |||
SMC client version | |||
Malware detection | 4 | ||
Suspicious apps detection | 4 | ||
Potentially unwanted apps detection | 4 | ||
Last malware scan | 4 | ||
Locate for SMC app enabled | |||
Security |
|||
Encrypted connection to web interface | |||
Encrypted communication with devices | |||
Control email access by compliance state (Exchange gateway) | |||
2FA device authentication at Exchange gateway (password, certificate) | |||
Control network access by compliance state (Generic NAC interface, Sophos UTM, Cisco ISE, Checkpoint) | |||
USSD code protection (e.g. *#2314#) | 4 | ||
SPAM protection (call, SMS, MMS) | 4 | ||
Protection from malicous websites (web filtering) | 4 | ||
Protect corporate apps with additional authentication (App Protection) | 4 | ||
Web productivity filtering by 14 categories + allow/deny lists by IP address, DNS name and IP range | 4 | ||
Inventory |
|||
Device groups | |||
User oriented view on devices | |||
Automatic transfer of unique device ID (IMEI, MEID, UDID) and further device data | |||
Automatic OS version detection | |||
Automatic device model resolution into a user friendly name | |||
Marker for company-owned and privately-owned devices | |||
Customer defined device properties with template support | |||
Import/export of device information | |||
Provisioning / Device enrollment |
|||
Device enrollment wizard for admins | |||
By email | |||
Online registration from the device | |||
Bulk provisioning (by email) | |||
Apple Configurator deployment | |||
Definition of standard rollout packages | |||
Automatic assignment of initial policies and groups based on user directory group membership | |||
Task management |
|||
Scheduled task generation | |||
Tasks can be generated for single devices or groups | |||
Detailed status tracking for each task | |||
Intelligent strategies for task repetition | |||
Reporting |
|||
Inventory export with applied filters | |||
Export of all tables in the system as XLS or CSV | |||
Malware reports (2 different kind) | |||
Compliance log of all administrator activities in all customers | |||
Compliance violation reports (2 different kind) | |||
Device reports (8 different kind) | |||
App reports (6 different kind) | |||
Programming interface (API) |
|||
Web service (REST) API for device information and provisioning from 3rd party systems | |||
Devices |
|||
SMC app functionality |
|||
Enterprise App Store (required and recommended apps) | |||
Show compliance violations | |||
Show server messages | |||
Show technical contact | |||
Trigger device synchronization | |||
Mobile application management |
|||
Installing apps (with or without user interaction, including managed apps on iOS) | |||
Uninstalling apps (with or without user interaction) | |||
List of all installed apps | |||
Support for Apple Volume Purchasing Program (VPP) | |||
Allow/forbid installation of apps | |||
Block app deinstallation | 5, 15, 16 | ||
Remote configuration of company apps (managed settings) | |||
Block specific apps from running (app blocker) | |||
Security |
|||
Jailbreak (iOS)/Rooting (Android) detection | |||
Tamper detection | |||
Anti-theft protection: remote wipe | |||
Anti-theft protection: remote lock | |||
Anti-theft protection: device locate | |||
Enforce password strength and complexity | |||
Inactivity time (time in minutes up to the query of the password) | |||
Maximum number of attempts until the device will be reset | |||
Minimum length of the password | |||
Password history | |||
Password expiration time | |||
Minimum length of lower/upper case, non-letter or symbol characters in the passcode | |||
Passcode reset (unlock)/administrator defines new passcode | |||
Activation Lock bypass | 11 | ||
Activation of storage encryption | 3 | ||
Access to the memory card can be prohibited | |||
Activation/deactivation of device data encryption | |||
Blocking installation from unknown sources (sideloading) | 5 | ||
Blocking of Wi-Fi | 11 | 5 | |
Blocking of Bluetooth | 5 | ||
Blocking of data transfer via Bluetooth | 13 | ||
Blocking of data transfer via NFC | 13 | ||
Blocking of USB connections | |||
Blocking of camera | 5, 7 | ||
Protection of settings against modification/removal by the user | |||
Allow/forbid use of iTunes Store / Google Play / Windows Store | 5 | ||
Allow/forbid use of YouTube app | |||
Allow/forbid use of Browser | 5 | ||
Allow/forbid explicit content | |||
Allow/forbid camera on lock screen | 7 | ||
Allow/forbid widgets on lock screen | 7 | ||
Prevent email forwarding | |||
S/MIME enforcement | |||
Allow/forbid 3rd party app usage of email | |||
Allow/forbid iCloud autosync | |||
Allow/forbid to send crash data to Apple / Google / Samsung / Microsoft (Telemetry) | 5 | ||
Allow/forbid certificates from untrusted sources | |||
Allow/forbid WiFi auto-connect | |||
Allow/forbid shared photo stream | |||
Allow/forbid Passbook on lock screen | |||
Allow/forbid device act as hotspot | |||
Configuration of profile lifetime | |||
Allow/forbid recent contacts to sync | |||
Allow/forbid Siri (iOS) or Cortana (Microsoft) | |||
Allow/forbid Siri querying content from the web | 11 | ||
Support for SCEP certificate provisioning | |||
Allow/forbid „Open with…“ functionality to share data between managed and unmanaged apps | |||
Allow/forbid fingerprint reader (Touch ID) to unlock device | |||
Allow/forbid account modification | 11 | ||
Allow/forbid modification of cellular data usage per app | 11 | ||
Allow/forbid Control Center on lock screen | |||
Allow/forbid Notification Center on lock screen | |||
Allow/forbid Today view on lock screen | |||
Allow/forbid over-the-air PKI updates | |||
Allow/forbid find my friends modification | 11 | ||
Allow/forbid host pairing | 11 | ||
Allow/forbid AirDrop | 11 | ||
Allow/forbid single app mode (app lock or kiosk mode) | 11 | ||
Allow/forbid iBooks store | |||
Allow/forbid explicit sexual content in iBooks store | |||
Allow/forbid iMessage | |||
Allow/forbid user to reset the device | |||
Allow/forbid device unenrollment from MDM management | 5, 15, 16 | ||
Allow/forbid user to create screenshots | |||
Allow/forbid user to use copy/paste | |||
Filter access to web sites (blacklisting) or whitelist web sites with bookmarks | 11 | ||
Block OS upgrade | 5 | ||
Device configuration |
|||
Microsoft Exchange settings for email | 5, 15, 16 | ||
IMAP or POP settings for email | |||
LDAP and CalDAV settings | |||
Configuration of access points | |||
Proxy settings | |||
Wi-Fi settings | |||
VPN settings | 5 | ||
Install root certificates | 13 | ||
Install client certificates | |||
Per app VPN | 10 | ||
Single sign on (SSO) for 3rd party apps (app protection) and company webpages (iOS 7 and higher) | 10 | ||
Distribution of bookmarks | |||
Automatically receive Wi-Fi and VPN settings from Sophos UTM appliances | |||
Samsung KNOX: Container handling (create, lock, decommission) | 13 | ||
Samsung KNOX: Configure Restrictions | 13 | ||
Samsung KNOX: Configure Exchange | 13 | ||
Samsung KNOX: Container Password | 13 | ||
Managed domains | 14 | ||
Device information |
|||
Internal memory utilization (free/used) | |||
Battery charge level | |||
IMSI (unique identification number) of SIM card | |||
Currently used cellular network | |||
Roaming mode | |||
OS version | |||
List of installed profiles | |||
List of installed certificates | |||
Malware detected on device | 4 | ||
Remote screen sharing (requires AirPlay device) | 10 | ||
Corporate Browser (with Sophos Secure Workspace) |
|||
Browsing restricted to predefined corporate domains | 4 | 4 | |
Preconfigured corporate bookmarks | 4 | 4 | |
Password manager | 4 | 4 | |
Client or user certificates to authenticate against corporate websites | 4 | 4 | |
Root certificates | 4 | 4 | |
Restricted cut copy and paste | 4 | 4 | |
Mobile Content Management (with Sophos Secure Workspace) |
|||
Publish documents from SMC server | 4 | 4 | |
Content storage: Dropbox | 4 | 4 | |
Content storage: Google Drive | 4 | 4 | |
Content storage: Microsoft OneDrive | 4 | 4 | |
Content storage: Telekom Mediacenter | 4 | 4 | |
Content storage: Egnyte | 4 | 4 | |
Content storage: OwnCloud | 4 | 4 | |
Content storage: WebDAV (like Windows Server, Strato Hi-Drive, …) | 4 | 4 | |
User authentication | 4 | 4 | |
FIPS 140-2 encryption with AES256 | 4 | 4 | |
DLP setting: Allow offline viewing | 4 | 4 | |
DLP setting: Allow copy to clipboard | 4 | 4 | |
DLP setting: Allow e-mailing in encrypted form | 4 | 4 | |
DLP setting: Allow „open with“ unencrypted, including e-mailing unencrypted | 4 | 4 | |
Add files from mail or download to content app | 4 | 4 | |
Select existing encryption key or create new user key | 4 | 4 | |
Integrated with SafeGuard Cloud Storage | 4 | 4 | |
Lock access on non-compliant devices | 4 | 4 | |
Request call home time-based or by unlock count | 4 | 4 | |
Create or edit text files | 4 | 4 | |
Annotate PDF files | 4 | 4 | |
Fill PDF forms | 4 | 4 | |
Unlock app via fingerprint reader | 4 | ||
Secure Email (with Sophos Secure Email) |
|||
Exchange email | 4 | 4 | |
Exchange contacts | 4 | 4 | |
Exchange calendar | 4 | 4 | |
Geo-fencing | 4 | 4 | |
Time-fencing | 4 | 4 | |
Wi-Fi fencing | 4 | 4 | |
Control cut and copy | 4 | 4 | |
Show event details | 4 | 4 | |
Export contacts to device | |||
Mobile SDK (to be embedded in apps) |
|||
App expiration date | 4 | 4 | |
App embedded EULA | 4 | 4 | |
App password (with SSO across all SDK enabled apps) | 4 | 4 | |
Geo-fencing of the app | 4 | 4 | |
Time-fencing of the app | 4 | 4 | |
Block app start on jailbroken or rooted devices | 4 | 4 | |
Make Wi-Fi network mandatory for app usage | 4 | 4 | |
Make available corporate Wi-Fi mandatory for app usage | 4 | 4 | |
Telecom Cost Control |
|||
Disable data while roaming | 5 | ||
Disable voice while roaming | 5 | ||
Disable sync while roaming | 5 |
3) By setting a pin or passcode
4) If SMC Advanced is licensed
5) Requires a Samsung SAFE compatible device and optional an installation of the SAFE plugin
7) Requires Android 4 or higher
11) Requires a supervised device
13) Samsung KNOX V2.1 or higher
14) Requires iOS 8 or higher
15) Requires LG GATE enabled device
16) Required Sony extended MDM API enabled device