Supported platforms |
Detailed version |
Operation system |
Version |
Windows Server 2008 32/64 bit |
SP 1 |
Windows Server 2008 R2 64 bit |
SP 1 |
Windows Server 2012 (64 bit) |
|
Windows Server 2012 (64 bit) R2 |
|
Java JDK version |
Version |
JDK 8 (delivered with the installer) |
8u31 |
Database version |
Version |
Microsoft SQL Server 2008 (32/64 bit) |
SP 3 |
Microsoft SQL Server 2008 R2 (64 bit) |
SP 2 |
Microsoft SQL Server 2012 (64) bit) |
SP 1 |
Microsoft SQL Server 2014 Express |
SP 1 |
MySQL |
5.6 |
Mobile operation system |
Version |
Apple iOS |
6.x 7.x 8.x |
Android |
2.3.3 or higher (Android phones) 3.0 or higher (Android tablets) 4.x (tablets and smartphones) 5.0 or higher |
Windows Phone 8 |
8.0.x 8.1.x |
Browser |
Version |
Internet Explorer |
9, 10, 11 |
Mozilla Firefox |
30 or higher |
Google Chrome |
35 or higher |
Directory servers |
Version |
Microsoft ActiveDirectory |
As included in the Windows Server versions above. |
OpenLDAP |
As provided by the Zimbra server below |
Novell eDirectory |
8.8 SP 6 |
Lotus Domino |
8.5.3 |
Email systems |
Version |
Microsoft Exchange |
2003 SP2 2007 SP3 2010 SP2 2013 |
Lotus Domino Traveler |
9.0 |
Zimbra |
8.0 |
CA server |
Version |
Windows Server 2008 32/64 bit |
SP1 |
Windows Server 2008 R2 64 bit |
SP1 |
Windows Server 2012 64 bit |
Latest SP |
Windows Server 2012 R2 64 bit |
Latest SP |
Note: For Android versions up to version 4.0.4 Google accounts have to be available on devices, if you want to set up Sophos Mobile Control on devices without telephone numbers (for example tablets). The accounts are required for using GCM (Google Cloud Messaging). For Android version 4.0.4 and 4.1 and higher Google accounts are no longer required.
Note: Android 4.2 devices including all new features except the multi user feature are supported. If the 4.2 multi user feature is used on a device, only the first user that is registered in Sophos Mobile Control can be managed.
Note: Sophos Mobile Encryption Management requires iOS7.
Note: Sophos supports only official Android versions. Sophos does not guarantee that the SMC Android client is working with all the different custom roms available.
For further information, see https://www.sophos.com/en-us/support/knowledgebase/121983.aspx.
For details on installing the Sophos Mobile Control Server, refer to the Sophos Mobile Control installation guide. For details on installing and setting up Sophos Mobile Control on end user devices by using the Sophos Mobile Control Self Service Portal, refer to the Sophos Mobile Control user guides for Android, Apple iOS and Windows Phone 8. You can download the product documentation at http://www.sophos.com/en-us/support/documentation/mobile-control.aspx.
With Sophos Mobile Control 3.6 license reporting was introduced. For further information, see http://www.sophos.com/en-us/support/knowledgebase/120127.aspx.
If you are planning to do the update to SMC 5 overnight please disable the scheduled tasks to stop and restart the SMC server (default: 4:00 am and 4:05 am) if those times could interfere with the update and migration procedure. You can re-enable them after the update is finished.
If the Sophos Mobile Control license file is placed in a folder with Japanese characters in the name for installation, the installation process fails.
After changing the URL of the server using the Configuration Wizard the SMC standard license needs to be reactivated. To do so go to Setup – System setup – License, enter your standard license key in the input field and click “Activate”.
On some SAMSUNG SAFE devices removing an Android profile with a certificate does not remove the certificate from the device
On some SAMSUNG SAFE devices (e.g. seen on a Samsung S3 mini with Android 4.1.2) installing a Root-certificate via a profile works fine without any issues. If the profile is removed again from the device via the Sophos Mobile Control console the devices synchronizes with the server but the certificate itself is not removed from the device. This is an issue of the Samsung API that according to Samsung will be fixed within the next Android (Kitkat) upgrade of affected devices, e.g. Samsung S3 mini with Android 4.1.2
On some SAMSUNG SAFE devices it is not possible to add a profile with a root certificate
On some SAMSUNG SAFE devices (e.g. seen on a Samsung Galaxy S2 with Android 4.0.3) installing a root certificate via a profile does not work. This is an issue of the Samsung API where a call to a Samsung API returns success although the root certificate could not be installed on the device.
On some SAMSUNG SAFE devices it is not possible to remove the VPN profile from the device
On some SAMSUNG SAFE devices (e.g. seen on a Samsung Galaxy S2 with Android 4.0.3) removing a VPN profile via the SMC admin does not work. This is an issue on the Samsung API on the device where removing the profile via a call to the Samsung API succeeds although the VPN profile is actually not removed on the device.
On some SAMSUNG SAFE devices a WiFi configuration is transferred to the device but when connecting to the WiFi the user gets an error message "Failed to connect to network"
On some SAMSUNG SAFE devices (e.g. seen on a Samsung S3 mini with Android 4.1.2) WiFi configuration are installed correctly but when the user connecting to the WiFi does not work giving the user an error message "Failed to connect to network". This is an issue of the Samsung API that according to Samsung will be fixed within the next Android (Kitkat) upgrade of affected devices, e.g. Samsung S3 mini with Android 4.1.2
When use of Safari (iOS Browser) is restricted via a profile recommended and required apps cannot be installed via an iTunes link
Installing a recommended or required app via an iTunes link on an iOS device requires the use of Safari. If the use of Safari is restricted, recommended and required apps cannot be installed via an iTunes link.
Automatic synchronization of the SMC app against the server does not work reliably
In some cases the silent trigger sent by the SMC server does not result in an automatic background synchronization. In those cases the user can still synchronize the app manually.
Managed Sophos Secure Workspace looses the management status after upgrade of app
When upgrading a Sophos Secure Workspace for iOS app that is already managed by Sophos Mobile Control it may happen in very rare cases that Sophos Secure Workspace is no more managed on the device. This is caused by an undefined behavior of the Apple iOS mechanism used for managing the app: the managed settings get lost. Installing the profile again for the device from the Sophos Mobile Control admin takes the app under management again.
Single app mode profile changes do not affect the device
Updating an iOS Single App Mode profile does not update all contained settings. The "disable…" options are updated correctly. All other options only work on the first installation of the profile. For switching those settings the profile has to be removed and installed again. This is an issue in Apple iOS.
Windows Phone 8.1 devices < GDR1 do not set Exchange account names correctly
Windows Phone devices running 8.1 < GDR1 do not use the Exchange account display name as configured. Instead, they just use a numbering scheme. This display issue does not affect the actual synchronization. Newer Windows Phone 8.1 versions use the name as configured.
A "no passcode" compliance violation is reported although a passcode is set on the device
The “password required” compliance rule does not work correctly for Windows Phone devices if no passcode policy is enforced by SMC. The devices do not report a passcode being set if the user does this without being forced to by a policy. This is an issue in Windows Phone.
SafeSearch restriction
The Windows Phone 8.1 restriction “SafeSearch permission” is not working correctly. Due to an issue in Windows Phone 8.1 the restriction is ignored on the device and defaults to “moderate”.
Android devices are automatically enabled through EAS Proxy, if the device was registered with the Self Service Portal. If an administrator has added the phone to Sophos Mobile Control, it is required to enter the sAMAccountName in the respective property of the device details view to make ActiveSync synchronization possible. If devices are registered with an LDAP entry and SSP, this is not necessary (this only applies to Microsoft ActiveDirectory).
When entering a password, e.g. in an Exchange email configuration, it may happen that the password is cut off and not all asterisks are shown. The user can still enter any password, although the control does not show the right amount of characters entered. This is caused by a bug in the web control within the standard framework used by Sophos Mobile Control.
If several Android devices are registered for the same user in the Self Service Portal and email access is blocked for one of the devices, access is blocked for another device, not for the one intended. This problem is caused by limitations in the Android operating system.
Internet Explorer may classify the Web Console as an intranet site. As a result, compatibility mode is activated by default which results in a corrupted view and erroneous behavior. This browser feature can be disabled in the Compatibility View Settings of Internet Explorer by unchecking “Display intranet sites in Compatibility View”.
You can find technical support for Sophos products in any of these ways:
Copyright © 2015 Sophos Ltd. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.
Sophos is a registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.