Sophos Mobile Control 5.0 release notes

Sophos Mobile Control platformsSophos Mobile Control platforms

Supported platforms

Detailed version

Operation system


Windows Server 2008 32/64 bit

SP 1

Windows Server 2008 R2 64 bit

SP 1

Windows Server 2012 (64 bit)


Windows Server 2012 (64 bit) R2


Java JDK version


JDK 8 (delivered with the installer)


Database version


Microsoft SQL Server 2008 (32/64 bit)

SP 3

Microsoft SQL Server 2008 R2 (64 bit)

SP 2

Microsoft SQL Server 2012 (64) bit)

SP 1

Microsoft SQL Server 2014 Express

SP 1



Mobile operation system


Apple iOS





2.3.3 or higher (Android phones)

3.0 or higher (Android tablets)

4.x (tablets and smartphones)

5.0 or higher

Windows Phone 8





Internet Explorer

9, 10, 11

Mozilla Firefox

30 or higher

Google Chrome

35 or higher

Directory servers


Microsoft ActiveDirectory

As included in the Windows Server versions above.


As provided by the Zimbra server below

Novell eDirectory

8.8 SP 6

Lotus Domino


Email systems


Microsoft Exchange

2003 SP2

2007 SP3

2010 SP2


Lotus Domino Traveler




CA server


Windows Server 2008 32/64 bit


Windows Server 2008 R2 64 bit


Windows Server 2012 64 bit

Latest SP

Windows Server 2012 R2 64 bit

Latest SP

Note: For Android versions up to version 4.0.4 Google accounts have to be available on devices, if you want to set up Sophos Mobile Control on devices without telephone numbers (for example tablets). The accounts are required for using GCM (Google Cloud Messaging). For Android version 4.0.4 and 4.1 and higher Google accounts are no longer required.

Note: Android 4.2 devices including all new features except the multi user feature are supported. If the 4.2 multi user feature is used on a device, only the first user that is registered in Sophos Mobile Control can be managed.

Note: Sophos Mobile Encryption Management requires iOS7.

Note: Sophos supports only official Android versions. Sophos does not guarantee that the SMC Android client is working with all the different custom roms available.

What’s new in version 5

For further information, see


For details on installing the Sophos Mobile Control Server, refer to the Sophos Mobile Control installation guide. For details on installing and setting up Sophos Mobile Control on end user devices by using the Sophos Mobile Control Self Service Portal, refer to the Sophos Mobile Control user guides for Android, Apple iOS and Windows Phone 8. You can download the product documentation at

License reporting

With Sophos Mobile Control 3.6 license reporting was introduced. For further information, see

Known issues


Scheduled tasks

If you are planning to do the update to SMC 5 overnight please disable the scheduled tasks to stop and restart the SMC server (default: 4:00 am and 4:05 am) if those times could interfere with the update and migration procedure. You can re-enable them after the update is finished.

Sophos Mobile Control license in a folder with Japanese characters in the folder name (DEF85338)

If the Sophos Mobile Control license file is placed in a folder with Japanese characters in the name for installation, the installation process fails.

Changing the server URL post-installation

After changing the URL of the server using the Configuration Wizard the SMC standard license needs to be reactivated. To do so go to Setup – System setup – License, enter your standard license key in the input field and click “Activate”.

End user device


On some SAMSUNG SAFE devices removing an Android profile with a certificate does not remove the certificate from the device

On some SAMSUNG SAFE devices (e.g. seen on a Samsung S3 mini with Android 4.1.2) installing a Root-certificate via a profile works fine without any issues. If the profile is removed again from the device via the Sophos Mobile Control console the devices synchronizes with the server but the certificate itself is not removed from the device. This is an issue of the Samsung API that according to Samsung will be fixed within the next Android (Kitkat) upgrade of affected devices, e.g. Samsung S3 mini with Android 4.1.2

On some SAMSUNG SAFE devices it is not possible to add a profile with a root certificate

On some SAMSUNG SAFE devices (e.g. seen on a Samsung Galaxy S2 with Android 4.0.3) installing a root certificate via a profile does not work. This is an issue of the Samsung API where a call to a Samsung API returns success although the root certificate could not be installed on the device. 

On some SAMSUNG SAFE devices it is not possible to remove the VPN profile from the device

On some SAMSUNG SAFE devices (e.g. seen on a Samsung Galaxy S2 with Android 4.0.3) removing a VPN profile via the SMC admin does not work. This is an issue on the Samsung API on the device where removing the profile via a call to the Samsung API succeeds although the VPN profile is actually not removed on the device. 

On some SAMSUNG SAFE devices a WiFi configuration is transferred to the device but when connecting to the WiFi the user gets an error message "Failed to connect to network" 

On some SAMSUNG SAFE devices (e.g. seen on a Samsung S3 mini with Android 4.1.2) WiFi configuration are installed correctly but when the user connecting to the WiFi does not work giving the user an error message "Failed to connect to network". This is an issue of the Samsung API that according to Samsung will be fixed within the next Android (Kitkat) upgrade of affected devices, e.g. Samsung S3 mini with Android 4.1.2


When use of Safari (iOS Browser) is restricted via a profile recommended and required apps cannot be installed via an iTunes link

Installing a recommended or required app via an iTunes link on an iOS device requires the use of Safari. If the use of Safari is restricted, recommended and required apps cannot be installed via an iTunes link.

Automatic synchronization of the SMC app against the server does not work reliably

In some cases the silent trigger sent by the SMC server does not result in an automatic background synchronization. In those cases the user can still synchronize the app manually.

Managed Sophos Secure Workspace looses the management status after upgrade of app

When upgrading a Sophos Secure Workspace for iOS app that is already managed by Sophos Mobile Control it may happen in very rare cases that Sophos Secure Workspace is no more managed on the device. This is caused by an undefined behavior of the Apple iOS mechanism used for managing the app: the managed settings get lost. Installing the profile again for the device from the Sophos Mobile Control admin takes the app under management again.

Single app mode profile changes do not affect the device

Updating an iOS Single App Mode profile does not update all contained settings. The "disable…" options are updated correctly. All other options only work on the first installation of the profile. For switching those settings the profile has to be removed and installed again. This is an issue in Apple iOS.

Windows Phone

Windows Phone 8.1 devices < GDR1 do not set Exchange account names correctly

Windows Phone devices running 8.1 < GDR1 do not use the Exchange account display name as configured. Instead, they just use a numbering scheme. This display issue does not affect the actual synchronization. Newer Windows Phone 8.1 versions use the name as configured.

A "no passcode" compliance violation is reported although a passcode is set on the device

The “password required” compliance rule does not work correctly for Windows Phone devices if no passcode policy is enforced by SMC. The devices do not report a passcode being set if the user does this without being forced to by a policy. This is an issue in Windows Phone.

SafeSearch restriction

The Windows Phone 8.1 restriction “SafeSearch permission” is not working correctly. Due to an issue in Windows Phone 8.1 the restriction is ignored on the device and defaults to “moderate”.

Sophos Mobile Control Web Console

Synchronizing an Android device with an Exchange Server

Android devices are automatically enabled through EAS Proxy, if the device was registered with the Self Service Portal. If an administrator has added the phone to Sophos Mobile Control, it is required to enter the sAMAccountName in the respective property of the device details view to make ActiveSync synchronization possible. If devices are registered with an LDAP entry and SSP, this is not necessary (this only applies to Microsoft ActiveDirectory).

Password fields may look corrupted in Internet Explorer 10

When entering a password, e.g. in an Exchange email configuration, it may happen that the password is cut off and not all asterisks are shown. The user can still enter any password, although the control does not show the right amount of characters entered. This is caused by a bug in the web control within the standard framework used by Sophos Mobile Control. 

Blocking of email access (DEF76982)

If several Android devices are registered for the same user in the Self Service Portal and email access is blocked for one of the devices, access is blocked for another device, not for the one intended. This problem is caused by limitations in the Android operating system.

Web Console may look corrupted in Internet Explorer

Internet Explorer may classify the Web Console as an intranet site. As a result, compatibility mode is activated by default which results in a corrupted view and erroneous behavior. This browser feature can be disabled in the Compatibility View Settings of Internet Explorer by unchecking “Display intranet sites in Compatibility View”.

Technical support

You can find technical support for Sophos products in any of these ways:

Legal notices

Copyright © 2015 Sophos Ltd. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos is a registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.