Sophos Mobile 9.5 - Web Filtering for Chromebooks and more
Sophos Central

Sophos Mobile 9.5 - Web Filtering for Chromebooks and more

David - December 4, 2019

Sophos has introduced the new version 9.5 of Sophos Mobile, which for the first time supports Chrome OS as a new platform. In addition, device management for Android Enterprise has been further improved and the name Intercept X is entering Sophos mobile apps.

Info: Version 9.5 is already available for the on Premises version, but all Central customers will need to be patient. The original date for the global update was 9 December, but I have heard that it may not be rolled out until January 2020.

WCAG 2.1 compliant

Although the structure of Sophos Mobile has fortunately not changed much, the user interface has been made WCAG 2.1 ready. This means that people with visual impairments in particular can now use the software much better. Sophos Mobile 9.5 has been tested for accessibility and can now be used with screen readers.

Chromebook Security Management

With version 9.5, Sophos Mobile now also supports the Chrome OS platform. To manage such devices, Sophos has first focused on Security Management rather than Chromebook Management. To manage multiple Chromebooks, Google already offers a solution through the G Suite. The use of the "G Suite " is even free of charge for all customers in the education sector, which is why Chromebooks are very popular at schools. For the corporate environment, on the other hand, you have to buy a license.

So because Google already has a solution for managing Chromebooks, Sophos wanted to start with a feature that had been lacking until now, namely web filtering.

The "G Suite" also provides APIs, which makes a later integration of a "Chromebook Management" into Sophos Mobile very likely.

To equip your Chromebook with Sophos Mobile web filtering, you will need the Sophos Chrome Security extension, which you can download from the Chrome Web Store. Once the Chromebook has been successfully added to Sophos Mobile, you will be able to use the familiar 14 web filter categories in the policies, which you can of course also create a white or black list for.

If you are using a Sophos Firewall with Sophos Central, you know the problem that the web filter settings on the Firewall are not synchronized with the settings on the central endpoint. If you want to protect your computers or mobile devices outside the network, you will also need to configure web filtering for each platform. However, Sophos appears to be working to ensure that firewall rules can be applied to computers, chromebooks and mobile devices in the future. 🥳

In addition to web filtering, there are also a few compliance rules to check that Chromebooks follow corporate policies. The built-in "Tamper Protection" should certainly be highlighted here. Chrome extensions are technically written in JavaScript and are not clearly isolated from each other. So you could theoretically write an extension to disable the Sophos Chrome Security extension. This is exactly why there is this "Tamper Protection", which regularly checks on the Chromebook whether the "Security Extension" from Sophos still has the necessary accesses. You can also use another rule, for example, to specify which extensions may or may not be installed. Or you can set up a policy that restricts extensions except those that come from the Google Play Store.

Android Enterprise – QR-Code Enrollment

For everyone who uses Android Enterprise, there is a new way to distribute Android devices. The new method is called QR Code Enrollment and is specially designed for Fully Managed Devices. To use this variant, create a QR code in Sophos Mobile. This code will no longer apply to a specific device or user, but can be used for any new device.

The QR code enrollment is very convenient and offers the possibility to integrate the WLAN settings directly compared to the "Zero-Touch Enrollment". This means that the user does not have to ask for the WLAN password afterwards and enter it manually. In order to use the QR code enrollment, you only need an Android smartphone with a camera and do not have to pay attention to special hardware, as with zero-touch enrollment.

If you have now configured such a QR code, you can print it out, for example, and make the workflow for rolling out new devices very efficient. All you have to do in the future is take the new Android smartphone out of the box, turn it on and scan the QR code. After that the device will configure itself completely and the user who gets this smartphone only has to enter his username and password. This almost creates an autonomous process that can theoretically be initiated by the employee himself. This QR code can also be copied into an email and sent directly to the employees with a little instruction. Unpacking a new device and scanning the QR code is so easy that no trained mobile administrator is needed.

Android Enterprise – App Management

If you want to add new apps from the Google Play Store to your allowed catalog, version 9.5 allows you to do this conveniently via an iFrame. Previously, this step was relatively laborious and these settings had to be done via "Google Play for Work". You can also use this iFrame to add your own APKs, which were developed especially for your own company. In addition to apps from the Play Store or own APKs, "Web Apps" can now also be added to the catalog. If you want to place links to a certain website on the Android home screen of your employees in the future, this is now also possible.

Intercept X for Mobile

Intercept X for Mobile is not a new app from Sophos, but a renaming of the previous "Sophos Mobile Security" app. Sophos wants to bring together under the name "Intercept X" all endpoint protection solutions, whether they run on a Windows computer, Mac, server or mobile device.

In addition to the new name, a complete rebranding has also taken place. The user interface of the app has been redesigned and a new common software style has been developed. This new design will then be applied to all Sophos agents on the various platforms in the future.

Like the Sophos Mobile 9.5 user interface, the new Intercept X for Mobile app has been designed to comply with WCAG usability guidelines. So this app can now also be used by people who can't see so well. Sophos has also updated its malware detection, which is only available for Android devices. Both the signature-based engine and new machine learning models have been updated.

Sophos Secure Email improvements

The Sophos Secure Email App has also received a small update:

  • iOS & Android: Favorite Folders - Up to 10 folders are automatically synchronized.
  • iOS: Contacts can now be saved as Favorites.
  • iOS: Calendar entries can now be forwarded.
  • iOS: Documents recorded with the camera can be attached to an email.

Further innovations

I didn't go into every feature in detail in this blog post. In the following list you'll find the remaining new features that don't need much explanation:

  • added support for Android 10
  • added support for iOS 13
  • added support for macOS 10.15**.
  • added Windows Server 2019** as Certification Authority Server
  • support for Samsung OEM Config
  • new report: Localize multiple devices, e.g. kiosk devices
  • the log level can now be set remotely
  • log files can now be remotely pulled from the device

Removed Functionality in Mobile 9.5

Last but not least, there are three systems that are no longer supported in the new mobile version. For Windows Phone 8.1, however, the decision was not made by Sophos. It is Microsoft who is gradually phasing out support for this operating system:

  • Management support for Android Things and Win 10 IoT
  • Support for Windows Phone 8.1 (devices remain visible)

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.