Home » Blog » Sophos Central » Sophos Mobile 9.5 – web filtering for Chromebooks and more.
Sophos Central Mobile 9.5

Sophos Mobile 9.5 – web filtering for Chromebooks and more.

Sophos has unveiled the new version 9.5 of Sophos Mobile, with Chrome OS supported as a new platform for the first time. In addition, device management for Android Enterprise has been further enhanced and the name Intercept X is making its way into Sophos mobile apps.

Info: Version 9.5 is already available for the on Premises variant, but all Central customers will have to wait a bit longer. Originally, the date for the global update was said to be December 9, but I’ve heard it could even be rolled out as late as January 2020.

WCAG 2.1 compliant

Although fortunately not much has changed in terms of structure in Sophos Mobile, the user interface has been made WCAG 2.1 compliant. This means that people with a visual impairment in particular can now operate the software much better. Sophos Mobile 9.5 has been tested for accessibility and can now be operated with so-called screen readers without any problems.

Chromebook Security Management

With version 9.5, Sophos Mobile now supports the Chrome OS platform. For the management of such devices, Sophos has focused first on security management rather than Chromebook management. To manage multiple Chromebooks, Google already offers a solution with G Suite. The use of this “G Suite” is even free for all customers in the education sector, which is why Chromebooks are especially popular with schools. For the corporate environment, on the other hand, you have to buy a license.

So because Google already provides a solution for managing Chromebooks, Sophos wanted to first address a feature that has been missing, web filtering.

The “G Suite” also provides APIs, which makes a later integration of a “Chromebook Management” in Sophos Mobile seem very realistic.

To add Sophos Mobile web filtering to your Chromebook, you need the Sophos Chrome Security Extension, which you can download from the Chrome Web Store. Once the Chromebook has been successfully added to Sophos Mobile, you will have the usual 14 web filter categories available in the policies, for which you can of course also create a whitelist or blacklist.

Anyone who uses a Sophos Firewall with Sophos Central knows the problem that the web filtering settings on the firewall are not synchronized with the settings on the Central endpoint. Those who want to protect their computers or mobile devices outside the network must additionally configure web filtering for each platform. However, Sophos is apparently working on making it possible to transfer firewall rules to computers, Chromebooks and mobile devices in the future. 🥳

In addition to the web filtering, there are also a few compliance rules to check that Chromebooks are also adhering to corporate policies. The built-in “Tamper Protection” should certainly be emphasized here. Chrome extensions are technically written in JavaScript and are not clearly isolated from each other. So you could theoretically write an extension that disables the “Sophos Chrome Security” extension. This is exactly why there is this “Tamper Protection”, which regularly checks on the Chromebook whether the security extension from Sophos still has the necessary accesses. With another rule you can also define, for example, which extensions may be installed or which are not allowed. However, you can also set up a policy that only extensions that come from the Google Play Store are allowed.

Android Enterprise – QR Code Enrollment

For those of you running Android Enterprise, there is a new variation on how you can distribute Android devices. The new method is called QR Code Enrollment and is specifically for “Fully Managed Devices”. To use this variant, create a QR code in Sophos Mobile. However, this is then no longer valid for a specific device or user, but can be used for any new device.

QR code enrollment is very convenient and, compared to “zero-touch enrollment”, offers the option of integrating the WLAN settings right away. This means that the user does not have to ask for the WLAN password afterwards and enter it manually. To use QR Code Enrollment, all you need is an Android smartphone with a camera, and you don’t have to worry about special hardware like you do with Zero-Touch Enrollment.

Once you have configured such a QR code, you can print it out, for example, and use it to make the workflow for rolling out new devices very efficient. In the future, all you have to do is take the new Android smartphone out of the box, turn it on, and scan the QR code. After that, the device configures itself completely and the user who gets this smartphone only has to enter his username and password. You are almost creating an autonomous process, which can theoretically be initiated by the employee himself. After all, you can copy this QR code into an email and send it out directly to employees with a little instruction. Unpacking a new device and scanning the QR code is so easy that no trained mobile administrator is needed here.

Android Enterprise – App Management

If you want to add new apps from the Google Play Store to your allowed catalog, you can do this comfortably via an iFrame in version 9.5. Previously, this step was solved relatively laboriously and these settings had to be made via “Google Play for Work”. You can now also add your own APKs, which were developed specifically for your own company, via this iFrame. In addition to apps from the Play Store or your own APKs, “web apps” can now also be added to the catalog. So if you want to place shortcuts to a specific website on your employees’ Android homescreen in the future, this is now possible as well.

Intercept X for Mobile

Intercept X for Mobile is not a new app from Sophos, but a renaming of the previous “Sophos Mobile Security” app. Sophos wants to unify all endpoint protection solutions under the name “Intercept X,” whether they run on a Windows computer, Mac, server or mobile device.

In addition to the new name, however, a complete rebranding has also taken place. The user interface of the app has been comprehensively redesigned and in the course of this, a new common software style has also been developed. In the future, this new design will also be used on all Sophos agents on the various platforms.

Like the user interface of Sophos Mobile 9.5, the design of the new Intercept X for Mobile app was made to comply with WCAG usability guidelines. So also this app can now be operated without any problems by people who can’t see so well. Sophos has also updated its malware detection, which is only available for Android devices. The signature-based engine was revised and new machine learning models were implemented.

Sophos Secure Email enhancements

The “Sophos Secure Email App” has also received a small update:

  • iOS & Android: Favorite folders – Up to 10 folders are synced automatically.
  • iOS: Contacts can now be saved as favorites.
  • iOS: Calendar entries can now be forwarded
  • iOS: Documents captured with the camera can be attached to an email.

Other innovations

I have not gone into detail about every feature in this blog post now. In the following list you will find the rest of the new features, which do not require much explanation:

  • Added support for Android 10
  • Added support for iOS 13
  • Added support for macOS 10.15
  • Windows Server 2019 added as Certification Authority Server
  • Support for Samsung OEM Config
  • New report: Locate multiple devices, e.g. kiosk devices
  • The log level can now be set remotely
  • The log files can now be pulled remotely from the device

Removed features in Mobile 9.5

Last but not least, we have to announce that three systems are no longer supported in the new mobile version. For Windows Phone 8.1, however, the decision was not Sophos’. Here it is Microsoft that is gradually discontinuing support for this operating system:

  • Management Support for Android Things and Win 10 IoT
  • Support for Windows Phone 8.1 (devices remain visible)
Shopping Cart
Scroll to Top