Disclaimer: This information is posted as-is and the content should be referenced at your own risk.

This article provides details on how to integrate Sophos Intercept X for Mobile with Microsoft Intune. Details are also available in the Sophos Mobile admin guide at docs.sophos.com

The key steps involved are:

Bind Sophos Mobile with Microsoft Intune Confirm the connection in Microsoft Intune Deploy the Intercept X for Mobile app to managed devices through Microsoft Intune

Bind Sophos Mobile with Microsoft Intune

Log in to Sophos Central

Navigate to the Mobile section

Navigate to Setup> Sophos Setup

Open the Intune MTD tab and click 'Bind'

Click Yes and log into Microsoft Intune with your Azure administrator account and accept the permission request

In the Sophos Central console a message is displayed to confirm the necessary permissions have been granted. Select whether the devices will be corporate or personal devices, the device group they should be member of, and which policies the devices should receive. Click Save.

Confirm the connection in Microsoft Intune

Log in to Microsoft Azure and navigate to Intune

Click 'Device compliance'

Click 'Mobile Threat Defense'

The Sophos connection should already be listed (as a result of the previous steps taken)

Click on the Sophos connector and enable the Android and iOS platforms (first 2 radio buttons). Click Save and the connection status will change from Available to Enabled

Deploy Intercept X for Mobile to Intune managed devices

In this stage we will deploy the Intercept X for Mobile app to iOS and Android devices.

Nb It is also necessary for the Intune Company Portal app and Microsoft Authenticator app (on iOS) to be deployed to devices. The steps for deploying these apps are not shown here.

Log in to Microsoft Azure and navigate to Intune

Click 'Client apps'

Click 'Apps'

Deploying to iOS devices

First we will add the iOS Intercept X app. Click 'Add' and select 'iOS store app'

Click 'Search the App store' and locate the Intercept X for Mobile app. Click 'Select'

View the app details displayed and click Next.

Click Next in the The 'Scope tags' section (this section is optional)

Click 'Add group' and select the Azure groups that you want the Intercept X app to be deployed to.

Click Next and on the summary screen click Create. The Intercept X for Mobile app is now assigned to the iOS groups selected.

This Intercept X iOS app has now been deployed. Optionally, we can also choose to pass managed settings to the app to remove some steps for end users.

Navigate to Clients Apps> App configuration policies. Click 'Add' and select 'Managed Devices'

Give the policy a name, select iOS as the platform, and select Sophos Intercept X for Mobile as the targeted app

Choose 'configuration designer' from the dropdown. Entering the values shown below removes the need for end users to accept the EULA, and makes it easier for them to complete the app enrolment.

Click Next to move to the 'Assignments' page. Assign the policy to the required group of users.

Move to the 'Review + Create' page to complete and save the policy.

Deploying to Android devices

Return to the Client Apps> Apps section

Click Add

Select Managed Google Play app

Search the Play Store for Sophos Intercept X

Select Intercept X and approve the app. After approving the app return to the Intune Client Apps page.

The Intercept X app will now appear in the list of apps. Note that some information is synced from the Google Play Store so it can take a few minutes for the app to be shown.

Click on the Intercept X app and go to Properties> Assignments> Edit

Use the 'Add group' (or 'Add all users' or 'Add all devices') to deploy the Intercept X app to devices

Click 'Review + Save' to check the details, and click Save

The 'Device install status' tab shows the success of deployments

This Intercept X Android app has now been deployed. Optionally, we can also choose to pass managed settings to the app to remove some steps for end users.

Navigate to Clients Apps> App configuration policies. Click 'Add' and select 'Managed Devices'

Give the policy a name, select Android Enterprise as the platform, the profile type as Work and Device Owner, and select Sophos Intercept X for Mobile as the targeted app

Choose 'configuration designer' from the dropdown. Add the configuration keys as shown below. These values remove the need for end users to accept the EULA, and makes it easier for them to complete the app enrolment.

Click Next to move to the 'Assignments' page. Assign the policy to the required group of users.

Move to the 'Review + Create' page to complete and save the policy.

Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!