Sophos Mobile Means

Enterprise Mobility
Management
Manage in Sophos Central
• Sophos MDM is for you to securely manage your work files and
business email, and isolate them from your personal data. Also,
provides you mobile endpoint security to keep your personal data
safe and defend against malware.
• Will have total 4 apps installed on your devices as below after
complete the enrolment.
• 1. Sophos Mobile Control
helps to keep corporate data safe by managing apps and security settings. Always sync with web console, grab and applying company
policies for all the Sophos apps.

• 2. Sophos Intercept X
provides device, network, and app security without compromising performance or battery life. Offers antivirus and ransomware
protection together with potentially unwanted app detection, Man-in-the-Middle threat detection, web protection, web filtering for
unwanted content, and much more.

• 3. Sophos Secure Workspace – EOL early December 2023

a containerized mobile content management app that provides a secure way to manage, distribute, and edit business documents and
view web content. Edit Office format documents without leaving the container environment to ensure encrypted content remains
secure.

• 4. Sophos Secure Email – EOL early December 2023

a fully-featured, secure, and containerized personal information management (PIM) app that lets you isolate information like business
email, calendars, and contacts from private data on the mobile device.
IOS Android

• SOPHOS Control • SOPHOS Control

• SOPHOS Intercept X • SOPHOS Intercept X
• Cloud Storage (Apple ID under Takaful ABM -5GB ) • My File ( Phone Storage - Work Profile Container )
• IOS Native Mail • Gmail (Work Profile Container)
Current setup of mail flow from Sophos MDM
managed device to access their email.
HTTPS

Sophos Mobile Central

Sophos MDM Managed

devices IOS / Android

MDM traffic:
Central.sophos.com
ActiveSync traffic :
Webmail.takaful-malaysia.com.my
Active Sync Server
EAS proxy with Sophos Mobile

For the phone to receive the

policy (including email
settings)
Sophos Mobile Central
Https

Sophos MDM
IOS /Android

Https Https

EAS Proxy Proxy Active Sync Server

Internet MDM Traffic: * open mobile device family IOS /
Central.sophos Android for allow email from EAS
ActiveSync traffic Proxy
EAS proxy needs to be public
facing to allow email access
Easproxy.takaful.com:443
from external (using
easproxy.takaful.com
Prerequisites to setup an EAS Proxy
• Minimum requirement 1 CPU and 2GB of memory
• Supported mail server version: Microsoft Exchange 2016/2019, Microsoft 365,
IBM Traveler 9.0, Zimbra 8.0
• EAS proxy needs to be public facing to allow email access from external (using
easproxy.takaful.com as example in diagram)
Ports to allow: 443
• IP of Exchange/Active Sync server for later setup in EAS proxy
• Exchange/Active Sync accessible by EAS proxy on port 80 or 443
• EAS proxy needs to have internet access to the following domains. Domains and
ports to allow - Sophos Central Admin
• Allow IP/URL of EAS proxy with IIS for the routed email traffic on Exchange/Active
Sync server. Sophos Mobile: Restrict Exchange ActiveSync access to only allow
SMC-managed devices
EAS Proxy Configuration
Exchange Configuration
END