General configuration (Android Sophos container policy)
With the General configuration you define settings that apply to all Sophos container apps, if applicable.
The Sophos container policy is only available for Sophos Central accounts created before October 1, 2022 and for accounts migrated from an on-premise installation of Sophos Mobile.
|Enable Sophos container password||Users must enter an additional password to be able to start a Sophos container app. |
The password has to be defined when the first container app is started after the configuration has been applied.
This password applies to all container apps.
|Password complexity||The required minimum complexity of the Sophos container password. More secure passwords are always allowed. Passwords (a mix of numeric and alphanumeric characters) are always seen as more secure than PINs (numeric characters only). |
|Always hide characters in password entry fields||Characters in password entry fields are not briefly displayed before they are masked.|
|Password age in days||The number of days that a password can be used before users are prompted to change it.|
|Failed logins until lock||The number of failed login attempts that are tolerated before the container apps are locked. Once they are locked an administrator needs to unlock the apps or, if allowed, users can unlock them in Sophos Central Self Service Portal.|
|Allow fingerprint||Users can use their fingerprint to unlock the app.|
|Grace period in minutes||The period of time within which no Sophos container password must be entered when a container app comes to the foreground again. |
The grace period applies to all container apps. You can switch between the apps during the grace period without entering a password.
|Lock on device lock||When the device is locked, the Sophos container is locked as well. |
If the check box is cleared, the container is locked only after the grace period has expired.
|Last server connect||The period of time within users can use a Sophos container app without a connection to the Sophos Mobile server. |
When a Sophos container app becomes active and does not have contact with the server within the defined period of time, a lock screen will be displayed. Users can only unlock the app by tapping Retry on the lock screen. The app will then try to connect to the server. If the connection can be established, the app will be unlocked. If not, access will be denied.
|Offline starts without server connection||In this field you define how often users can start one of the Sophos container apps without a server connection. |
This setting requires the Sophos container password feature to be turned on.
A counter is incremented whenever users enter the Sophos container password. If the counter exceeds the defined number, the same lock screen as for the Last server connect setting will be displayed. The counter will be reset if a connection to the Sophos Mobile server is established.
|Root access allowed||Container apps are allowed to run on rooted devices.|
App usage constraints
Here you can define constraints on using the Sophos container apps.
Click Add to enter constraints.
We recommend that you do not rely on Wi-Fi fencing as the only security mechanism because Wi-Fi names can be spoofed very easily.
|Geo-fencing||Lets you add latitude and longitude and a radius within which the Sophos container apps can be used.|
|Time-fencing||Lets you specify a start and end time within which the Sophos container apps can be used. Days of the week on which the apps can be used can be specified as well.|
|Wi-Fi fencing||If you select Wi-Fi connection required, the Sophos container is locked when there is no active Wi-Fi connection. |
If you add Wi-Fi networks to the list, the Sophos container is locked when the device is connected to a Wi-Fi network not listed.