Skip to content

General configuration (iOS Sophos container policy)

With the General configuration you define settings that apply to all Sophos container apps, if applicable.


The Sophos container policy is only available for Sophos Central accounts created before October 1, 2022 and for accounts migrated from an on-premise installation of Sophos Mobile.

Setting Description
Enable Sophos container password Users must enter an additional password to be able to start a Sophos container app.

The password has to be defined when the first container app is started after the configuration has been applied.

This password applies to all container apps.

Password complexity The required minimum complexity of the Sophos container password. More secure passwords are always allowed. Passwords (a mix of numeric and alphanumeric characters) are always seen as more secure than PINs (numeric characters only).
  • Any: Sophos container passwords do not have restrictions.
  • 4 digit PIN
  • 6 digit PIN
  • 4 char password
  • 6 char password
  • 8 char password
  • 10 char password
Always hide characters in password entry fields Characters in password entry fields are not briefly displayed before they are masked.
Password age in days The number of days that a password can be used before users are prompted to change it.
Failed logins until lock The number of failed login attempts that are tolerated before the container apps are locked. Once they are locked an administrator needs to unlock the apps or, if allowed, users can unlock them in Sophos Central Self Service Portal.
Allow fingerprint Users can use their fingerprint to unlock the app.
Grace period in minutes The period of time within which no Sophos container password must be entered when a container app comes to the foreground again.

The grace period applies to all container apps. You can switch between the apps during the grace period without entering a password.

Last server connect The period of time within users can use a Sophos container app without a connection to the Sophos Mobile server.

When a Sophos container app becomes active and does not have contact with the server within the defined period of time, a lock screen will be displayed. Users can only unlock the app by tapping Retry on the lock screen. The app will then try to connect to the server. If the connection can be established, the app will be unlocked. If not, access will be denied.

  • On access: Server connection is always required and the app is locked when the server cannot be reached.
  • 1 hour: Server connection is required when the app becomes active one hour or more after the last successful server connection.
  • 3 hours
  • 6 hours
  • 12 hours
  • 1 day
  • 3 days
  • None: No regular contact is required.
Offline starts without server connection In this field you define how often users can start one of the Sophos container apps without a server connection.

This setting requires the Sophos container password feature to be turned on.

A counter is incremented whenever users enter the Sophos container password. If the counter exceeds the defined number, the same lock screen as for the Last server connect setting will be displayed. The counter will be reset if a connection to the Sophos Mobile server is established.

  • Unlimited: No server connection is required.
  • 0: Starting the app without a server connection is not possible.
  • 1: After one start of the app, a successful server connection is necessary.
  • 3
  • 5
  • 10
  • 20
Jailbreak allowed Container apps are allowed to run on jailbroken devices.

App usage constraints

Here you can define constraints on using the Sophos container apps.

Click Add to enter constraints.


We recommend that you do not rely on Wi-Fi fencing as the only security mechanism because Wi-Fi names can be spoofed very easily.

Setting Description
Geo-fencing Lets you add latitude and longitude and a radius within which the Sophos container apps can be used.
Time-fencing Lets you specify a start and end time within which the Sophos container apps can be used. Days of the week on which the apps can be used can be specified as well.
Wi-Fi fencing If you select Wi-Fi connection required, the Sophos container is locked when there is no active Wi-Fi connection.

If you add Wi-Fi networks to the list, the Sophos container is locked when the device is connected to a Wi-Fi network not listed.