Skip to main content
T
Tomasz_T
Level 1.6: Donut
August 28, 2024
Question

Zero trust not pushing profiles to devices

  • August 28, 2024
  • 4 replies
  • 1 view

Hello.

 

Maybe someone have solution for this.

We bought some time ago Lenovo K11 tablets and our reseller added them to our ZT account.

Now I wanted to enroll them, so I created everything in Sophos MDM and created config in ZT.

When I assigned profile to devices and did factory reset then nothing happens. Tablets don`t see any profiles and let me configure as a normal user. Tried on different networks, created new configs on ZT and on Sophos side and nothing.

 

In other post one user said that I should ask reseller to re-add devices to ZT but they can`t until next two weeks so I`m searching for another solution

 

Any tips fo me?

    4 replies

    Moombas
    Moombas
    Level 4.4: KitKat
    August 29, 2024

    Take on e of your test-devices and remove the config for this device in your Zero-Touch (not Zero-Trust :D) Portal.

    After that assign the configuration to this device again, wipe the device and start again.

     

    You need also to ensure that the device can reach the relevant Google services so use an unrestricted Wifi or mobile data for the enrollment.

     

    In general your reseller is your support contact for your ZT-Portal and you need to reach out to them in order to get it working!

    But i want to mention something in addiotion you could try on your own (risk):

     

    If this works you can export your devices from ZT, change the config column to 0 and read it into ZT-Portal.

    After that doing the same again but with the profile ID to assign the profiles back to the devices.

     

    _____________________________________________________________________________________

     

    As a last thing you can try is as your devices enrolling like a consumer device, when asked for a Google account enter following instead (DPC identifier): afw#sophos

    This will force the device to grab the sophos apk and device behavior like a managed device. You will be asked for something like an enrollment ID as soon as the sophos apk is installed  and needs to be entered.

    An alternative to this is using QR-enrollment (see the sophos enrollment documentation about how this is being created).

    But all this last mentioned things (DPC identifier/ QR code) are just for verifying that the general enrollment works and test your  configurations and so on from MDM side and doesn't solve your real issue regarding ZT detection.

    T
    Tomasz_TAuthor
    Level 1.6: Donut
    August 29, 2024

    Of course Zero Touch not Zero trust 🙂 my bad. I`ve tried with unassigning and assigning configs.

    I`ve tested it on several networks and always the same results. I have all of policies and everything on Sophos side created. With this afw#sophos, I`ve tried and device appeared in Sophos. When I used QR code user-less then it`s worked too. So all my configs on Sophos working fine I think but ZT don`t sending it to devices.

    I`m gonna try this with csv and will see

     

    Moombas
    Moombas
    Level 4.4: KitKat
    August 29, 2024

    I'm pretty sure if the manual thing won't work, the csv won't make a difference so your reseller is 100% in charge to investigate (maybe with Google) why this happens and/or what's wrong here.

    T
    Tomasz_TAuthor
    Level 1.6: Donut
    September 5, 2024

    Hello again. So idea with delete devices and add them back by reseller didn`t work. I`ve checked again all documentations from Sophos and Zero- touch and it still doeasn`t work. I think I`ve checked every option and still nothing.

    Moombas
    Moombas
    Level 4.4: KitKat
    September 5, 2024

    Again, in this case your reseller needs to get in touch with Google as they need to figure out whats going on wrong here. And that goes thru thepartner portal afaik.

    J
    jasonbayton
    Level: 4.1: Jelly bean
    September 5, 2024

    Yes it does go through the partner portal. They're potentially uploading them incorrectly. 

     

    @Tomasz_T I may be able to help. Message me.

     

     

      T
      Tomasz_TAuthor
      Level 1.6: Donut
      September 10, 2024

      Hello Jason.

       

      Your solution helped. I wanted to ask about details but I can`t dm you anymore

      J
      jasonbayton
      Level: 4.1: Jelly bean
      September 10, 2024

      Pick a contact method from here to reach me outside of the community. In short the issue you're facing is due to your reseller not correctly registering the devices.

      J
      jasonbayton
      Level: 4.1: Jelly bean
      September 18, 2024

      @Tomasz_T did you get this sorted?

      Terms & ConditionsCookie settingsAccessibility statement