Forum Discussion
Zero trust not pushing profiles to devices
Hello.
Maybe someone have solution for this.
We bought some time ago Lenovo K11 tablets and our reseller added them to our ZT account.
Now I wanted to enroll them, so I created everything in Sophos MDM and created config in ZT.
When I assigned profile to devices and did factory reset then nothing happens. Tablets don`t see any profiles and let me configure as a normal user. Tried on different networks, created new configs on ZT and on Sophos side and nothing.
In other post one user said that I should ask reseller to re-add devices to ZT but they can`t until next two weeks so I`m searching for another solution
Any tips fo me?
Take on e of your test-devices and remove the config for this device in your Zero-Touch (not Zero-Trust :D) Portal.
After that assign the configuration to this device again, wipe the device and start again.
You need also to ensure that the device can reach the relevant Google services so use an unrestricted Wifi or mobile data for the enrollment.
In general your reseller is your support contact for your ZT-Portal and you need to reach out to them in order to get it working!
But i want to mention something in addiotion you could try on your own (risk):
If this works you can export your devices from ZT, change the config column to 0 and read it into ZT-Portal.
After that doing the same again but with the profile ID to assign the profiles back to the devices.
_____________________________________________________________________________________
As a last thing you can try is as your devices enrolling like a consumer device, when asked for a Google account enter following instead (DPC identifier): afw#sophos
This will force the device to grab the sophos apk and device behavior like a managed device. You will be asked for something like an enrollment ID as soon as the sophos apk is installed and needs to be entered.
An alternative to this is using QR-enrollment (see the sophos enrollment documentation about how this is being created).
But all this last mentioned things (DPC identifier/ QR code) are just for verifying that the general enrollment works and test your configurations and so on from MDM side and doesn't solve your real issue regarding ZT detection.
Of course Zero Touch not Zero trust 🙂 my bad. I`ve tried with unassigning and assigning configs.
I`ve tested it on several networks and always the same results. I have all of policies and everything on Sophos side created. With this afw#sophos, I`ve tried and device appeared in Sophos. When I used QR code user-less then it`s worked too. So all my configs on Sophos working fine I think but ZT don`t sending it to devices.
I`m gonna try this with csv and will see
I'm pretty sure if the manual thing won't work, the csv won't make a difference so your reseller is 100% in charge to investigate (maybe with Google) why this happens and/or what's wrong here.
Hello again. So idea with delete devices and add them back by reseller didn`t work. I`ve checked again all documentations from Sophos and Zero- touch and it still doeasn`t work. I think I`ve checked every option and still nothing.
Again, in this case your reseller needs to get in touch with Google as they need to figure out whats going on wrong here. And that goes thru thepartner portal afaik.
Yes it does go through the partner portal. They're potentially uploading them incorrectly.
Tomasz_T I may be able to help. Message me.
Hello Jason.
Your solution helped. I wanted to ask about details but I can`t dm you anymore
Pick a contact method from here to reach me outside of the community. In short the issue you're facing is due to your reseller not correctly registering the devices.
Tomasz_T did you get this sorted?
