Zero trust not pushing profiles to devices
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 06:05 AM
Hello.
Maybe someone have solution for this.
We bought some time ago Lenovo K11 tablets and our reseller added them to our ZT account.
Now I wanted to enroll them, so I created everything in Sophos MDM and created config in ZT.
When I assigned profile to devices and did factory reset then nothing happens. Tablets don`t see any profiles and let me configure as a normal user. Tried on different networks, created new configs on ZT and on Sophos side and nothing.
In other post one user said that I should ask reseller to re-add devices to ZT but they can`t until next two weeks so I`m searching for another solution
Any tips fo me?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2024 11:01 PM
Take on e of your test-devices and remove the config for this device in your Zero-Touch (not Zero-Trust :D) Portal.
After that assign the configuration to this device again, wipe the device and start again.
You need also to ensure that the device can reach the relevant Google services so use an unrestricted Wifi or mobile data for the enrollment.
In general your reseller is your support contact for your ZT-Portal and you need to reach out to them in order to get it working!
But i want to mention something in addiotion you could try on your own (risk):
If this works you can export your devices from ZT, change the config column to 0 and read it into ZT-Portal.
After that doing the same again but with the profile ID to assign the profiles back to the devices.
_____________________________________________________________________________________
As a last thing you can try is as your devices enrolling like a consumer device, when asked for a Google account enter following instead (DPC identifier): afw#sophos
This will force the device to grab the sophos apk and device behavior like a managed device. You will be asked for something like an enrollment ID as soon as the sophos apk is installed and needs to be entered.
An alternative to this is using QR-enrollment (see the sophos enrollment documentation about how this is being created).
But all this last mentioned things (DPC identifier/ QR code) are just for verifying that the general enrollment works and test your configurations and so on from MDM side and doesn't solve your real issue regarding ZT detection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 01:02 AM
Of course Zero Touch not Zero trust 🙂 my bad. I`ve tried with unassigning and assigning configs.
I`ve tested it on several networks and always the same results. I have all of policies and everything on Sophos side created. With this afw#sophos, I`ve tried and device appeared in Sophos. When I used QR code user-less then it`s worked too. So all my configs on Sophos working fine I think but ZT don`t sending it to devices.
I`m gonna try this with csv and will see
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 02:20 AM
I'm pretty sure if the manual thing won't work, the csv won't make a difference so your reseller is 100% in charge to investigate (maybe with Google) why this happens and/or what's wrong here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 06:56 AM
So, manual export/import didn`t work. There was error when importing that number of columns are not the same. But there strange info before that. There was info that applying profile might take few days. Then error about columns.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 06:58 AM
And I`m gonna add that i`ve checked colums options and tried to change it but still the same
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2024 10:50 PM
I know about this "info message" but normally it took immediatelly place when i changed it on some less devices. Maybe this is different when done on a large number.
Your file should look like this:
"modemtype","modemid","serial","manufacturer","model","profiletype","profileid"
"IMEI","123456789012345","","Manufacturer","","ZERO_TOUCH","123456789"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2024 11:57 PM
Hello again. So idea with delete devices and add them back by reseller didn`t work. I`ve checked again all documentations from Sophos and Zero- touch and it still doeasn`t work. I think I`ve checked every option and still nothing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2024 01:31 AM
Again, in this case your reseller needs to get in touch with Google as they need to figure out whats going on wrong here. And that goes thru thepartner portal afaik.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2024 01:35 AM
Yes it does go through the partner portal. They're potentially uploading them incorrectly.
@Tomasz_T I may be able to help. Message me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2024 12:19 AM
Hello Jason.
Your solution helped. I wanted to ask about details but I can`t dm you anymore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2024 05:44 AM
Pick a contact method from here to reach me outside of the community. In short the issue you're facing is due to your reseller not correctly registering the devices.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2024 10:09 AM
@Tomasz_T did you get this sorted?
- Basic WiFi-profiles (configuration profiles) do not deploy into Device in Admin discussions
- Google workspace enrolled devices, enable applications in work profile in Admin discussions
- Multiple Work Profile in one Android device in Admin discussions
- [Resource guide] Android zero-touch enrollment for IT admins just starting out in Admin resources