Skip navigation
Industry News

Duo Integrates With Sophos to Address BYOD Security


  • Duo and Sophos are working together to make it easier to gain visibility and control over personal vs. corporate devices, dramatically reducing the risk of BYOD.
  • Duo customers can now use Trusted Endpoints with Sophos Mobile as their endpoint management tool to identity managed devices.
  • This integration is available for customers using Duo Beyond and Sophos Mobile 8.

The rapid adoption of mobile devices and bring your own device (BYOD) initiatives in corporate environments has allowed employee productivity to flourish – it’s now possible to work from anywhere, anytime. But it has also introduced security complexities that organizations continue to struggle with, even with the adoption of traditional mobile device management (MDM) solutions.

When we talk with our customers, we frequently hear questions about how to design the ideal BYOD security program: “Should we be managing our employees’ personal devices? Should we require them to be enrolled in our corporate MDM? What applications should we make available to them on their personal devices? What applications should we restrict? How do we enforce this?” Every customer, no matter the size or industry, asks these questions.

Duo + Sophos

Today, we are excited to announce an integration with Sophos to help our mutual customers mitigate their BYOD security risks by making it easier to gain visibility and control over personal vs. corporate mobile devices.

You can now use the Trusted Endpoints feature in Duo Beyond to identify and differentiate iOS and Android devices managed by Sophos Mobile from other personal, unmanaged mobile devices. Duo is constantly increasing the coverage of device management tools you can use to identify your managed device fleet and incorporate this information into your access management decisions. Our new integration with Sophos Mobile is a major step in that direction.

How Does It Work?

The Trusted Endpoints feature, which allows you to differentiate between managed and unmanaged devices when enforcing access policies, is currently only available to Duo Beyond customers. You must also be on Sophos Mobile 8 to utilize this new integration.

You can configure the new Sophos Mobile integration from the ‘Trusted Endpoints Configuration’ Tab in the Duo Admin Panel. Click on ‘Add Integration’ and select ‘Sophos Mobile’ under the list of ‘Management Tools.’ Configuration instructions will be available for Android and iOS devices.

Sophos Mobile Integration in Trusted Endpoints

Once you are finished configuring the integration between Sophos Mobile and Duo, you can now create access policies based on the management status of any mobile device. Like any other policy, Trusted Endpoints policies can be configured at a global or application-specific level, for both laptops/desktops and mobile devices. We commonly find that customers will require highly-sensitive applications to be accessible from only corporate-managed devices, while lower-risk applications can be accessed from any device.

Sophos Mobile Integration Edit Policy

You can click here to see detailed instructions for configuring Trusted Endpoints with Sophos Mobile

You can click here to see how to configure access policies based on the management status of a device.

You can also learn more about our work with Sophos by: