Sophos Mobile Control Architect (MOBA)

This course provides an in-depth study of Sophos Mobile Control, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. The course is intended to be delivered in a classroom setting, and consists of presentations and practical lab exercises to reinforce the taught content. Printed copies of the supporting documents for the course will be provided to each trainee. Due to the nature of delivery, and the varying experiences of the trainees, open discussion is encouraged during the training.



On completion of this course, trainees will be able to:

  • Understand the components of Sophos Mobile Control (SMC) and how to configure them.
  • Architect a solution for a customer’s environment and needs.
  • Implement proof of concept (PoC) deployments with SMC.
  • Configure the components of SMC according to best practice.
  • Perform basic troubleshooting.

Target audience

This course is designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for indivudials wishing to obtain the Sophos Mobile Control Certified Architect certification.


Prior to taking this training you should:

  • Have completed and passed the Sophos Mobile Control – Certified Engineer course
  • Be able to setup a Windows Active Directory environment with servers and workstations.
  • Have experience of Windows networking and the ability to troubleshoot issues.
  • Understand the principles of DMZs, proxies and reverse proxies.
  • Have experience using Microsoft SQL Server and Microsoft Exchange Server.
  • Have experience with webservers or other web facing infrastructure.
  • Be familiar with iOS, Android and Windows Phone 8 mobile devices.


To achieve the Sophos Certified Architect certification in Mobile Control trainees must take and pass an online assessment. The assessment tests their knowledge of both the taught and practical content. The pass mark for the assessment is 80%, and it may be taken a maximum of three times.


2 days

Course Modules

Module 1: Solution overview and architecture

  • Solution overview
  • Architecture
  • Ports and protocols
  • Public Key pinning
  • SCEP
  • High availability
  • Sizing
  • On premise vs. SMCaaS
  • SaaS
  • Sophos SMCaaS architecture

Module 2: Installation

  • Support devices
  • Server requirements
  • SSL certificate
  • APNS certificate
  • Pre-installation checks
  • Installation
  • Post-installation configuration
  • Creating a customer
  • Administrator roles
  • APNs certificates
  • Cluster configuration
  • Troubleshooting

Module 3: Customer configuration

  • Customers overview
  • Super admin customer configuration
  • Configuration inheritance
  • Customer configuration
  • SCEP
  • Client configuration
  • User specific settings
  • Device configuration
  • Applications
  • Profiles
  • Policies
  • Task bundles
  • Device management
  • Compliance rules
  • Unenrolling and deleting devices
  • Troubleshooting

Module 4: Device configuration and management

  • Container security
  • Email
  • Documents
  • Document encryption
  • Browser

Module 5: Sophos Mobile Security

  • Sophos Mobile Security overview
  • Scanner
  • App reputation
  • App Protection
  • App Protection vs App Control
  • Sophos Mobile Security Guard
  • Management
  • Troubleshooting

Module 6: Samsung KNOX

  • Overview
  • Licensing
  • Profiles
  • Restrictions
  • Premium restrictions
  • Apps
  • Task bundle actions
  • Compliance
  • Device experience

Module 7: EAS-Proxy

  • Overview
  • Lotus Notes Traveler
  • Deployment scenarios
  • High availability
  • Certificate based authentication
  • Installation
  • Logs
  • Troubleshooting

Module 8: Network access control

  • Network access control overview
  • Sophos UITM
  • Troubleshooting

Module 9: Server maintenance

  • Daily maintenance
  • Software upgrade
  • License upgrade
  • Renewing an APNs certificate
  • Backup and restore
  • Changing server name