AEDO enrollment and management in an offline/firewalled environment.
Very likely impossible for 100% offline server.
Though I haven't performed a thorough test, I believe it should be possible for normally offline server that can at least be temporarily online (for a few minutes say per device) with firewall allowing communication with Google server during device enrollment, MGA account creation, etc. Some policies (e.g. feature control) are quite static , especially for COSU use cases, and can have policies deployed right after device enrollment and enforced by device agent for months without needing the server online. Dynamically managing policies, especially those related to app deployment from Managed Google Play store, likely becomes very limited or even impossible when the server resumes its normally offline state.
Also, if Mobicontrol needs Firebase Cloud Messaging (FCM) to deploy some policies or device actions, then I believe maybe contolability can remain quite good if the server firewall can allow exception for FCM related traffic to Google's servers rather than enforcing a totally offline server.
Hopefully, experts from Soti in the know of their actual implementation can clarify whether my guesses above are correct or not.
I am not 100% sure the followings, please test and confirm with SOTI.
From what i understand, Google play services are not compulsory for SOTI Android Enterprise agent enrollment.
For example, there is no Google services in China, but the Chinese companies are still able to manage the AEDO devices via SOTI.
The devices enrolled to SOTI via NFC will try to download the agent from Google Play store.
The devices enrolled to SOTI via QRcode will try to download the agent directly from SOTI OEM page.
There is a chance that you can manage the devices via Android Enterprise agent without the Google Play service connection.
Instead of opening the connections to all the google services, all you need to do is open the connection to SOTI OEM page.
Hope this information helps.