DLP content control list data inventory.
Add the ability to schedule or kick-off a full scan for files on the filesystem that match content control lists. This will allow users to discover where files which contain sensitive data on their servers may be located and alert if future files show up in places where they should not be.

Belgee diamonds Pvt.LTD is popularly known as "Belgee Jewellers", is one of the most prominent jewelers of New Delhi. Starting from the start, our story began in 2006 as a small retail outlet of certified Belgium cut solitaires, hallmarked & certified diamond jewelry in Delhi NCR. We Deal in the Most Beautiful Belgium cut diamonds & believe that customer satisfaction is our priority.
https://www.belgeediamonds.com/

We use MS Office Data Classification Labels. It would be great if we could set certain labels to be Alerted or Blocked.

Please Enable Sophos to exclude iSCSI storage from encryption.
The only option at the moment is to only encrypt the boot volume, however when running multiple local disks and also iSCSI/San storage we need the option to encrypt all local volumes except shared storage

Data Loss Prevention should be able to allow or block a file with specific extensions downloaded from particular Whitelisted URL in a browser.
The same file can only be uploaded to that specific Whitelisted URL in a browser but should be blocked on other URLs in browser.

We have created in our policy below sections,

1. Enabled Require startup authentication
2. Enabled new authentication password/pin from users after 3 months

By creating we have seen users are just postponing the new authentication and we are getting this alerts after 5 times postponed by user which is a big thing to troubleshoot.

If we can disable the postponed tab in the dailouge box poped out automatically from sophos we can reduce this unnecessary alerts.

And we have 1000 users environment enrolled which is very much difficult to maintain and we need to enforce our policy mentioned above.

İt should be possible to view data loss prevention events logs for 1 year or more with policy. It can be viewed last 90 days for now. It is not enough. If it increases , it will make it useful.

We need more event logging information to show the user's file operation details associated with a peripheral. This is very very useful for generating data leakage evidence reports.

Sophos EPP currently do not control the user when logged in Safe Mode, which can be threatening to the data security on both Client & Server side.

Sophos must figure out, to prompt Tamper Protection Password immediately after Safe Mode Login by the User. Only after validating Tamper Protection Password, User would be able to use the Computer.

This Tamper Protection Password prompt must be User role managed.

I got a lot of requests that Sophos should has this feature.

while creating the password-protected file, Sophos should have the ability to set the expiry date in order to protect the file that sending out of the office.

In addition to the Outlook add-in "Always ask how to proceed with attached file" policy exclusion list, I'd like to see an inclusion list. For most of our clients, we handle data that doesn't need to be secured. There are a few domains for financial institutions and other organizations where we do tend to handle more sensitive data for. I'd love to have "always ask" on for just those domains we need to be more secure with.

Can we include restricting and monitoring data movement between RDP connections and local system using DLP

Per support it is apparently a bug to run Sophos encryption with DLP at this time:

https://community.sophos.com/kb/en-us/120861

We have rolled out encryption in phase one and was intending to implement DLP in phase two. All attempts to use DLP in our pilot program leads to everything being blocked due to encryption.

This post is to simply track the progress of the bug fix release to allow both solutions to work together.

once uninstalled, SGN does not restore the functionality that was initially activated on the workstation (nor even warns the admin that the workstation will not be returned to its initial state): FastUserSwithing no longer works

Unfortunately, there is currently no way to automatically authorize company notebooks if they are on the company network. No matter whether with or without TPM.
Furthermore, there is no way to assign the encryption password Central, so that not every user can enter their own.
Unfortunately, there is also no way to create central sticks that are required for encryption.
Windows offers these options with Bitlocker, but it is not yet centrally supported by Sophos Device Encryption.

It would be great if DLP could scan the clipboard, and in and outbound email for text matching the bank details profile.

At the moment it only scans files containing card data, I would like to see it cover a more broad number of scenarios.

We have found that users would be more likely to write or copy card details into the body of an email, then they are to go to the lengths of creating a file, adding the details, saving the file, and emailing it.

Thanks