It is a SGN MC recovery feature and should also be available via Webhelpdesk.

The SGMTrace-Logging could be "acitivated" and "deactivated" (= changing Minimumtracelevel from 5a to 0 and back) via buttons in the about-box of SGN.

Please move the recovery button a bit further from the OK button. UX principles would suggest that such a radically different function should not be close enough to the OK button such that an accidental click renders the system in a temporarily unusable state. OK/Clear/Recovery/Restart or something like that would be better to give a buffer for those of us with fat fingers and itchy mouse triggers.

When a network user logon to a computer with SGN installed and the user´s password is expired, SGN requests a password change.

SGN must have a way to disable this feature, preventing request a new password to network users when company uses a external Password Manager.

Allow SafeGuard Enterprise to use credential providers for Third-party password filter software.

Currently in Safeguard Management Center there are options available to change the background and logon image used at the POA, but no options to change the Windows account picture to say something more personalised for a company for example and it the program overrides whatever Windows 7 has it currently set to. It would be a nice touch if it was possible to have this ability added into Safeguard in some way, if possible please.

Would like to be able to use the Microsoft Hello feature with windows 10.

SGN should support Groups with AD-objects from different Domains within a Tree (e.g. Groups with members from userdomainA.company.net and userdomainB.company.net)

Sophos Enterprise client should display client agent status regards to the disk encryption status. End user should be able to confirm endpoint encryption status.
I’m fully aware about the SGNState tool.

Thank you.

The Safeguard Policy “access denied if no connection to server (days) (0=no check)” ability to get the same policy control preventing access on machine encrypted with BitLocker client being managed by Safeguard Enterprise

The POA screen needs to be improved in V8 to fully support tokens (2 factor) and other usb devices.

According to articale 123749:
USB devices such as smart cards, tokens, and possibly some external human interface devices (HIDs) do not work on SafeGuard Device Encryption POA. These devices interact with the Extensible Host Controller Interface (XHCI), which is not planned to be supported by Sophos SafeGuard Device Encryption.

This is simply unacceptable as bitlocker does not support hardware 2 factor either. This needs to be revisited.

The Message to enter the old password (usually after resetting the PW by an AD-Admin) often confuses users and admins. The procedure is completly described in KBA 112239, but has to be delivered by the support.

The message could be improved by directly mentioning or referring to KBA 112239. This could help admins and users to find the solution without calling any support

On-premise SafeGuard Enterprise customers have been requesting the ability to remotely trigger a PIN reset for specific machines.

A context menu item via right-clicking a Machine Object in the Management Center triggering a PIN reset the next time the SafeGuard client syncs would be the best implementation for this feature.

Provide support for Smartcards that are mapped to multiple accounts.

https://blogs.technet.microsoft.com/askds/2009/08/10/mapping-one-smartcard-certificate-to-multiple-accounts/

Because as IT-Guy i dont want 2 cards ... one for my daily work and on for my administrative work. With the Windows Credential Providers this works like a charme

Implement Windows 10 POA with Smartcards like in Windows 7. Only the BitLocker PIN is not Enterprise ready in my humble opinion..

We need more logging for activities within the console and in the web help desk. It is ludicrous that this has to be requested.

Need a log event for when a machine's computer key is recovered. This is a must have as this is needed to maintain non-repudiation. this is Security 101 here guys.

Safeguard 8 Managed Client Enhancement request for SafeGuard to disallow “suspension” of BitLocker on client.

the FDE capability are primarily governed by the following requirements:

·
Maintain or improve existing security posture of the Windows 7 platform

·
Ensure end users cannot suspend/remove installed security controls

As our current FDE solution in the Windows 7 environment prevents end users from suspending/removing full disk encryption provided by Sophos Safeguard 7.x, we are looking to preserve the same level of security in
our upcoming Windows 10 platform