Safe Mode Protection in Windows
Sophos EPP currently do not control the user when logged in Safe Mode, which can be threatening to the data security on both Client & Server side.
Sophos must figure out, to prompt Tamper Protection Password immediately after Safe Mode Login by the User. Only after validating Tamper Protection Password, User would be able to use the Computer.
This Tamper Protection Password prompt must be User role managed.