Sophos Central - Manage Endpoint Software: Add ability to remove any/all Sophos software from a computer from the Central Management Console.

This should include just Central Encryption Components as well.

Many MSPs want the ability to remove their management for their customers and this would include all traces or a managed software solution. This is a very common request among MSPs and their automation facilities and tools that they use to manage and deploy software to customer computers.

Allow SafeGuard Enterprise to use credential providers for Third-party password filter software.

sc

Institutional recovery keys are most often used to have one common recovery key so that Administrators can unlock all managed encrypted systems within the whole company with that recovery key.

Recently, one of my outgoing email addresses was placed on your Badmail list. I didn't know for two days so I had two days of email that was supposed to go to my customers that failed and won't be retried. Being notified that it was placed on the Badmail list would be much appreciated!

The Safeguard Policy “access denied if no connection to server (days) (0=no check)” ability to get the same policy control preventing access on machine encrypted with BitLocker client being managed by Safeguard Enterprise

Would like to be able to use the Microsoft Hello feature with windows 10.

Sophos Enterprise client should display client agent status regards to the disk encryption status. End user should be able to confirm endpoint encryption status.
I’m fully aware about the SGNState tool.

Thank you.

The option is required to block recipient email address in SMTP proxy to block users sending to their personal email accounts or to control recipient address if users are sending email to resigned employees by mistakenly.

Exporting Bitlocker recovery keys is currently being restricted to Master Security Officers only. This is insufficient for daily business in large organizations. MSO role should be restricted to very small group of people. If this small group of people is unavailable, then nobody is able to recover a Bitlocker client. For this reason the feature of exporting Bitlocker recovery keys should be delegable to "normal" Security Officers.

Alternately there should be an option to export recovery keys by a script.

Implement Windows 10 POA with Smartcards like in Windows 7. Only the BitLocker PIN is not Enterprise ready in my humble opinion..

Please support Azure-hosted MS-SQL databases in Safeguard. It is one of the only products in our shop that still requires us to spin up a full MS-SQL server in order to host it.

SGLC Client should support XenApp 7.15 terminal services on Windows Server 2016

SGN should support Groups with AD-objects from different Domains within a Tree (e.g. Groups with members from userdomainA.company.net and userdomainB.company.net)

The Port Auditor 3.4 is out of date. Please Update to support current OS

The POA screen needs to be improved in V8 to fully support tokens (2 factor) and other usb devices.

According to articale 123749:
USB devices such as smart cards, tokens, and possibly some external human interface devices (HIDs) do not work on SafeGuard Device Encryption POA. These devices interact with the Extensible Host Controller Interface (XHCI), which is not planned to be supported by Sophos SafeGuard Device Encryption.

This is simply unacceptable as bitlocker does not support hardware 2 factor either. This needs to be revisited.

On-premise SafeGuard Enterprise customers have been requesting the ability to remotely trigger a PIN reset for specific machines.

A context menu item via right-clicking a Machine Object in the Management Center triggering a PIN reset the next time the SafeGuard client syncs would be the best implementation for this feature.

The Message to enter the old password (usually after resetting the PW by an AD-Admin) often confuses users and admins. The procedure is completly described in KBA 112239, but has to be delivered by the support.

The message could be improved by directly mentioning or referring to KBA 112239. This could help admins and users to find the solution without calling any support