The option is required to block recipient email address in SMTP proxy to block users sending to their personal email accounts or to control recipient address if users are sending email to resigned employees by mistakenly.

Exporting Bitlocker recovery keys is currently being restricted to Master Security Officers only. This is insufficient for daily business in large organizations. MSO role should be restricted to very small group of people. If this small group of people is unavailable, then nobody is able to recover a Bitlocker client. For this reason the feature of exporting Bitlocker recovery keys should be delegable to "normal" Security Officers.

Alternately there should be an option to export recovery keys by a script.

Having the ability to force a user to change their PIN via a request from the Central dashboard would be useful. We've gotten a number of requests for the ability to do this from sysadmins.

Implement Windows 10 POA with Smartcards like in Windows 7. Only the BitLocker PIN is not Enterprise ready in my humble opinion..

Please support Azure-hosted MS-SQL databases in Safeguard. It is one of the only products in our shop that still requires us to spin up a full MS-SQL server in order to host it.

SGLC Client should support XenApp 7.15 terminal services on Windows Server 2016

SGN should support Groups with AD-objects from different Domains within a Tree (e.g. Groups with members from userdomainA.company.net and userdomainB.company.net)

The Port Auditor 3.4 is out of date. Please Update to support current OS

The POA screen needs to be improved in V8 to fully support tokens (2 factor) and other usb devices.

According to articale 123749:
USB devices such as smart cards, tokens, and possibly some external human interface devices (HIDs) do not work on SafeGuard Device Encryption POA. These devices interact with the Extensible Host Controller Interface (XHCI), which is not planned to be supported by Sophos SafeGuard Device Encryption.

This is simply unacceptable as bitlocker does not support hardware 2 factor either. This needs to be revisited.

On-premise SafeGuard Enterprise customers have been requesting the ability to remotely trigger a PIN reset for specific machines.

A context menu item via right-clicking a Machine Object in the Management Center triggering a PIN reset the next time the SafeGuard client syncs would be the best implementation for this feature.

The Message to enter the old password (usually after resetting the PW by an AD-Admin) often confuses users and admins. The procedure is completly described in KBA 112239, but has to be delivered by the support.

The message could be improved by directly mentioning or referring to KBA 112239. This could help admins and users to find the solution without calling any support

Make available a simple, free utility for Mac users to decrypt SafeGuard files created on a Windows system. If such a utility exists, inform the Sophos chat agents.

Rather than have to set up a Windows VM for the express purpose of decrypting files, it would be awfully nice if there was a handy macOS utility one could use in place of the SGPortable.exe file that accompanies the media encrypted with the Windows SafeGuard products.

In case of an incorrect TPM-initialization, clients try to use the fallback protector.
It is possible to use "password" as fallback and a GPO that encrypts the machine without TPM.

In this scenario users will use a non-TPM protected machine without knowing (average users see no difference between pin an numeric-4-letter-password).

Clients should inform the user or the SO via Management Center, that Fallback Protector is used and primary Protector wasn't used at all.

The EU General Data Protection Regulation (GDPR) is the most important change in
data privacy regulation. We need to answer the question "where is PII data" to protect. It would be great if we could identify where PII data is by using Sophos.

Safeguard 8 Managed Client Enhancement request for SafeGuard to disallow “suspension” of BitLocker on client.

the FDE capability are primarily governed by the following requirements:

·
Maintain or improve existing security posture of the Windows 7 platform

·
Ensure end users cannot suspend/remove installed security controls

As our current FDE solution in the Windows 7 environment prevents end users from suspending/removing full disk encryption provided by Sophos Safeguard 7.x, we are looking to preserve the same level of security in
our upcoming Windows 10 platform

Could you please add YubiKeys to your supported smartcards as it's a convient smartcard with multiple use cases. e.g. certificate based user authentication, otp functionality, code signing