Please add some more Bitlocker configuration possibilities, like the option to configure the password complexity, as described here:
http://windowsitpro.com/security/q-how-can-i-set-password-complexity-removable-bitlocker-protected-devices

Recently, one of my outgoing email addresses was placed on your Badmail list. I didn't know for two days so I had two days of email that was supposed to go to my customers that failed and won't be retried. Being notified that it was placed on the Badmail list would be much appreciated!

Exporting Bitlocker recovery keys is currently being restricted to Master Security Officers only. This is insufficient for daily business in large organizations. MSO role should be restricted to very small group of people. If this small group of people is unavailable, then nobody is able to recover a Bitlocker client. For this reason the feature of exporting Bitlocker recovery keys should be delegable to "normal" Security Officers.

Alternately there should be an option to export recovery keys by a script.

Please support Azure-hosted MS-SQL databases in Safeguard. It is one of the only products in our shop that still requires us to spin up a full MS-SQL server in order to host it.

Customer switch its desktop environment to VDI environment. They need official support for this VDI platform.

SGLC Client should support XenApp 7.15 terminal services on Windows Server 2016

Could you please add YubiKeys to your supported smartcards as it's a convient smartcard with multiple use cases. e.g. certificate based user authentication, otp functionality, code signing

On-premise SafeGuard Enterprise customers have been requesting the ability to remotely trigger a PIN reset for specific machines.

A context menu item via right-clicking a Machine Object in the Management Center triggering a PIN reset the next time the SafeGuard client syncs would be the best implementation for this feature.

Make available a simple, free utility for Mac users to decrypt SafeGuard files created on a Windows system. If such a utility exists, inform the Sophos chat agents.

Rather than have to set up a Windows VM for the express purpose of decrypting files, it would be awfully nice if there was a handy macOS utility one could use in place of the SGPortable.exe file that accompanies the media encrypted with the Windows SafeGuard products.

Ability to have Network Aware POA on machines (especially BitLocker as there is no user-based POA).

Many customers need the ability to disable POA on devices in the office - for example shared machines. If the device is stolen, then POA should be enabled immediately. We are currently working on a 3,000 user company with Call Centre who love what we can do in Win7 but need a comparable approach for BitLocker managed machines.

This would apply for Central as well however we have a larger SGN deployment base today so SGN is the most important starting place.

The Message to enter the old password (usually after resetting the PW by an AD-Admin) often confuses users and admins. The procedure is completly described in KBA 112239, but has to be delivered by the support.

The message could be improved by directly mentioning or referring to KBA 112239. This could help admins and users to find the solution without calling any support

to allow the encryption and management of Ubuntu workstation as part of SafeGuard Enterprise

Safeguard 8 Managed Client Enhancement request for SafeGuard to disallow “suspension” of BitLocker on client.

the FDE capability are primarily governed by the following requirements:

·

Maintain or improve existing security posture of the Windows 7 platform

·

Ensure end users cannot suspend/remove installed security controls

As our current FDE solution in the Windows 7 environment prevents end users from suspending/removing full disk encryption provided by Sophos Safeguard 7.x, we are looking to preserve the same level of security in
our upcoming Windows 10 platform

The EU General Data Protection Regulation (GDPR) is the most important change in
data privacy regulation. We need to answer the question "where is PII data" to protect. It would be great if we could identify where PII data is by using Sophos.

Customer is asking for the possibility to remove old clients via a GUI window "en bloc" - means that user should get a window with criterias (like last server contact date) to pre-select shown clients and the her should be able to tick mark all clients that should get removed from database.

When SafeGuard manages a Bitlocker full disk encryption device, event code 3503 - Sector-based initial encryption of drive 'X:' started" should be captured in the Event log of the Safeguard Management console.

With SGN8 and application based encryption users also have the possibilty to manually decrypt encrypted files or to create password protected HTML5 containers (which has the same effect) by using the context menue. One of the first questions customers ask us: can I prevent users from doing this?
Actually I can't. So the feature request is: policy based elimination of the possibility to manually decrypt encrypted files to prevent data leakage.