Automatically trigger policy update to Endpoint upon status of "Awaiting policy update"
Currently, the SEC only triggers policy updates if the policy is changed, a group is switched from one policy to another, or if a user manually triggers a policy update with "Comply with policy". In a situation where an Endpoint is being restored from an image with an older policy, SEC will never send an update message if it is not triggered manually. Clients using VDI are especially susceptible to this.
If you delete the adapter storage file(s) (\ProgramData\Sophos\Remote Management System\3\Agent\AdapterStorage\), i.e. the cached policies, the client will return no-ref for the policy status which will force the management service to send policy. These files could be removed before taking a snapshot to ensure the endpoint obtains the latest set.