Active Directory Sync Topology High I want to use ad sync without re-design all exclusions again. Or please define custom sync policy for new computers. When sync process is detected new computer , it will assisgn to default group. Afterwards I will move it to related group. And on next sync, it will be available on assigned group Recently , when I use sync and auto install feature , it is required to define active directory OU for policy groups . there is no additional solution to define custom groups without changing active directory .

I don’t want to manage Active directory OU and Sophos policy groups together

This is my active directory , I have defined difference policy to manage server structure.

But Sophos is required change this ou structure to manage auto install and policy assigned.

So , there is same ideas for all admins 
https://ideas.sophos.com/forums/285723-endpoint-protection/suggestions/20216683-active-directory-sync
https://ideas.sophos.com/forums/285723-endpoint-protection/suggestions/12263352-active-directory-group

Mail Alerts

As attached file, there is no more details for related alerts.
Please add more details for attached alerts which is appeared on console screen. By the way, in ITIL framework I want to use one of mailbox to check alerts and creating incident when mail arrived on related mailbox. So you application is not compatible for service management tools to reduce admin operation. Your application is required to daily login console to check all alerts. So I want to save time for admins.

In this case , as I explained on smtp configuration , you can update your application for related topics and also review for ITIL, ISo27001, ISO/IEC etc.

Same ideas ;)
https://ideas.sophos.com/forums/285723-endpoint-protection/filters/top?query=Mail%20Alerts%20

When using Sophos on a terminal server there is a big problem that should really be fixed.
All the users that are currently working can read all the desktop messages. Users B, C. D etc. can see messages like: "*******.com was blocked for user A".
We had to stop the system tray icon in order to stop such problematic messages.
This leads to the very uncomfortable situation to watch for Sophos notifications in admin console each time, a link does not work.
Please make it possible on terminalservers for every user to see only desktop notifications which concern only this user.
Thank you.

Either make the Allowed Sender list or create a new one to apply to Content Filtering.

We filter for JavaScript.

Pdf fillable form documents can use JavaScript to perform functions so these pdf files also get caught by the content filter, even though we have made exceptions for *.pdf file types. We have whitelisted the senders but that only applies to spam filtering.

This interferes with business carried out as some business partners send fillable forms and they get stopped by PureMessage. We don't want to allow JavaScript from every sender, which now is the only way we could unblock those types of file.

Thanks.

We are a new member in the MSP reseller group. We are missing one important piece as a MSP license. The Pure Message conponent.

We would really like to end up with the possibility to sell all the neccesary security product as MSP. Right now we have to add the Pure Message as a license. Also the Pure Message brings a lot of functionality that we don't need as all our custumers are behind a SG or XG.
All we need is a chance to scan the exchange server databases themselves in case they were infected directly just to be save and have a clear status.
So my suggestion would be that Sophos could please make the Exchange Store Database scanning a feature of the MSP Server Endpoint Client. We really do not need all the extra functions that are already covered by SG or XG. Just the scanning.

Thanks al lot to really think hard about this one.