For organizations with regional IT teams, it would be helpful if email alerts could be configured beyond just severity, product and category. For example, it would be useful if email alerts could be sent for events pertaining to a specific group or groups of computers. It would allow IT teams to only receive alerts for machines that they are responsible for. Alternatively, regex or string matching criteria would be super useful (more flexibility).

Thank you for your consideration,

Albert

What about Automatic Exclusion / full support for Exchange 2019 ?
-it's (GA) been out for over a year..

ETA ?

Could we have each system's anti-tamper status added to the Computer report? I believe there is a compromise solution looking at events for SEC customers but that is not an option for Central.

There is an existing install parameter "--devicegroup=<Central group>" to automatically add a new device to a specified group in Sophos Central. I would like to propose a "--usergroup=<Central group>" parameter to do the same for any new user added as part of the install, which can be used in tandem with the devicegroup parameter.

This would be useful for managing client-specific, user-based policies (such as Web Control) without having to manually add new users to a policy or group or make client-specific changes to a global policy that would affect all clients.

We're constantly having hosts that have a status of red because Sophos is falsely reporting that "Running malware in quarantine or cleanup failure" Can we fix this or have an automated process to delete the events.db?

Currently, when enabling the setting to require MFA for all admins, it breaks the AD Sync tool. The only way around this is to manually add Admins to the list required to use MFA. This is a potential security issue as it is easy to forget to do this. I would like to see a feature added where MFA can be set to required for all admins, but the ability to add an exception for instances such as the account used for AD Sync. Thanks

Put a PAUSE button on the Central Endpoint scans! When it is scanning it makes using the computer next to impossible with high resource usage. All applications are slow to respond, if at all. Sometimes need to use the computer during a scheduled scan--no choice now but to Cancel the scan. Unfortunately Sophos has not provided an option to rescue his work. All other antivirus and anti-malware software have PAUSE buttons. Why not Sophos? Sophos theme is security made simple. So pls do not complicate. Need a button pls.

It would be very convenient if administrator has the option to add a note to device for reference purpose.

Please allow users to specify a custom report range for the excellent Hero report.

Need to be able to see the protected servers with a list that shows more details. Agent Version, Component Versons. Customize Lists.

Need to add a report to produce a detailed server list and installed component versions.
THIS IS AN AUDITING REQUIREMENT - KPMG!

Thanks.

When a PC has the Endpoint Protection Client deployed via Sophos Cloud, if the client has issue or is out of date, there is no visual prompt on the Sophos shield icon in the notification area. You have to open the client and then click about, to see when a client last updated.

When we used to use Sophos Enterprise Console, the Sophos icon in the notification area would have a red cross overlaying the icon, notifying the user of a problem

Scan ALL Computers from Central

would be nice to be able to see more lockdown events than 24 hours and also to be able to search/filter by date range. Also, why cant we get email alerts when lockdowns happen?

Currently, Event Reports only do 6 months of reports and gets sent via email.
I would love to generate .pfd's of all my reports but our attachment limit via email is 10MB

Could you not allow or link a URL to a Sharepoint\Dropbox\Box\AWS cloud storage share?
Sign in verify the user login then collect reports there.

It would be convenient for admins and end users if we could see in the "Devices" page within the Sophos Central Console a column that shows if the endpoint needs to be restarted (generally for applying updates.) Furthermore have the option to be able to sort by this column.

Root Cause Analysis allows for a convenient re-arranging of the items in the Visualize tab, but that layout disappears when you navigate off the tab or page. Need an option on the Visualize tab to save the layout.

Sophos Central Alerts can be overwhelming. I need the ability to clear all alerts without checking on the 5000 alerts individually. I'd like to see just red alerts where Sophos could not clean up the issue. We see red alerts even when the issue has been resolved. So if it had been resolved it could change to a different color to still be able to see that there was an issue, but it doesn't need attention. Working for a school district we need to manage Sophos easily and efficiently due to time constrictions. Thank you!