I would suggest a new column or rule in the event report by adding employee id.

This can avoid duplication instead of searching by name or Hostname

If the File Integrity Monitoring (FIM) logs aren't going to be centralized in the administrative console, enhance the existing endpoint FIM logging to the Windows Event Viewer by populating the FIM event details (file name, location, action) in the General tab of the event (instead of only in the Details view). Also, create useful Event IDs, Event Sources, and Task Categories to allow for filtering locally and advanced parsing by SIEM solutions.

now only
with the addition of exploit exclusions to see if it can be mitigated.

From the Sophos Central console:
Global Settings> Global Exclusions> Add Exclusion> Exploit Mitigation> Internet Explorer

also add the known url or ip of your own application, even better if applicable to a group of PCs

We all know patch is very important in security. It would be very helpful for us if there is a patch assessment (like on the on-premise SEC) on Sophos Central Advanced.

It should also categorized reports based on its criticality, Critical, High, Medium, or Low like the patch assement on SEC.

On Sophos Central, just like on the server protection which Sophos agent able to see what applications are installed on the servers. On the endpoints should also has this inventory of application features. This will help to see what applications are suspicious and looking for unpatch applications.

For Sophos Anti-virus client, please display a pop-up message (e.g. upon every restart or bootup) that reminds user to do a restart in order for the computer to complete the updates. Currently users are required to manually check the agent status for any 'reboot to complete updates'...

Force HW Encryption for BitLocker Encryption. Display Status if Hardware Encryption is in use or not in Central and on Endpoint Diagnostic Utility

Servers with multiple network cards. Endpoint binds to the wrong network card.

Intercept X does not appear to process JAR files - malware like Java Adwind seems to get past Intercept X. Are there plans to have Intercept X / Sophos ML to process JAR files? This woud provide much needed heuristic detection of this common family/type of malware.

Intercept X is great for detecting new executable malware, however it does not seem great at detecting malware downloaders, e.g. Office macro or PDF downloaders.
Can Intercept X be enhanced so it looks for Office documents that spawn powershell/cmd/BITSAdmin or any other application that can be used to download executable content? This will provide an additional layer of defence in depth that an adversary has to bypass in order to infect a system.

There should be a monitoring mode for exploit prevention ( detection is on but blocking is off )
so we can initally test what can the impact be and what kind of applications will be blocked by exploit prevention.

The security heartbeat only works if the end point has direct internet access. Please can you allow the heartbeat to use the same internet settings (proxy server) as the workstation.

It would be nice to have the extended security of the cloud also on the On-Premises Version, but without the drawbacks like automated Client Version Upgrades and no Push-Client Installation possible...

We have some applications that are used to monitor/scan files across a system and being able to exclude any file it touches during the time it is opening that file would alleviate process impact on the system, and prevent locks on files which could cause issues with the parent application.

Please provide a Linux workstation license for Sophos Cloud. For users that have linux desktops, we don't have an option if we want to use Sophos Cloud for our management service.