It would be useful to have more information on computers in Sophos Central - in general, but specifically in situations where we need to investigate unknown installations.

• Geographic location of installation (may need to be able to disable for privacy concerns)
• Make, model, serial number of computer
• Windows version and edition (useful to know if Home vs Enterprise)

Include MacBook serial number in Endpoint API response
https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get

In the Groups section, please make the whole path of the group visible. We have multiple groups named the same thing but are in different regions.

Would like to see "Scan now" menu option under "More actions" menu when using "Threat Analysis Center Dashboard" after clicking on a device to look at events/summary. It isn't there in the menu like it is under the standard "Devices" menu. 10:21am 7-19-21 Jason Taylor - Lake Land College - jtaylor11319@lakelandcollege.edu

Email Gateway - Email Gateway Policy - Settings - Inbound
Add the option to add my own custom file types or add the following choices:
ics, img, iso, macho, pl, ppa, ps1, pst, pub, py, sh, slk, tmp, vb, vcs, wim, and xz.

The standard hidden service account "_sophos" that is used during installation/setup on macOS is granted a secure token upon creation. This is NOT desired behavior as it means that Sophos cannot be installed during a preStage enrollment into an MDM solution.

Please add the following tag to the user-creation process for the sophos user so that the account does not receive a secure token: sudo dscl . append /Users/sophos AuthenticationAuthority ";DisabledTags;SecureToken"

See this article from Apple for more information: https://support.apple.com/guide/deployment-reference-macos/using-secure-and-bootstrap-tokens-apdff2cf769b/web

Introduce role based access / delegation permissions to permit users to monitor quarantined mail on behalf of another user through the self service portal. E.g. An assistant can monitor quarantined mail for their manager.

Would like for the useragent to be included with the click details. This will help us determine if some "programatic" item clicked the message like another security product; or an end user.

Would also like to see the number of clicks. as some analysis tools will run the link though multiple tools and will increase the number of clicks substantially.

Respectfully,
Jay Orellana

It Would be very nice if the Endpoint protection had a cloumn for Device comments. E.g. An endpoint which was offline for long time could get a comment, that this Device is in use and mustnt deletd!

Having the ability to customize the "Blocked Message Notification" would allow the users to understand the DLP violation. Also for the admins, it can be quicker to determine which policy the user triggered. Besides editing the verbiage, the company logo needs to be an option.

We are looking for a solution for a customer who is wanting to have scheduled scans every 12 hours. In addition to setting a time for scheduled scans, maybe we can have an option to schedule 2 scans in a day or to have the option of setting scans the hours passed since the previous scan.

There needs to be more granular control to the Inbound Allow/Block list. For example, I should be able to "Allow" a certain address or domain to permit email delivery specifically for DLP violations, or allow "bulk" only for certain domains all the while still adhering to the other checks that are in place . As it stands right now if I put an email or domain on the allow list, all other checks are being ignored.

Please add a wild card feature for search so I can mass delete devices for students that graduate.

Good afternoon,

We conduct our annual cybersecurity training in both English and Spanish. One of the modules that we use, “Working from home”, is available only in English. Due to the increased number of employees working from home, we consider this training to be very important. Are there any plans to translate “Working from home” into other languages, specifically Spanish?

For Live discover scheduled queries it would be very useful to see if a report contains data. As an admin if I schedule daily queries I should be able to skip over all the entries that do not contain any data so i'm not wasting time opening them from the list. It should also be possible to create an alert or emailed report of these queries to an admin so they can be alerted as soon as possible to a suspect event or activity

FSC Test QA 1

Feature request to support federated sign in using the users UPN so users with an email address alias different than their UPN can use federated sign in for self service portal.