Demo or testing modules ends up creating a lot of log data that is not valid threats or activity. Need the ability to remove this data or flag the system to not include any actions before x date. We went live and have all kinds of garbage threats, violations, and warnings in our dashboard and reports. If we should implement any free trials for additional products this will make the problem worse because now we will have test data after our go live.

In the Firewall Management portal, include a Global Objects option, similar to the Dynamic Options. But here a user could create a Network or Host that is then pushed to each device. So for example I could create 10.1.0.0/16 as 'LAN Vancouver' and 10.2.0.0/16 as 'LAN Seattle'. And 10.2.50.50 as 'Exchange Server 1'. Those would then show up on every device to be used in Rules. Rather than currently having to create each object on each device.

This is feedback for QA Australia

From the "devices" menu, a bulk option to isolate devices would be a nice addition.
For PCI compliance I have to Isolate devices last active on the network over 30 days ago.

This would significantly speed up the process as, at present, I have to manually go into each device one by one.

Sophos should use UTC for all activities in support or systems. This is a global standard and makes it easier for all who are part in a case or looking in reports. If all knows, in which timezone they act everyone can add or reduce it according to his UTC he just is present in. For WEB GUI it could be a good idea to present a UTC clock.

Include MacBook serial number in Endpoint API response
https://developer.sophos.com/docs/endpoint-v1/1/routes/endpoints/get

Introduce role based access / delegation permissions to permit users to monitor quarantined mail on behalf of another user through the self service portal. E.g. An assistant can monitor quarantined mail for their manager.

For Live discover scheduled queries it would be very useful to see if a report contains data. As an admin if I schedule daily queries I should be able to skip over all the entries that do not contain any data so i'm not wasting time opening them from the list. It should also be possible to create an alert or emailed report of these queries to an admin so they can be alerted as soon as possible to a suspect event or activity

sdsds

Please tell me how to display the correct time on reports. Screen display is EST. PDF version displays UTC time zone and CSV version of same report displays correct time zone EST in military format.
How can I correct the PDF version to the correct time zone?

This has been escalated and the end result it was suggested to post it here.

Hello,
I have an alert that says "Your API token will expire in 30 days" but there is no other information, it doesn't tell me where to find this, there is no link to click, no "click here for more information". I feel like there should be a way for me to go right from the alert to wherever the problem gets fixed.

Request to create a user role(s) to allow the management of specific services.
For example, a user role that allows a user to only access read or write access to Sophos Mobile and not the entire suite of products that include Interceptx and Firewall Management etc. Additionally, these roles should have other options like read-only, read/write, reports only etc

Please add Executive, Security, and system reports to Central Firewall Reporting

If you have a firewall group with 3 firewall subgroups and 1 firewall in each subgroup, the firewall group shows 0. The firewall group should show the firewall count from all the subgroups into the parent group.

It should be possible to change group membership at multiple devices in one operation from Devices/Computers view/list.

It should be possible to delete several devices from the report "inactive 2+ Months" and Inactive 2+Weeks"

It would be useful to have the threat case information presented in the Enterprise and Partner dashboards. As it stands, I have to drill in to each sub-estate and manually check for threat cases, making this quite cumbersome for any Enterprise or Partner dashboard with more than just a few locations. The time involved in manually chasing down threat cases is completely unscalable.

Currently if you are in an environment with sub-estates, the Enterprise Super Administrators cannot create custom reports or schedule reports. Due to the fact that you cannot use the same email address within sub-estates that is used to login to an Enterprise account, the current recommendation was to create a second email account and sign that up as the administrator of the sub-estate in order to create custom reports. This seems like more of an access flaw than anything else, as it would seem the Enterprise Super Administrator should have the access to perform these actions with their sub-estates.

It is currently not possible to send out invites to multiple users who are in a group for example. You have to manually select every user that should receive one and then click the button for the invite. Please make it possible to send out invites to specific groups. This would be especially helpful after a migration from Sophos Mobile OnPrem to Sophos Central Mobile.

Pulling LDAP data about computer description, that is viewable either in Computers or Server tabs.