Can we please improve the onboarding process for new customers. As a managed service provider my customers DO NOT need access to Sophos Central so I should be able to add a customer directly by clicking add customer and then adding in my license. Not sure why we still have to go to add trial. Also, please don't exclude me using the same email address to sign up a new customer when I AM the technical contact. Let ME choose what I should do for my customer.
Thanks

Partner Portal Admin
The way to manager users as a Partner is awful
It is not intuitive at all and falls short of being simple
It needs to be much slicker
It looks and feels like a very old website

Bitte eine Trennung der Admin Berechtigungen für Antivirus und XG Firewall durchführen. Es wäre ein sehr guter Schritt, wenn es eine Möglichkeit gibt einen Admin für den Kunden so einzustellen, dass dieser keine Möglichkeit hat auf die Firewall zuzugreifen. Denn in vielen Fällen sind es unterschiedliche Zuständigkeiten zwischen Firewall und Antivirus. So wäre es von Vorteil, dass User1 nur die Möglichkeit hat Einstellungen am AV vorzunehmen und User2 hingegen nur auf der Firewall Einstellungen anpassen darf. Denn jeder dieser User hat auf den anderen Einstellungen nichts zu ändern, da diese Einstellungen nicht in seinem Fachgebiet liegen.

It seems that in Central, a user's (added via the AD Sync tool) login name (User Principal Name UPN) is being applied as login information for Microsoft Exchange. However Microsoft allows for using Alternate identities due to corporate polices or other LOB dependencies.

Example: User Jane Doe with a UPN of jdoe@contoso.local and an email address of jdoe@contoso.com
Not being able to change this prevents the ability to assign users mobile devices with Email configuration policies.
See also the MS documentation in regards.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id

For more info in regards to username attributes see also:
https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties

I want to search the Threat Analysis Center - Detected Threat Cases. It would be very convenient if I could sort by the user name or device as well as be able to search for a particular user or device

In the partner portal under deployment is the option to download a CSV file. I have found that Sophos uses commas as delimiters, which is a problem when a customer's company name has a comma in it (e.g. example company, llc) and needs to be reformatted before it can be parsed for specific information.

My idea is to either change how the CSV files are formatted or add other file formats for export that are able to be parsed.

Global Exclusion should be available for Endpoint and for Server. Not one for all as EP and Server exclusions are very different.

Have the ability to use a service account the does not require an email address for AD Sync.
The Sync service access rights should be base off "least privilege", instead of Admin Access.

if you´ve got multiple Users in Central showing with their User Account and/or mailbox it would be helpful to see which of the account (User or mailbox) has been activated for Self Service Portal. At the moment there is no option to see whether the user has got self service portal access or not.

When adding Devices to a group can you please allow us to add more than one at a time. Doing 60 new computers to a group takes a long time when doing it one at a time.

It would be nice to be able to manually change the ownership of a device in Sophos Central's web ui from one user to another without having to uninstall from the old user and re-install under the new users credentials on the device.

Sync Users based on Firstname Surname fields as opposed to display name

When we have Azure AD integration turned on in Sophos Central, a user must first go any create a Sophos Central password before the sign-in with Microsoft Account function works which defeats the purpose of the integration.

Stop Console from logging out automatically every half hour in browser window

When you have a Firewall managed by Central, it is needed to know what Firewall is showing the logs os heartbeat.

With SSO enabled, it would be nice to disable the ability to login with legacy email logins so that we can just use Azure SSO for admin/user logins. If someone with an email in the system tries to log in, it give it a message saying they need to use SSO to login.

MFA - Add MFA behavior of "All admins require MFA with exceptions". Instead of having to manually add MFA to an admin after the user has been created. Default it to the user requiring MFA unless otherwise specified. That way if an admin is created a second step is no longer required to enable MFA when the user is provisioned. Reducing risk, as well as allowing the AD Sync utility to continue to work.