Would be good if there was a 'log a support ticket' for Mobile. If you use the main 'log a ticket' option then it gets logged as a Endpoint AV ticket then it takes like a week to get a response and they tell me I logged it under the wrong product.

Looks like yet another half baked option where no thought has been put into this by Sophos, like everything else to do with your half baked and broken MDM

Sophos Central should implement scheduled reporting like in Sophos Enterprise Console eg Daily, weekly Reports... instead of reactive reporting where it emails for an alert or detection.

Option to disable/change timeout time settings on Central Console.

Issues:
1. Central console automatically logs off currently logged in user (even if actively being used, not idle). This requires the user to re-log several times a day, and with the addition of 2FA this is quite a cumbersome process to have to repeat.

2. For customers who are using monitoring systems, not having this functionality means that Sophos Central will not able to display its dashboard on a network operations center.

ABILITY TO IMPORT AND EXPORT ANTIVIRUS EXCLUSION LISTS

There needs to be a way to import and export exclusions, with over 90 customers in our Sophos central database, adding exclusions one at a time is terribly inefficient and time consuming. The same goes for removing exclusions removing them one by one and having to mouse click confirm is also awful. A better system needs to be implemented especially since this feature had been requested seven years ago in this Sophos thread https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/2801/importing-exclusions-into-a-policy

It would be nice if you didn't have to disable MFA on the account the AD sync tool uses. The tool should be updated to accept MFA during setup and then be handled appropriately to avoid needing to re-authenticate during normal use.

The ability to make a remote connection to an endpoint that is in isolation (red) mode from central admin to be able to work on the client if the endpoint is not able to clean the threat making it isolated. Otherwise you need to drive out to the customer as we did back in the 90's.

Please tool the email gateway to have the ability to login via the Office 365 API to pull a mailbox list. Right now we sync AD from our internal domain to Central. However this does not get all valid mailboxes in that we have a number of O365 groups and distribution lists that don't live in Active Directory. If the email gateway could simply pull the list of valid addresses from O365 like some competitor products it would save quite a bit of manual mailbox additions.

Make Tamper Protection part of a Policy.
Now it's a global option which is ridiculous. I don't want servers with tamper protection, only our end user laptops.

Suggestions for improvement for Peripheral control policy:
- option to export the "Peripheral Exemptions" list to csv
- filter options in "Peripheral Exemptions"
- sorting options in "Peripheral Exemptions"
- sorting options in "Add Peripheral Exemptions"
- add filter type Computer to "Add Peripheral Exemptions"
- allow the user to resize the window, so that I can read the complete field
- allow to filter by time for a date and time range

We want to show the scanning status in GUI, so that user will know what file is scanning.

The ability to delete devices from Sophos via the API.

The new layout of Threat Cases is great! More in-depth analysis of the process of the detection is helpful. However, as my organization has over 5,000 endpoints, sorting these detections can be cumbersome with the current layout. While the statuses can be filtered, being able to show all items except closed would be a very helpful addition. Simply deleting them would lose their historical value for future troubleshooting and identifying statistics based on device targeting/user habits.

It is very useful to perform a "Scan Now" from the Central Dashboard but currently there is no way to monitor the status of the scan - this would be a good new feature. Also, currently you can click on "Scan Now" several times so it would be great if the colour changed to grey on "Scan Now" (and no action occurred if it was re-selected) and then the colour changes back to original blue when the scan has completed.

Please provide a way to filter computers and laptops that have not been powered on or seen for over 1+ months, they generate general alerts that fill my Sophos dashboard and look terrible. Right now I have 167 general alerts and over 100 of them are because people have not powered on a laptop in over 1 month. When my boss, or any clients we have granted Sophos Central access to see these alerts, they assume the monitoring technician has done nothing about these alerts and we look really bad.

Currently there are many actions that only super-admin can take, such as remove PCs and add/remove PCs to groups. There should be more options for admins to be able to do some super-admin actions, but not others such as editing policies. This way we can empower people to manage the rollout of Sophos and policies such as Full Disk Encryption, without being able to change/edit the policies.