Including the ability to add/remove columns and filter results.

For example, add a column about tamper protection, and have the ability to filter for only devices with it disabled. Or to add a column about Intercept X software version and filter for certain version(s).

This would apply to Endpoint and Server views.

We intend to make this functionality available via APIs as well.

as an Sophos System-Partner we work and customize with an Documentation-Software, called "Docusnap". Our ideas going to import some informations into the docu-solution for using in Recovery-, Rescue- and Restore-plans. But for devlop we need some defined WEB-API's. It would be nice and very helpfull having read only access on some details e.g. product summary, versions, installed on, last state and any more. What's your suggestions, any chance to implemente it next time?

Based on current generation from XG-Firewalls. Missed some SNMPv2 standard OID's for:
ipAddrTable: 1.3.6.1.2.1.4.20
ipRouteTable: 1.3.6.1.2.1.4.21

Normally this values an standard all over the world on SNMP-Devices, still in Sophos-SG-generation. Generally it's needed by automated creation of routing-plans and more by software solutions.

In the Moment the SNMP-Interface is nice, but not so usefull for production environment's. Secured OID's can be saved by implementing SNMPv3, but this alos not an available option on XG-firewall at the moment.

In a previous Antivirus product, we had the ability to turn on a 4 hour window where the system perform a randomized scan of a particular server.

Currently, Sophos Central can not provide the ability to perform a randomized schedule. Please consider this. In our virtual environment, I have currently set up 7 policies to split my servers into. However, each server within the policy STILL will start its scan at the same time as others with the same policy.

A randomization option is needed to spread the IOPS load on our SAN.

Create the possibility to push an agent wihout having to download and install it. Probably could be realized by expanding update cache and/or message relay servers with agent push possibility.

Global Exclusion should be available for Endpoint and for Server. Not one for all as EP and Server exclusions are very different.

I would like a report to identify any Server or Workstation that has tamper protection disabled.

There needs to be an option to enable/disable,if archives were are scanned in Real-time scans.
This option should be seperated by the kind of archive.
Right now it is not possible to scan tgz-files.

The release notes located at https://www.sophos.com/en-us/support/endpoint-release-notes.aspx do not include every update made to the Sophos client. We sometimes receive emails stating "Sophos has released a product update" but determining which affected operating system is difficult since the current release notes page doesn't always show an update.

Adding a page that is updated consistently every time an update is made available is a feature our organization would get value from.

The delivery status shows either "Delivery successful" or "Delivery failed" but it also shows "Delivery successful" if just one recipient got the mail successful.
For example: if just one of five recipient gets the mail and it fails on four of them, it will show "Delivery successful". Maybe there should be a status like "Delivery partially successful" for those cases.

Extend the duration of logs from 30 days to 180 days as a minimum.

A month is not long enough for ongoing troubleshooting cases...

It would be great if I can decrypt a laptop from the portal. Instead of going to the laptop and turning bit locker off manually to start the decryption.

While creating an automated report as Admin, Only the report creator can able to receive the report. Multiple recipients cannot be added to the list. My suggestion is to configure multiple recipients to send the report.

If the admin and endpoint are in different locations, how can the endpoint's Sophos be disabled for the 4 hours troubleshooting without physically entering the tamper password on the endpoint?

It would be much better if the remote administrator could login to Sophos Central and remotely disable the Endpoint's Sophos for a specific period of time without the need to physically logon the endpoint's Sophos.

Otherwise the admin would need to disclose the tamper protection password to the person using the endpoint. Not a good idea. A new tamper password can be generated afterwards but that's not an efficient process.

The List could be too long, so the ability to remove some entrys would be great

Would like to see the MAC Address listed on the Devices tab as well as to be able to export to a CSV file. This would be extremely helpful to those of us managing networks of 4000+ devices. I believe this information must be captured in the Sophos servers so I can't imagine it would be that hard to include in the Device information.