I recently ran into an issue where all emails from gmail.com were being deleted. I could not figure out what was going on. I called support and they helped me solve the issue which turned out to be a wayward rule. My issue is the logging is so obtuse in Email Gateway that you can't really tell why something was deleted. There should be a simple note on the message as to why it was deleted. Was it an advanced threat, triggered by a block rule, malware, etc. There should also be verbose logging that lets you see the message the entire way through the Sophos system. This would save countless hours and support calls. Even the support Engineer did not have access to better logs. He just made a few guesses and we eventually found it. In the meantime, he was getting the case ready to send up to development which seems ridiculous. Please provide better logging and clear explanations in Sophos Central as a whole as to why something is happening.

1. Add a status column for Tamper Protection Enabled/Disabled in the Devices list.

2. Add a Enable/Disable Tamper Protection option to the Devices page. You would check as many boxes as necessary and then enable/disable tamper protection for them. This is necessary for mass reinstalls where Sophos is missing services or other.

3. Add a timed option for when Tamper Protection will automatically come back on. This could be a pop-up that shows after clicking disable which would then ask how many hours/days it should be disabled, or if it should be disable indefinitely. This will add administrative security as it's easy to forget re-enabling.

USE CASE: We need to reinstall Sophos to a large amount of computers currently missing services or having other issues. While we've found a way to push out a mass reinstall, we still have the task of going to each computer in Sophos Central, disabling the Tamper Protection, and then revisiting those computers later to re-enable Tamper Protection. I've noticed that there is a way to remove Tamper Protection for all computers in Global Settings, but that isn't ideal and presents an unnecessary security risk for every other unaffected computer.

Allow the capability to export the current installed version of Sophos from any device. There should be an easy way to see the installed version of Sophos for any device from within the Central console. This export/report should be able to be applied or filtered to specific groups.

Use Case: Sophos compatibility issues with certain Windows updates has caused various devices to hang during boot. Your organization declines that bad Windows update to avoid disruption. However, some servers may not have an updated Sophos client due to reboot schedules or other errors. You want to view the Sophos version for every server in your environment to determine if it is safe to release the Windows update. This is a manual process that takes time away from sysadmins, service desk, and incident responders because they have to manually view the version of Sophos for every device in their environment which could easily be thousands of devices.

Sync email addresses from Office 365 rather than AD. Sync from AD causes an issue if you have lots of shared Mailboxes, they need to be added/removed manually from the console. Also if you use SharePoint or Teams where users have the ability to create Office 365 groups and associated email addresses these are not added into the Sophos portal so all inbound email is bounced. Also since Sync deletes any manual entries we have to turn it off but that causes issues when we have new starters especially grad programs where 40-50 start at a time, they all needed to be added manually into the portal and even worse every year a new year group for school starts and we need to manually create hundreds of users and 10-40 year group emails. This is a nightmare. Again if you have people leave, some customers want them converted to a shared mailbox so when they are converted and their AD user is disabled they get removed from Sophos.