Please add Duo MFA integration for Sophos Central Admin. Both for the MSP Sophos Partner Central Admin, and for individual customers. Having IT technicians needing to log on to Sophos Central with current MFA it's a pain as you'd have to have so many individual rotating codes for each technician. With Duo MFA it would be a push authentication to a choice of technician phones.

Submitting on behalf of client:

In the allow/block list customers only have the ability to add IPs/subnet ranges to the block list. Having the ability to add IPs to the allow list as well would only make sense and seem logical.

This would be an important feature to restrict access to an IP only and not a whole domain which can easily be spoofed. Reference XGE-5239 for adding IP to blocklist.

Need Event Log Report TO FIND System with Tamper PROTECTION Disabled
FIND System with Tamper PROTECTION Disabled

We have multiple Admins on Central and Sometime during T/S the Tamper Protection is TURNED OFF for few systems. However if the ADMIN does not roll back its a RISK.

Need an AUDIT LOG REPORT for Systems with Tamper protection TURNED OFF

Please add outgoing email DKIM signing

When cloning a policy and selecting the name (highlighting right to left) closes the lightbox.

Can this please be rectified as it is very frustrating.

reminder that tamper protection is disabled or automatic re-enableing after time delay

When you use Sophos Central Wireless and create an SSID with WPA2-Enterprise authentication it is not possible to configure an fallback RADIUS-Server.
Please allow the configuration of an fallback RADIUS-Server that is used when the primary RADIUS-Server doesn't respond.
This would allow maintenance and failure of the RADIUS-Server without disabling enterprise WLAN.

In Email Gateway - Message Detail, the only option I see for phishing email is to Add to blocklist. But that just adds the IP address to the blocklist.

There should be a button that says to use this email to help train your spam/phish detection algorithms. This message was clearly a social engineering extortion attempt, but didn't get quarantined. It would be nice to have a button that says "Your algorithm needs to block messages like this".

Request ability to alert, list/report on all endpoints that have Tamper Protection disabled.

Good Morning! A client of ours requires the possibility to put the computers in groups created in Sophos Central through a deployment, as is done for windows: --devicegroup = <Central group> https://community.sophos.com/kb/en-us / 127045

For example: (Command)

Installer.app --devicegroup = MAC (or LINUX.)

Request to have feature added to Sophos Email Appliance and any other Sophos products which will inject the results of the SPF check into the email header. This will allow the email recipient to view the results of the SPF check (pass/fail/neutral/none) by looking at the message properties. Microsoft Office 365 and Cisco has this capability already by default in their email gateway products.

Configurable Alerts. Provide an option for configurable notification frequency for alerts.

Need to have the ability to make notes beside the devices in the exception lists under Peripheral Control so that we can remove them when they go out of service and track them more easily when they are reassigned.

There needs to be the option of choosing different notification media sources. For instance, we rely heavily on Microsoft Teams for our notifications. Sophos notifications should be able to utilize the Microsoft Teams webhook for distributing notifications rather than only email.

The MFA dialog window needs proper focus. It is the only input dialog on the page, so we shouldn't have to use a mouse to select the input box to put in our PIN code: UI 101

Desperately need you to bring back the full offline installer. Deploying the install amongst multiple endpoints is not feasible with our bandwidth.

We need a way to submit spam filter misses "false Negatives, False Positives, Etc" right from the logs and quarantine. I keep seeing more and more spam and phishing getting thru this product and it is not acceptable.

Extend the duration of logs from 30 days to 180 days as a minimum.

A month is not long enough for ongoing troubleshooting cases...