The Email Gateway solution needs to be able to handle policies for distribution list mailboxes and not just mailboxes that are tied to a user.

It would be very helpful to be able to "mouse over" or otherwise see the URLs in the quarantined messages to better determine if it is safe to release or not.

DLP and SecureBoot

I would like to be able to order the message history screen by the "from address" looking for potential spam or phishing emails sent to multiple users. Is there a way that can be added or at least an "export all" so that it could be done in a 3rd party spreadsheet?

Unable to setup recurring reports unless using an account local to the customer instance which is not workable as an MSP. Custom reports expire after 6 months and need to be rescheduled.

It would be good to have the serial number of (mac) device available in the computer reports.

Allow us to have multiple scheduled scanning under the threat protection policy instead of just having one scheduled time.

It would be good if Sophos Email Gateway could have geoblocking supported rather than just an IP list/range.

I would expect a lot of businesses could easily exclude certain country ranges from email where you would not have business from.

We have a requirement to report and document our antivirus policy, to ensure some settings are enabled and others are disabled.

As policy is not hierarchical, we need to check every policy we have, and compare to what is approved.

We require the ability to export policies to aid in this.

I rate it as priority 4 so we can comply with our client audits.

A button on the console to uninstall Endpoint protection would be extremely useful. No user disruption or spending time with a script, but a simple button per device.

It would be wonderful if there was an option to run a report to find out which endpoints have Tamper Protection turned OFF/ON. Or an option to sort the Devices list by Tamper being off/on.

please improve the search and filtering on the email gateway quarantine.

allow order by subject, and filtering by reason, subject etc...

Add e-mail for Multi-factor Authentication (MFA) in Enterprise Central dashboard

Record all commands run on a device by a Sophos Central admin during a Live Response session and make the transcript available, either for download or viewable some other way. Currently the Audit log records when sessions are run, by whom, and on which device, but the logs don't indicate what happened.

A transcript of what commands were run would be nice to have for auditing purposes and to include with any forensic investigation reports, especially sensitive cases or cases involving potential legal ramifications where the ability to document exactly what was done to a system would be beneficial.

When installing, please add a log output mode (or similar mechanism) so that we can check the installation requirements and the installation processing status and the abnormal termination point.

The operator does not notice the change or addition of the function.When he notice it, he is confused. We would like to know the changes on the portal before SOPHOS release.

Ref SR# 03032814

1. Regarding Controlled Updates (Settings-->Controlled Updates-->): If sophos central showing multiple products release are available its not showing each release details like version. Then only we can able to verify managed machines running with which version.




2. How can we generate report which includes installed Sophos products with its version numbers for all protected servers (currently: computer name, ip address, OS, Last user /Active, Group details only available). If we can generate report with installed sophos products & its version this will help us to patch outdated machines.

Our users login to their devices using local credentials, not AD credentials. This means that their local credentials need to be associated with their AD credentials in Sophos Central so that the policies can be applied to their respective groups.

The "PATCH /directory/users/{userId}" API endpoint should be modified to include the ability to modify the user's associated logins as well as an endpoint to view available logins.

Recently I had some outgoing emails incorrectly identified as spam and they were deleted. It would be a much better option if outgoing emails were quarantined with the option of releasing rather than just deleting them. It was a significant amount of work for me to track down the users and have them resend the the emails. Also a notification that outgoing emails have been deleted to administrators would be a great addition. We had no idea these were deleted until we manually reviewed the logs.