Low quality support. Basically my support ticket was closed without any serious investigation.
Low quality service. Most of the domains used are blocked by SafeBrowsing/SmartScreen -> are useless for training purposes.

Managed Threat Response Preferences. I am not able to select an option under primary, or secondary so i am not able to enter an email or save the form.

Currently: Live Response (Beta) requires MFA for use.

SSO MFA is not accounted for, which requires a logout of federated logon and login with Sophos managed admin to use feature.

Requesting Live Response work for federated logins that have MFA.

We use the VIP impersonation quite a lot, however the problem is that our users display names are in the format "Surname, Firstname", which means that it doesnt catch our users by default. We have to manually create another user in Sophos, and assign both users. It would be great if the VIP impersonation tool could identify the users firstname and surname no matter which way around it is. The whaling emails usually come through firstname + surname.

Almost everybody configure its email with SPF, DKIM and DMARC, and almost everybody sets the report addresses on DMARC to valid email addresses. But a lack of tools to analyze these reports make this a waste of resources. Maybe a tool to analyze this reports on Central could turn this configuration on a really useful resource. An alerting system for RUF could be an extra for not delivered emails.

You should have Microsoft Authenticator ! Yes this is a Microsoft App for phones

It's possible to create a new user in Sophos via the Common API: https://developer.sophos.com/docs/common-v1/1/routes/directory/users/post.

However, it does not appear possible to send that newly created user the Email Setup Link via the API.

When we White list some external device at sophos central admin Peripheral Control its showing only device instance ID. if it is possible to TAG those white listed devices Instance ID with user names, then it would be better for central ADMIN to locate device for next time search device details.

Support process is terrible. Its impossible to get support. I called the support number and waited on hold for 15 minutes to then have someone hang up on me. I called back and waited on hold for 52 minutes with no answer. I tried the chat option while on hold and after about 20 minutes the chat told me that no technicians were available and to try back later. I tried chat again later and got the message.

Often times when you are entering data in Sophos Central and a frame pops up, like when you are editing or creating a policy, if you accidentally select outside of the frame the whole page closes and cancels everything you did.

I have lose all my entered data when entering a large number of devices or uses to a policy only to have it close when I accidentally moved my mouse or mis-clicked outside the frame and had to start all over again.

Get some support staff who actually do their jobs

DLP features are lacking protection CLIPBOARD channel. This is important to prevent user copy paste sensitive data

I Keep being asked by support to collect Wireshark captures / proc mon logs etc, for issues that have occurred in the past, keep occurring occasionally but can not be replicated at will, The only way I can see this occurring is with the use of a time machine so I can go back in time to when the event occurred

I have been attempting to troubleshoot issues with clients access via the message relay, but the message relay (apache server) logs only seem to last a few hours making it difficult to troubleshoot issues that occurred a more prior to the logs rolling

We need that ALL incoming emails been checked for spf even when the email comes from my custom "allowed" email address.

Can you implement authentication with email instead of SMS or Google Authenticator since my company does not have cell phones.