Tamper Protection Report
Currently the only way to tell if Tamper Protection has been disabled for a device is Sophos Central is to view the Summary page of each device. My suggestion is to add a column to the existing "Servers" and "Computers" reports (under Logs & Reports -> Endpoint & Server Protection) that indicates whether or not Tamper Protection is enabled.
Marek Adamczyk commented
as techs at times forget to reenable it back and have to trace their tickets to find machines which they worked on to enable it back.
We really need this feature please, whether in drop down or a new column would be so MUCH more enterprise friendly than nothing. I tried the suggested Event report, but it was not accurate compared to current state. I had to run the Audit Logs -> Export which only told me that Tamper was changed and not whether enabled or disabled, so still had to touch a bunch of servers we had been troubleshooting.
A simple drop down option where Show all computers is default would work out the best you have show all Bad and all medium and bad so another option to show all with tamper protection off. Often we have to shut off to do maintenance and sometime we forget to turn back on
And buttons to override every occurrence of disabled tamper protection, on endpoints, servers, and/or both.
You can tell if Tamper Protection has been turned off or on by looking at the Events Report and refining the report to show Policy non-compliance.