Q: Can you add an existing customer to the Central partner dashboard portal?
A: Accounts are automatically associated to the partner on the (most recent) purchase applied to the account. This applies already to accounts set up and licensed before first use of the partner dashboard; the association will already be set up.
Q: Is Microsoft Authenticator also supported?
A: Yes you can use federated sign-in to use your Microsoft credentials, please see this knowledge base article on how to set this up: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ep_federatedsignin.html
Q: Are reports going to be improved in Sophos Central, like the XG firewall style reports?
A: Yes, particularly the details available on computers and servers, such as the option to include the version of the software currently running, tamper protection enabled/disabled and similar.
Q: Can you install endpoint without Intercept X?
A: Yes, and this is the default if you only have an Endpoint Protection license. If you have a broader license, for example Intercept X Advanced, you can choose to only install the Endpoint Protection component without Intercept X from the command line. If you install both, e.g. during an initial trial, then once only Endpoint Protection is licensed the Intercept X component will be automatically removed. See https://community.sophos.com/kb/en-us/127045 for the command line options.
Q: Can you store the logs for longer than 90 days?
A: You can view events in the Sophos Central console for the last 7 days, 30 days or 90 days or you have the option to select Custom which will allow you to select your own date range and allow you to go further back than 90 days. The other option is you can export any of the event logs for archiving and future reference.
Q: Is Sophos Central able to manage Linux workstations and servers?
A: Yes, Sophos Central can manage Linux Servers (and Linux desktops will be treated as servers), please see this datasheet for further reference and supported platforms. https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/central-server-for-linux.pdf
Q: Is there a plan to add other locations for Sophos central data storage?
A: No plans to add additional data storage locations at this time.
Q: What is the best way to assign the threat protection policy, by user or by device?
A: Keep it simple: try to have a best practice base policy (broadly speaking turn everything on). You avoid needing to figure out whether user or computer is better for your organization. Only one policy to update if needed. No complexity in working out what policy is in effect. Only use the additional policies if really needed. Please see this knowledge base article for further information on applying Central Endpoint policies: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ep_aboutpolicies.html
Q: You said that Sophos uses AI to protect against malware. How does this it works?
A: The artificial intelligence is via the technology embedded in Intercept X to detect and prevent unknown malware and sophisticated attack with its patented deep learning neural-network algorithms. Which has consistently ranked as among the best-performing machine learning, signature-less next-generation endpoint technologies in third-party testing. For further information exactly how it works please see here: https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-deep-learning-dsna.pdf
Q: You mentioned integration to SIEM. Ccan we use the API to pull info into our own platform. We asked a few months ago and were told no, has this this changed?.
A: The events and alert api has allowed that data to be pulled into a SIEM for some time. See KB: https://community.sophos.com/kb/en-us/125398 . coming soon we will have a new set of APIs allowing broader integration, you can read documentation on the upcoming APIs here: https://developer.sophos.com/
Q: Where can we check if there has been an event regarding the availability of SC? Is there a way to push setting
if not available?
A: You can check the Sophos Central service status here: https://centralstatus.sophos.com/#!/
In the unlikely event that there is disruption to the Sophos Central service then your endpoints would stay protected
Q: How do I find the latest signatures are up to date?
A: Central shows if clients are up to date and the software versions. Future reporting improvements will make it easier to see “supplement” updates, like IDEs, which are not versioned.
Q: What's the website we can use to check the current Sophos Central services status?
A: You can check the Sophos Central status here: https://centralstatus.sophos.com/#!/
Q: What size defines enterprise?
A: The use of Enterprise Dashboard is not fixed to a particular size customer, it is more about the complexity of the environment and whether they have a distributed network. We support up to 5,000 devices per central account. Please contact Sophos if you need to go above this. Even below 5,000, you can choose to split into sub estates, but please be aware there are functionality tradeoffs. Generally, it is better to use a single account unless you really need to split up.
Q: Is it the partner’s decision when to use Enterprise Dashboard? i. e. If we want to enable the enterprise dashboard, we have that ability, but it’s not mandated at any point?
A: No use of the Enterprise Dashboard is not mandated, it is available to ease management across large distributed organizations. The Enterprise Dashboard simply gives you an administrative view over several sub-estates from one easy-to-use dashboard.
Q: Is it possible to deploy endpoint protection as push through the network with Sophos Central?
A: Yes, you have multiple deployment options from Sophos Central including a scripted install via third party tools such as Microsoft SCCM, or Active Directory. This is discussed in more depth in session C03 in Central Endpoint Foundation session. Or you can see this knowledge base article for more information: https://community.sophos.com/kb/en-us/119265
There is no “push” install in the way there as with SEC. This is very old functionality that predates significant Windows security improvements (starting many years ago) that block such methods, such as when windows XP gained a default-on firewall in service pack 2. The advice above befits modern security standards for client OSes.
Q: Can you talk about DLP for Endpoints?
A: Sorry we did not get a chance to cover this in this session, but it will be discussed in more depth in session C03 in Central Endpoint Foundation session.
Q: Is there sync for non-AD directories such as standard LDAP / eDirectory?
A: The AD sync utility uses LDAP to connect to AD. Provided the schema is compatible, you should be able to connect to other LDAP sources as well.
Q: How long are reports kept for? I saw 7 days in the console, but what if i wanted access to historical reports for 3 months or longer, how can I manage this?
A: You can have the reports emailed to you and then you can archive them for future reference.
Q: Does Sophos offer deployment services for upgrading from on-premise (Sophos Enterprise Console) to cloud Central management for Endpoints?
A: Yes, Sophos offers Professional Services to help with migration. Please see our website for further information: https://www.sophos.com/en-us/support/professional-services.aspx
Q: Will Any other active directory server be supported in the future apart from Microsoft's?
A: AD sync currently uses LDAP to connect to the directory it has been given, so isn’t AD specific, though that is what we test with. We are also planning to add improved Azure AD support such that it is suitable for use with endpoint management (rather than only for email as it is today).
Q: What is the opt-in / out approach for customers who decline partner dashboard access to their Sophos deployment / admin?
A: Default on customer created accounts: access disabled. Default on partner created accounts: default access enabled. It can be changed in the account at any time: https://central.sophos.com/manage/account/administration/support
Q: Are there any plans to have automated reporting? To email reports to customers?
A: Already present. Can be set up from reports. See https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/AvailableReports.html