What's new in Sophos Central

We regularly update Sophos Central with improvements or new features. You can see the details here.

Latest features

Threat Indicators now live

If you have Sophos EDR, you can now see the Threat Indicators list. This shows you the most suspicious items on your network so you can focus your efforts on them. Read more

End of support for Sophos for Virtual Environments 1.2

Still running version 1.2.0 on your Security VMs? Restart them to upgrade as we'll stop supporting 1.2.0 in January. Read more

Sophos Wireless – New hotspot features

We've introduced new features to improve the hotspot experience for you and your users. You can customize the look of the captive portal with your logo and brand colors and also select social login as the authentication type (Facebook, Google). Read more

Sophos Central Enterprise APIs

The new Sophos Central APIs are now available for all Sophos Central Enterprise customers. With these APIs, you can query tenants, enumerate and manage endpoints and servers, and query alerts and manage them programmatically. Read more

Intercept X Enhanced Protection EAP update

The Early Access Program (EAP) has been updated to include protection against Encrypting File System attacks, CTF exploits, and ApiSet Stub malicious DLLs, and further defenses against memory-based attacks. Read more

Sophos Cloud Optix now live in Sophos Central

The latest release for Sophos Cloud Optix integrates the service with Sophos Central. This enables you to manage Cloud Optix alongside a range of complementary public cloud solutions including Sophos Intercept X for Server and Sophos XG Firewall in a single management console. Read more

Forensic Snapshots now uploadable to S3 Buckets

You can now automatically upload snapshots to an Amazon S3 bucket that you own. This avoids you having to manually retrieve forensic snapshots from individual endpoints. Read more

November 11, 2019

Sophos XG Firewall management and reporting

We've just launched early access for new features for XG Firewall v18. Now you can run v18 firewall reports, group your v18 firewalls, and manage them all at once, right in Sophos Central.Read more

October 22, 2019

Intercept X Enhanced Protection EAP is now live

Join the Early Access Program for "New Endpoint Protection Features" and benefit from AMSI and IPS protection that gives even more defense against script and memory-based attacks and malicious traffic patterns. Read more

Cloud Optix feature update

Provide teams with a single view of security posture across multiple public cloud environments, with a range of exciting enhancements to the Cloud Optix service for AWS, Azure, GCP, and Infrastructure as Code environments. Read more

September 30, 2019

Email data loss prevention

Data loss prevention for Sophos Email is now live and included with the Sophos Email Advanced license. Read more

Sophos Email: Try impersonation protection

Protect your organization from targeted phishing attacks that rely on identity deception. Join our early access program to see how. Read more

September 9, 2019

Device Encryption 2.0

Now you can make users change their BitLocker passcode. And users can protect files with a password before sharing, either on demand or with the Outlook add-in. Read more

macOS Catalina: urgent action needed

Tighter security in macOS Catalina (10.15) means you must take action for Sophos protection to keep working. Read more

August 19, 2019

Sophos Email: Data Loss Prevention EAP is live

Now protect sensitive information, with discovery of financials, confidential contents, health information, and PII in all emails and attachments. Read more

Sophos Central Partner gets custom roles

We’ve added custom admin roles in Sophos Central Partner. This lets you create roles that can only access specific products and can’t edit or apply policies.

July 29, 2019

Sophos Central Enterprise gets custom roles

We’ve added custom admin roles in Sophos Central Enterprise. This lets you create roles that can only access specific products and can’t edit or apply policies.

Sophos Central Email

Now you can enforce TLS secure communications by domain, for both inbound and outbound mail.

July 18, 2019

Threat Indicators beta

Customers with EDR enabled endpoints and servers are getting an early preview of our new Threat Indicators feature. Threat Indicators uses machine learning to show you a prioritized list of the most suspicious activity. Now you know what to look for, so you can focus on the most important investigations. Read more

June 24, 2019

Unified Endpoint Management UI improvements

Instantly see the health of your UEM-managed endpoints on the main Sophos Central dashboard. Easier workflow for managing traditional and mobile endpoints in the Devices view, with the most common actions just a few clicks away.

Sophos Email: quarantine un-scanned emails

This new feature allows you to quarantine emails if we can't scan them or access the contents (for example, when we find an encrypted zip file, a corrupt file, unexpected content, or a large compressed attachment).

Sophos Email: customize smart banners

You can now customize the text that appears in smart banners.

Sophos Cloud Optix updates

We’ve given network visualizations for AWS a new look and the ability to show Sophos UTMs. We’ve also added more Azure security and compliance features, visualizations for GCP, an option to change how often environments are scanned, and more. Read more

June 17, 2019

Improved installer for macOS

The Sophos Endpoint Protection installer for macOS now includes several command-line options to allow customized installations. Read more

May 29, 2019

Intercept X for Server with EDR - now available

Intercept X for Server with EDR includes our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more

May 7, 2019

Intercept X Advanced with EDR 1.1 is here!

Intercept X Advanced with EDR now captures all PowerShell activity so that it can be reviewed and analyzed. Read more

Enhanced email alerts

We've introduced new global settings that let you control and customize email alerts in Sophos Central Enterprise, Partner and Admin. You can now configure the recipients, distribution lists, and frequency of alerts, or set custom rules. Read more

April 16, 2019

Sophos Email Encryption

Sophos Email Encryption is now generally available. Sophos Email Advanced customers can send encrypted email on demand (using an Outlook add-in or subject tagging), via DLP rules, and domain to domain. Read more

Sophos Email Smart Banners

Sophos Email Advanced customers can now enable information banners on emails from outside the organization. These help recipients identify the risk from each email and let them add senders to their allow and block lists with one click. Read more

April 9, 2019

Sophos Cloud Optix - now available

Achieve compliance and manage security risks, with complete visibility across your Amazon Web Services, Microsoft Azure, and Google Cloud environments. Read more

March 25, 2019

Intercept X for Server EDR Early Access Program

Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more

Sophos Email Content Control – Now Live

Content Control for Sophos Email Advanced now makes it easy to quickly build content filtering policies across an organization, preventing outbound email data loss and inbound malware threats. Read more

March 4, 2019

XG Firewall management

You can now manage Sophos XG Firewall from Sophos Central. It’s time to Synchronize Your Security! Read more

February 20, 2019

Intercept X for Server EDR Early Access Program now open

Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more

Threat Analysis Center

The all-new Threat Analysis Center for EDR consolidates Threat Cases and Threat Searches, across all supported device types, into a single area. Find it in the Overview. Read more

Sophos Central Enterprise gets global policies

Now you can apply the same global settings and base policies to a set of sub-estates or all sub-estates. Just create and use a global template.

February 11, 2019

Sign in with Azure AD

Sophos Central admins, Sophos Central Enterprise admins, and Self Service Portal users can now sign in using credentials stored in Microsoft Azure AD. Read more

Sophos Central Enterprise: Select a region for sub-estates

Sophos Central Enterprise Super Admins can select a region when they create a new sub-estate. The region is now shown in the sub-estate Contact Info.

Phish Threat: Upgrade now

Award-winning training content, Outlook add-in to report phish, 10 languages, Synchronized Security benefits and more. Upgrade to the latest Phish Threat version for free. Read more

Sophos Email Encryption EAP now live

Join the Sophos Email Advanced Encryption Early Access Program today at no extra cost. Read more

January 21, 2019

Sophos Central Partner gets audit logs

Partner administrators can access audit logs to track changes across Sophos Central Partner. They also get access to audit logs in Sophos Central Admin they have permission to view.

Phish Threat now available in Dutch

IT teams can now carry out phishing simulation and a variety of cybersecurity awareness courses in Dutch. Read more

December 10, 2018

Sophos Email: Compromised mailbox detection

Synchronized Security now connects Sophos Email and Endpoint Protection to detect and clean up infected computers sending out spam and viruses. Read more

Join the Email Content Control EAP

Stop or quarantine content based on keywords and attachment types in this Sophos Email Advanced early access program. Read more

Phish Threat: Randomized attacks

Now you can send multiple emails in random order during simulated attacks. This makes training more effective and shows you more about user behavior. Read more

Enhanced AWS integration

Alerts are now integrated into AWS Security Hub, so you can consolidate alerts across AWS. And our S3 bucket health reporting highlights critical misconfiguration. Read more

Sophos Central Partner gets global policies

Manage global settings and base policies for customers. Create templates that consist of these settings and apply them to customer groups.

Sophos Central Partner gets RBAC

We’ve added role-based access control (RBAC) for Central Partner. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.

November 19, 2018

Intercept X Advanced with EDR is here!

The best just got better: our all-new, intelligent Endpoint Detection and Response (EDR) features give you the insights and expertise you need to respond to potential threats. Add EDR today to report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more

Synchronized Security: Email Advanced and Phish Threat

Sophos Email Advanced and Phish Threat now work together to find and train users who click on risky links in email. Read more

November 1, 2018

EDR Early Access: Submit files to win prizes!

Analyze for a prize! Submit your suspicious files to SophosLabs for your chance to win a prize.Read more

Alert Details View

We’ve added a new Alert Details View to the Alerts page in Sophos Central Admin. View additional details, including links to EDR Threat Cases, directly from your alerts.

October 29, 2018

File Integrity Monitoring for Windows servers

We've added a new File Integrity Monitoring feature for Windows Servers. Track for unplanned and unexpected changes to critical system files and meet certain compliance requirements of the PCI Data Security Standard. Read more

Message Relays now work with macOS

Already using message relays for your Windows computers? If you have any macOS devices, they'll now automatically use your current message relays and any you set up in future.

Phish Threat Outlook add-in now available

Report suspected phishing and spam messages with one click right from Outlook. The Phish Threat Outlook add-in turns your employees into an active line of defense against cyberattacks. Read more

Enhanced Root Cause Analysis (now Threat Cases)

We’ve been hard at work overhauling Root Cause Analysis (RCA) and implementing additional features to make it easier for admins to conduct deeper investigations. Read more

Sophos Wireless

Sophos Wireless now includes debugging, audit and accounting features which help you to diagnose WLAN issues on the network and address them. This release also improves the wireless client scalability on the APX series and brings many other UI improvements. Read more

Sophos Central Enterprise updates

Enterprise Super Administrators can now disable enterprise management for individually-licensed accounts, unlink sub-estates to operate as standalone Sophos Central Admin accounts, or delete sub-estates entirely.

October 8, 2018

Deep Learning malware analysis is now part of the EDR EAP

This feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other files so you can determine if a file should be blocked or allowed. Read more

Are your endpoints and servers fully protected?

Check your Endpoint and Server Threat Protection policies to ensure that you're protected against advanced malware and ransomware. Sophos continually adds new features, but not all are turned on automatically.

October 2, 2018

Windows 10 Redstone 5 and Windows Server 2019 support

The Intercept X agent now supports the latest Windows 10 Redstone 5 and Windows Server 2019 update. If you have paused updates, you will need to start them again to receive the updated agent. If you don't have Intercept X, you don't have to take any action as no changes are needed. Read more

September 18, 2018

Intercept X EDR early access program now open

The best just got better. Intercept X is adding detection, investigation, and response capabilities. The early access program is now open to the public.

Windows Server Protection for Microsoft Azure

Protecting Windows Servers running in Azure just got even easier: use a VM extension script. Read more

Sophos Email reporting and policy enhancements

New detailed message summaries, policy enhancements and mailbox search added to Sophos Email. Read more

30 training courses added to Phish Threat 2

Take advantage of 30 new award-winning Phish Threat training courses today. Plus new ways to find the latest email templates fast.

August 28, 2018

New in Sophos Mobile 8.5

Enhanced Unified Endpoint Management (UEM) capabilities with macOS app management, macOS DEP support, Android Zero Touch, Knox Mobile Enrollment, usability improvements and much more. New managed Mobile Threat Defense capabilities for both Android and iOS, including device, app, and network security features. Read more

Central Enterprise Audit Logs

Enterprise administrators can access audit logs to track changes across Sophos Enterprise Admin. They can also get access to audit logs in Sophos Central Admin that they have permissions to.

Central Admin exports lists of Computers, Servers and People

Sophos Central Admin now has the ability to export to CSV the lists of Computers, Servers and People on the Overview pages.

August 7, 2018

Improvements for People pages with many users

We've updated the People pages in the Overview and Products sections. On the Users tab, all columns are now sortable, all the data shown is searchable, and we've added new columns for Last Active and Group Name.

July 24, 2018

Intercept X Advanced for Server - now available

We've now completed the global roll-out of Intercept X Advanced for Server. New deep learning, exploit prevention, anti-hacker and Root Cause Analysis capabilities can now be enabled in your Server Protection policies. For details on enabling the new features: Read more

July 17, 2018

Intercept X Advanced for Server

Server Protection Advanced is now called Intercept X Advanced for Server and includes powerful deep learning, exploit prevention, anti-hacker features and Root Cause Analysis. We're rolling out the new features over the next few weeks. Read more

Server Protection Standard - New features, new name

Server Protection Standard is now called Server Protection and includes Peripheral, Application and Web Control, along with DLP, Malicious Traffic Detection and Synchronized Security Heartbeat. New features now available at no extra cost, but you need to turn them on. Read more

Root Cause Analysis for servers

Now part of Intercept X Advanced for Server, Root Cause Analysis helps you to investigate the chain of events around a malware infection. Data may be sent to Sophos to help us to improve your protection, but you can opt out in Account Details > Account Preferences. Read more

Sophos Wireless

Sophos Wireless now includes support for our next-generation APX Series access points. The three new APX models provide the first Synchronized Security functionality between Wireless, Endpoint and Mobile. With 802.11ac Wave 2 technology, they are custom-built for overall enhanced performance. This release also includes enhancements to Rogue AP detection, bulk provisioning and many other UI improvements. Read more

July 3, 2018

Phish Threat 2 - attachments campaigns

SophosLabs sees malware on up to 77 percent of blocked mail. Train employees to spot these attacks with new malicious attachment simulations.

June 19, 2018

Sophos Email Advanced

Introducing Sophos Email Advanced and new features for Email Standard. Sandboxing, advanced URL protection, DKIM, DMARC, and more. Read more

Central Enterprise gets RBAC

We’ve added role-based access control (RBAC) for Sophos Central Enterprise. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.

June 11, 2018

New alerts options

Soon you'll see new options for handling alerts. You'll be able to view and resolve alerts in groups, use new filters, and control who gets email alerts and how often they get them.

Monitor and manage Windows Firewall

Sophos Central now monitors Windows Firewall on most Windows desktops and servers. It can also control whether it’s active for public, private or domain connections.

Server Protection – Intercept X Early Access Program (Beta) update

We've added a new exploit mitigation that detects abuse of Application Procedure Calls, used recently as the method of spreading the WannaCry worm. Read more

HTTPS updating

You can now enable HTTPS updating for all endpoints (Windows, macOS and Linux) with a single, global setting for your account.

May 14, 2018

Server Protection - Intercept X

Want better protection for Windows servers? Try our Early Access Program (EAP), which adds Intercept X features including Deep Learning, Root Cause Analysis, Master Boot Record protection, exploit prevention and anti-hacker options. Read more

Early Access Program data sharing

The Server Protection - Intercept X EAP may send data to Sophos from May 10, 2018. This helps us improve your protection, but you can opt out in Account Details > Account Preferences if you want to.

New Device Encryption features

Device Encryption now supports unattended activation when “Require startup authentication” is set to off. Get started faster with the on-boarding wizard, and use the updated Encryption dashboard for a more detailed overview.

Using Synchronized Security?

We'd love to get your feedback. Take a short survey to tell us about your experiences. Read more

MFA - Sign in with SMS

You can now sign in to Sophos Central Admin or Sophos Central Enterprise with an SMS text message as a second factor - or you can still use Sophos/Google Authenticator.

Phish Threat 2 - new features

The most trialed Sophos Central product for two months – now featuring security training campaigns, more customization options, and improved campaign scheduling. Read more

April 24, 2018

AWS map in Server Protection

We've added a map view for AWS workloads. We also now discover workloads in every public AWS region, even ones you're not actively using, as attackers can use them to hide. So you can reduce risk by ensuring all your instances are protected, see your whole AWS EC2 environment in a single view, and still easily drill down to details.

March 26, 2018

Sophos Wireless

Sophos Wireless now makes your life much easier: the latest version has better throughput under load, lets you search clients, and has simple support for VLAN for Hotspot. Read more

Sophos Mobile 8

The new version of Sophos Mobile is here. We’ve added macOS management and configuration, app management on Windows 10, extended management for Android and iOS, and much more. Read more

March 6, 2018

Remote Desktop support

We've added Remote Desktop Services support, including tracking of license usage, to Server Protection. Read more

More Server Protection updates

You can now use Server Lockdown on Windows Server 2016, and have Linux servers and Macs updated from an update cache on your network.

Tamper protection passwords

You can now get the password you need to uninstall Sophos software, even if you've deleted the computer from Sophos Central. Read more

February 21, 2018

New threat protection

We've added options to the threat protection policy so that you can turn our new active adversary features on or off. These features prevent credential theft, APC violations, privilege escalation, code caves, and more. This is in addition to the deep learning options already announced. Read more

Sophos for Virtual Environments

Sophos for Virtual Environments 1.2 lets guest VMs move between Security VMs to stay protected even if they can’t connect to their current Security VM.Read more

SAV for vShield retirement

We'll retire Sophos Anti-Virus for vShield on March 31st, 2018. To stay protected, migrate to Sophos for Virtual Environments before then -- it uses the same licenses, so there's no extra cost. Read more

February 12, 2018

Use automatic installation? Read this

Next time you download the Sophos Endpoint installer for Windows, you must change your settings. But you'll never need to download it again -- our new installer doesn't expire. Read more

New macOS installer

We’ve released a new Sophos Endpoint installer for macOS. If you have old installers, they'll stop working in mid-February -- delete them and download the new one. Read more

OS X 10.9 support

Macs running OS X 10.9 will stop getting Sophos updates when we release Sophos Anti-Virus for macOS 9.7.4. We ended support for OS X 10.9 last April.Read more

Installation from a cache

You can now do initial installation of Sophos Endpoint on Windows from an update cache on your network, saving you internet bandwidth. Read more

January 23, 2018

Major Intercept X release

The latest version of Intercept X is here. The new version includes deep learning, an advanced form of machine learning, to detect malware and potentially unwanted applications. It also includes new credential theft, privilege escalation and code cave protection, and much more. The new features will be enabled by default over the next several weeks unless you have turned them on/off already in the threat protection policy. Read more

Multi-factor authentication

Multi-factor authentication (MFA) is here. For Sophos Central Admin, super admins decide whether admins must log in with MFA. For Enterprise Dashboard, admins must always use MFA. Read more

New Phish Threat email templates

New phishing templates for TalkTalk Group, Google, Santander Bank, and more are now available in Phish Threat. Browse templates