Skip to content

Filter users and groups

Follow these instructions to filter the users and groups you synchronize from Microsoft Entra ID.

You can filter the users and groups you synchronize from Microsoft Entra ID. For example, you can synchronize all users and groups or synchronize updated users or groups.

You must be an Admin to set up or change filters.

If you have existing users and groups in Sophos Central and are synchronizing with Microsoft Entra ID for the first time, we recommend selecting all users and groups. This gives the largest set of users and groups for the synchronization service to match.

If you have a complex hierarchy of groups and users in Microsoft Entra ID and are synchronizing with Microsoft Entra ID for the first time, we recommend filtering your users and groups first. This allows you to synchronize specific users and groups. You can use either Add users by group filter or Add users by user filter.

Note

You can't preview the changes that synchronizing with Microsoft Entra ID will make in Sophos Central.

You can only use a maximum of 10 binary conditions when filtering users and groups. A binary condition is a filter such as name = 'John' or groupType = 'Security'. If you're using nested logical conditions (AND, OR), you can have a maximum of 3 levels of nesting. When you reach these limits, you can't add any additional filters.

The users and groups you find using the filters are added to Sophos Central. The filter you choose changes the users and groups in Sophos Central. You can remove users and groups and add them depending on your selected filter criteria.

If you synchronize your users and groups using one filter and then change to another filter, this changes the users and groups in Sophos Central to match the users and groups found by your new filter.

Changing filters has no effect on users and groups that you're managing manually in Sophos Central.

All users and groups

Use this option to add all your users and groups to Sophos Central.

To add all your users and groups, do as follows:

  1. Go to My Products > General Settings and click Directory service.
  2. Click Microsoft Entra ID sync.
  3. In Select users and groups to include in the synchronization, click All users and groups.
  4. Click Turn on.
  5. Click Synchronize.
  6. Review your changes in People.

Filter by Group Object ID

You can use this option to add specific groups (and their associated users) to Sophos Central. It adds all the users from the groups you select.

Warning

If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add your groups and their users, do as follows:

  1. Go to My Products > General Settings and click Directory service.
  2. Click Microsoft Entra ID sync.
  3. In Select users and groups to include in the synchronization, click Group Object ID.
  4. For each group you want to add, do as follows:

    1. In Microsoft Azure, select the group and copy its Object ID.
    2. Go to Sophos Central, paste the Object ID in Group Object ID and click Add group. The Group Object ID is added to the Group ID list.
  5. Review the groups you have added.

    You can remove any groups you don't want to synchronize from the list, but you need to know the ID of the group you want to remove.

  6. When you have set up your filter, click Turn on.

  7. Click Synchronize.
  8. Review your changes in People.

Add users by group filter

You can use this option to choose the users you add to Sophos Central in several ways. It adds all the users from the groups that match the filter criteria you select.

You can build complex filters by combining conditions and groups. For example, you can find all users last synchronized with Sophos Central on a specific date and have a display name starting with a specific character.

Warning

If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add users, do as follows:

  1. Go to My Products > General Settings and click Directory service.
  2. Click Microsoft Entra ID sync.
  3. Under Select users and groups to include in the sync, click Add users by group filter.
  4. Choose whether you want to filter by any or all users that meet the conditions and groups you select.
  5. Select the condition you want to act as your primary filter.

    For example, Last directory sync time.

  6. Choose the matching operator for your condition.

    The available operators depend on the condition you have chosen.

    For example if you selected Last directory sync time, you can choose from is, greater or equal or less or equal as the operator.

  7. Enter the data you want to match.

    This depends on how you want to filter your users.

    For example, you may want to find all users that haven't been synchronized with Sophos Central for three months. To do this, you set up a filter condition that uses the following criteria:

    • all
    • Last directory sync time
    • is
    • Sep 30, 2020

    This finds all users that were last synchronized with Sophos Central on September 30, 2020.

  8. You can add further conditions and groups to your filter to make the users you're adding more specific. To do this, click Add condition or Add group and set up your criteria.

    Adding a group selects a sub-set of users from those groups you've already matched with your initial condition. Adding more conditions refines the match.

    For example, you could add additional conditions so that your filter finds all the users that haven't been synchronized for three months, used a proxy address, and have a display name starting with “Admin”.

  9. When you have set up your filter, click Turn on.

  10. Click Synchronize.
  11. Review your changes in People.

Add users by user filter

You can use this option to choose the users you add to Sophos Central in several ways. It adds all the users that match the filter criteria you select.

You can build complex filters by combining conditions and groups. For example, you can find all users from a specific country and add them to Sophos Central.

Warning

If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add users, do as follows:

  1. Go to My Products > General Settings and click Directory service.
  2. Click Microsoft Entra ID sync.
  3. Under Select users and groups to include in the sync, click Add users by user filter.
  4. Choose whether you want to filter by any or all users that meet your conditions.
  5. Select the condition you want to act as your primary filter.

    For example, Country.

  6. Choose the matching operator for your condition.

    The available operators depend on the condition you chose.

    For example, if you selected Country, you can choose either is or starts with as the operator.

  7. Enter the data you want to match.

    This depends on how you want to filter your users.

    For example, you may want to add all users from Germany. To do this, you set up a filter condition that uses the following criteria:

    • all
    • Country
    • is
    • Germany

    This finds all users with their country set as Germany.

  8. You can add further conditions and groups to your filter to make the users you're adding more specific. To do this, click Add condition or Add group and set up your criteria.

    Adding a group selects a sub-set of users from those you've already matched with your initial condition. Adding more conditions refines the match.

    For example you could add a condition so that your filter finds all the users from Germany that have a display name starting with “Admin”.

  9. When you have set up your filter, click Turn on.

  10. Click Synchronize..
  11. Review your changes in People.