Filter users and groups

Follow these instructions to filter the users and groups you synchronize from Azure AD.

You can filter the users and groups you synchronize from Azure AD. For example, you can synchronize all users and groups or synchronize updated users or groups.

Restriction You must be an Admin to set up or change filters.

If you have existing users and groups in Sophos Central and are synchronizing with Azure AD for the first time, we recommend that you select all users and groups. This gives the largest set of users and groups for the sync service to match.

If you have a complex hierarchy of groups and users in Azure AD and are synchronizing with Azure AD for the first time, we recommend that you filter your users and groups first. This allows you to synchronize specific users and groups. You can use either Add users by group filter or Add users by user filter to do this.

Note You can't preview the changes that synchronizing with Azure AD will make in Sophos Central.

The users and groups you find using the filters are added to Sophos Central. The filter you choose changes the users and groups in Sophos Central. You can remove users and groups as well as adding them depending on your selected filter criteria.

If you synchronize your users and groups using one filter and then change to using another filter, this changes the users and groups in Sophos Central to match the users and groups found by your new filter.

Changing filters has no effect on users and groups that you're managing manually in Sophos Central.

All users and groups

Use this option to add all your users and groups to Sophos Central.

To add all your users and groups, do as follows:

  1. Go to Overview > Global Settings > Directory service > Azure AD sync.
  2. Under Step C: Select users and groups to include in the sync, click .All users and groups
  3. Click Save and Sync.
  4. Review your changes in Settings > People.

Filter by Group Object ID

You can use this option to add specific groups (and their associated users) to Sophos Central. It adds all the users from the groups you select.

Warning If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add your groups and their users, do as follows:

  1. In Sophos Central, click Settings > Directory service > Azure AD sync.
  2. Under Step C: Select users and groups to include in the sync, click Group Object ID.
  3. For each group you want to add, do as follows:
    1. In Microsoft Azure select the group and copy its Object ID.
    2. Go toSophos Central and paste the Object ID in Group Object ID and click Add group.
      The Group Object ID is added to the Group ID list.
  4. Review the groups you have added.

    You can remove any groups you don't want to synchronize from the list but you need to know the ID of the group you want to remove.

  5. Click Save and Sync.
  6. Review your changes in Settings > People.

Add users by group filter

You can use this option to choose the users you add to Sophos Central in several ways. It adds all the users from the groups that match the filter criteria you select.

You can build complex filters by combining conditions and groups. For example, you can find all users that were last synchronized with Sophos Central on a specific date and have a display name starting with a specific character.

Warning If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add users, do as follows:

  1. Click Settings > Directory service > Azure AD sync.
  2. Under Step C: Select users and groups to include in the sync, click Add users by group filter.
  3. Choose whether you want to filter by any or all users that meet the conditions and groups you select.
  4. Select the condition you want to act as your primary filter.

    For example Last directory sync time.

  5. Choose the matching operator for your condition.

    The available operators depend on the condition you have chosen.

    For example if you selected Last directory sync time you can choose from is, greater or equal or less or equal as the operator.

  6. Enter the data you want to match.

    This depends on how you want to filter your users.

    For example you may want to find all users that haven't been synchronized with Sophos Central for three months. To do this you set up a filter condition that uses the following criteria:

    • all
    • Last directory sync time
    • is
    • Sep 30, 2020

    This finds all users that were last synchronized with Sophos Central on September 30, 2020.

  7. You can add further conditions and groups to your filter to make the users you're adding more specific. To do this, click Add condition or Add group and set up your criteria.

    Adding a group selects a sub-set of users from those groups you've already matched with your initial condition. Adding more conditions refines the match.

    For example you could add additional conditions so that your filter finds all the users that haven't been synchronized for three months, used a proxy address and have a display name starting with Admin.

  8. When you have set up your filter click Save and Sync.
  9. Review your changes in Settings > People.

Add users by user filter

You can use this option to choose the users you add to Sophos Central in several ways. It adds all the users that match the filter criteria you select.

You can build complex filters by combining conditions and groups. For example, you can find all users that come from a specific country and add them to Sophos Central.

Warning If you use this option, you lose any filtering options you have previously set up. This changes the users and groups in Sophos Central.

To add users, do as follows:

  1. Click Settings > Directory service > Azure AD sync.
  2. Under Step C: Select users and groups to include in the sync, click Add users by user filter.
  3. Choose whether you want to filter by any or all users that meet your conditions.
  4. Select the condition you want to act as your primary filter.

    For example Country.

  5. Choose the matching operator for your condition.

    The available operators depend on the condition you chose.

    For example, if you selected Country you can choose either is or starts with as the operator.

  6. Enter the data you want to match.

    This depends on how you want to filter your users.

    For example, you may want to add all users from Germany. To do this you set up a filter condition that uses the following criteria:

    • all
    • Country
    • is
    • Germany

    This finds all users with their country set as Germany.

  7. You can add further conditions and groups to your filter if you want to make the users you're adding more specific. To do this, click Add condition or Add group and set up your criteria.

    Adding a group selects a sub-set of users from the users you've already matched with your initial condition. Adding more conditions refines the match.

    For example you could add an additional condition so that your filter finds all the users from Germany that have a display name starting with Admin.

  8. When you have set up your filter click Save and Sync.
  9. Review your changes in Settings > People.