We regularly update Sophos Central with improvements or new features. You can see the details here.
Sophos Central customers now have a new option to export a snapshot of a dashboard to PDF. Read more
Customers enrolled in the New AI Features EAP now have access to AI Search for Detections. This feature enables analysts to query the Sophos Data Lake for detection data using natural language. Read more
The legacy Threat Analysis Center dashboard has been retired, so we've removed the toggle to switch between dashboards. Read more
New tickets for firewalls in PSA integrations will now be associated with the PSA configuration item of the corresponding firewall. This lets you see which firewalls are having the most issues. Read more
Switch management is now available on Sophos Central for tenants set up in Australia, Brazil, Canada, India, and Japan. Read more
By configuring Bounce Address Tag Validation (BATV) for your gateway domains, you can defeat backscatter attacks that use messages forged to look like bounces from recipient addresses. Read more
Apple are releasing macOS 15. Click the link for details of our support. Read more
The Device Exposure page helps XDR and MDR customers identify Windows devices that haven't installed an operating system update for an extended period of time. Read more
With the release of NDR 1.7, we're introducing new features, including an investigation console, product pages in Sophos Central, and free 30-day trials. Before you activate a trial, make sure you have the infrastructure needed: VMware, Hyper-V, AWS, or certified hardware. Read more
Our Autotask and ConnectWise PSA integrations now let you map Sophos Switch and AP6 monthly support licenses, so you can sync usage to the PSA. Click "Read more" for instructions on how to update your PSA integrations and start syncing. Read more
We're offering free Sophos ZTNA evaluation for three users for a year if you have Sophos firewalls managed via Sophos Central. This offer is only valid if you don't have a full ZTNA license. Read more
We're excited to announce the New AI Features Early Access Program (EAP). This EAP lets you test AI-powered features as they're added to Sophos Central. These features increase analyst efficiency, while enhancing the experience of investigating threats. Read more
Please upgrade to the latest plugin for ConnectWise Automate or Kaseya VSA 9. Your technicians will be able to onboard customers quicker because these plugins no longer require customer tokens or product selection to deploy Sophos agents. In addition, the plugin for ConnectWise Automate will now let you manage Macs (as Kaseya VSA already does) and has improved event logging. Read more
We've released a new version of the Microsoft Graph Security integration, providing significantly more information for threat investigation and response. The integration is available to all Sophos XDR and Sophos MDR customers at no additional cost. Read more
We're releasing a new pre-defined alerts dashboard. All Sophos Central users can get it by using the Find Dashboards feature on the Manage Dashboards page. The dashboard will include "All alerts", "Top alert categories", and "Recent alerts". Read more
We're excited to announce the release of two new public APIs designed for seamless integration with Detections and Cases. Read more
We've released several enhancements to further increase analyst efficiencies. New features include "Detection Rules" and integration with SophosLabs Intelix. Read more
We're excited to announce ZTNA releases 2.1 and 2.1.1, which now support Microsoft's on-premise Active Directory as an identity provider. They also provide zero downtime and seamless connectivity for cloud-based ZTNA gateways, along with bug fixes. Read more
New integrations with F5 BIG-IP Application Security Manager and Forcepoint NGFW are now available for Sophos MDR and Sophos XDR customers with the Firewall integrations license pack. Read more
We're continuing to enhance the new Computers & Servers list. This month, we've added columns for device group and tamper protection, as well as filtering for tamper protection status. We've also added a column selector and CSV export of the page. Read more
Sophos DNS Protection is a new product for network environments that provides an additional layer of protection through a monitored and controlled DNS resolution service in the cloud. After a successful EAP, it's now in general release. Read more
Our latest Autotask enhancements let you track alerts as PSA tickets, and acknowledge or close alerts from either Sophos or Autotask. Also, when your integration is set up, tickets are auto-assigned to the appropriate customer, priority and ticket category, reducing manual work. Read more
ConnectWise PSA and Autotask tickets now link to the relevant Sophos device details page. This should save MSP technicians 20 seconds per ticket, the time typically spent manually searching for the customer and device. Read more
The new flexible, interactive custom dashboard experience uses actionable data to optimize user operations and workflows. Read more
We're continuing to enhance the new "Computers & Servers" list. We've made the columns resizable, improved the "Last active" details, and added a search bar that lets you easily search the device name, IP, and operating system fields. Read more
You can now deploy NDR sensors on certified hardware images to support data rates up to 40 Gbps and 120K connections per second. Read more
This Geo IP protection supplements the anti-spam protection. It lets you disallow messages from countries that you select. Read more
When you use a wild card to configure an external subdomain in any email policy, you can make it match either the first level or all levels of the email subdomain of external senders. Read more
The new format of the quarantine summary enhances its readability and viewability—particularly on the smaller screens of mobile phones. Read more
Now you can save descriptions for the admin allow and block entries. The description records information about the entry, helping you and your admin colleagues make sense of the entry in future. Read more
We've enhanced the Autotask PSA integration for partners who use usage sync. New, monthly sync options are now available to prevent proration and multiple invoice entries. Read more
Both partner RMM integrations now offer a new "XDR Only" deployment option, and indicate when a newer plugin version is available for installation. Read more
Sophos Managed Risk combines industry-leading technology from Tenable with threat expertise from Sophos, delivered as a proactive vulnerability management service. Read more
Sophos Endpoint customers now have more visibility into devices under attack, new controls to put devices into a more aggressive protection mode, and new persistent Adaptive Attack Protection policy rules. Read more
You can now isolate Linux devices from within Sophos Central. Read more
The MR4 release of Sophos AP6 Series access points includes the Wireless Guest Network (Bridge Mode) along with many bug fixes. Read more
Sophos Central admins can now expand second-factor (MFA) sign-in security to Self Service Portal, Sophos ID (landing page), Sophos Community, Partner Portal, Sophos Support, and more. We strongly recommend taking advantage of the added security. Read more
macOS will soon support scheduled updates. Updates will be applied on the day and time specified in your Update Management policy. Read more
Endpoint, Server, XDR and MDR customers are now able to try our new custom dashboard feature. Read more
We've updated Autotask and ConnectWise PSA integrations so that they only create PSA products on request, not automatically, for partners who have turned on usage sync. We've also improved the product mapping user experience based on MSP feedback. Read more
Sophos Central users who want to manage their current multi-factor authentication (MFA) sign-in settings must now validate their identity with MFA first. This makes sure that only legitimate users can view, add, or remove authentication methods. Read more
You can now use an AWS AMI to deploy an appliance that hosts NDR and third-party integrations. The AMI image is available on the AWS Marketplace and uses your existing NDR or integration licenses for the deployment. Read more
The latest update to Sophos DNS Protection includes the ability to save your own report templates, export reports in various formats, and schedule reports. It's not too late to join the EAP and try it for yourself. Read more
The Sophos Switch MR4 release includes the following firmware enhancements: Admin authentication through Radius or TACACS+, 802.1x authentication through TACACS+, and new capabilities for Spanning Tree Protocol (STP). Read more
We've added a new endpoint and server threat protection policy option to block any browser traffic that uses the QUIC protocol. Read more
We plan to remove access to the legacy Investigations feature at the end of February. This was replaced by the Cases feature that we launched in late November. Read more
We're adding better visibility of device health for Linux in Sophos Central. Security Health will now include "Sophos Linux Runtime Detections". This may affect the existing security health status for Linux devices in your estate. Read more
We've enhanced the Data Control policy to support granular searches. You can configure a rule to search in the subject, message body, attachment name, attachment content, or any combination of those message parts. Read more
Our navigation has been updated with new easier-access menus and shortcuts, as well as a new notifications center. Read more
In Central Partner, you can now change which PSA service each Sophos product uses for synchronizing usage. You can also change the attributes assigned to Sophos products in the PSA to better meet your accounting needs, while maintaining an active sync. Read more
We've extended change conflict detection to ports, and further extended management to SNMP, LLDP, and CPP. Read more
AP6 Series access points can now be configured to create a wireless mesh network. Read more
In Central Partner, you can now change which PSA service each Sophos product uses for syncing usage. You can also change the attributes assigned to Sophos products in the PSA to better meet your accounting needs, while sustaining an active sync. Read more
The Response Actions feature in XDR Cases lets Sophos Central admins respond to security issues via Sophos and third-party products, starting with Okta. Read more
We've added a new option to block any browser traffic that uses the QUIC protocol. You can find it in the endpoint and server threat protection policies. Read more
DNS is the directory service of the internet. Sophos DNS Protection is a new product for network environments that provides an additional layer of protection through a monitored and controlled DNS resolution service in the cloud. Read more
You can manually claw back messages from the M365 inboxes of one or more users into the post delivery quarantine of Sophos Email. You must have post delivery protection configured in your account to use this feature. Read more
Remember that Sophos can routinely add new applications to your controlled list. If you selected this option, you should check that it's appropriate for your organization. Read more
The latest release of Sophos XDR delivers significant enhancements that accelerate threat detection and response across your full environment. Read more
We've enhanced the quarantine summary feature to support scheduling of summary messages for any hour of the day and any day of the week. You can schedule summary messages to be delivered 24/7 - that is, every hour every day of every week - if you wish. Read more
We have updated the Sophos sub-processor list. Read more
Our new easier-access menus and shortcuts, as well as our new notifications center, are now generally available through the "Try new Central" toggle. Read more
We started turning off "Controlled Updates" on September 30, 2023. You should now use "Update Management" policies instead. Read more
Sophos Central Switch has added management for nearly all switch port and VLAN features, and conflict management options for VLANs. Read more
Windows 8.1 standard support is ending. Extended support until March 2025 is available. Read more
The "New XDR Features" Early Access Program lets you try our new Case Management user experience, allowing for better collaboration and quicker investigations. Read more
We've improved ConnectWise PSA ticketing integration to provide more control over ticket closure, and we've also added more firewall alert details inside tickets. Read more
Message History now shows you the versions of TLS over which a message was exchanged during delivery and receipt, for both inbound and outbound messages. Read more
You can now schedule, store, manage, and restore Switch backups directly from Sophos Central. Read more
Sophos MDR can complement your existing team with 24/7 security experts that quickly detect threats and deliver detailed guidance or full-scale incident response. Read more
You'll soon be able to try our exciting, easier-access menus and shortcuts, as well as our new notifications center. Read more
The latest release of the Linux agent supports additional options for updating software packages. Read more
Planning to run Windows Server 2012 or 2012 R2 beyond the end of standard support in October 2023? Click the link to find out everything you need to know. Read more
Sophos Email provides deeper integration with MDR than other email products, supporting a slew of detections such as account compromise, malware, malicious URL, impersonation, spam, data control, and post-delivery protection. Read more
Using this API, you can manually claw back messages from the M365 inboxes of one or more users into the post-delivery quarantine of Sophos Email. You must have post-delivery protection configured in your account to use this API. Read more
We've improved the product to help you manage outbound spam and inbound malware emails that have been deleted. You can now recover them to quarantine to inspect them. Read more
You can now configure your user quarantine as read-only so that users can view quarantined emails, but can't release or delete them. Read more
Sophos ZTNA Gateway integration into Sophos Firewall will make ZTNA deployments easier than ever. You need the latest SFOS version to use this functionality. Read more
You can now create and configure runtime detection profiles for Linux Workloads. You can turn detection rules on or off, or edit allow and block lists, in a profile. Then apply it to devices via a server threat protection policy for Sophos Protection for Linux, or download and distribute it for Sophos Linux Sensor. Read more
To give your health scores more context, we now show the average score for other organizations of a similar size. Read more
You can now schedule, store, manage, and restore Switch backups directly from Sophos Central. Read more
Our new Threat Analysis Center dashboard will be available later this week in all Sophos Central supported languages for all XDR customers. Read more
The "New XDR Features" Early Access Program lets you try our new Detections page user experience, with visuals that give easy access to actionable data and increase your efficiency. Read more
Cloud Optix now protects AWS Simple Storage Service (S3) buckets from malware. Serverless Storage protection detects malware in all file types, including executables, media, documents, and more, and is now generally available. Read more
You now have comprehensive message authentication checking options, including support for SPF soft failure check. The new "Domain anomaly" option in "Sender checks" boosts your email security against unauthentic sender domains. Read more
The "Modify address" option in Data Control lets you change the email delivery address and lets you copy the email to another address using CC or BCC. Read more
Sophos AP6, Wi-Fi 6/6E access points are available and can be managed with Sophos Central. Read more
You can now turn on SSL/TLS decryption to allow scanning of HTTPS web pages on Macs. Join the macOS Endpoint Early Access Program to try it. Read more
If you're in the New XDR Features Early Access Program, you can now deploy the production version of Sophos NDR (Network Detection and Response) at no charge during the program. Read more
You can now synchronize information about your users and groups from Google Directory into Sophos Email. Read more
Administrators can now remove any message from users' M365 mailboxes with just the click of a button in Message History. We've given early access to all customers who have M365 post-delivery protection enabled. Read more
SAV for Linux and Sophos for Virtual Environments reached End of Life (EoL) on July 20, 2023. These products are no longer supported and should no longer be used. Read more
Windows 8 is no longer supported. Please upgrade to a supported operating system. Read more
Sophos Anti-Virus for Linux reaches End of Life on July 20, 2023. Migrate to the replacement product, Sophos Protection for Linux. Read more
Sophos for Virtual Environments (SVE) reaches End of Life on July 20, 2023. Install our Endpoint or Server Protection on your Guest VMs as a replacement. Read more
Our new, simplified search experience for endpoint data in the Data Lake is now available to all XDR customers. Read more
Our new Threat Analysis Center dashboard is now available to all XDR customers. Read more
We've added scores out of 100 as a visual indicator of the health check results. Scores also reflect progress as you make changes. Read more
You can reroute your inbound or outbound gateway messages directly to a mail server, using the server’s A-record or its fully qualified domain name. Read more
You can add disclaimers to your plain text and HTML format outbound messages, using the Outbound Disclaimer settings in Email Security Policy. Read more
You can perform operations on messages in both Email Security Quarantine and Post Delivery Quarantine, using Quarantine API. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to the replacement product, Sophos Protection for Linux. Read more
Sophos for Virtual Environments (SVE) will reach End of Life on July 20, 2023. Install our Endpoint or Server Protection on your Guest VMs as a replacement. Read more
All Sophos Endpoint users are now automatically protected by our innovative new Adaptive Attack Protection capability. This disrupts the actions of a threat actor during a hands-on attack. Read more
You'll soon be able to try exciting enhancements to our Threat Analysis Center dashboard. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to the replacement product, Sophos Protection for Linux. Read more
Sophos for Virtual Environments (SVE) will reach End of Life on July 20, 2023. Install our Endpoint or Server Protection on your Guest VMs as a replacement. Read more
You can now download, strip, or reattach attachments from a quarantined email. You can also submit quarantined email for scanning by SophosLabs Intelix. Read more
We've added new security assessment rules for Azure environments in the new CIS certified policy. You may see new alerts generated by these new rules. Read more
Cloud Optix now protects AWS Simple Storage Service (S3) buckets from malware. Serverless Storage protection detects malware in all file types, including executables, media, documents, and more. Read more
Our improved management of endpoint software versions is now available on older versions of Windows (Windows 7, 8, 8.1, and 10 32-bit) and Windows Server (2008 R2, 2012, 2012 R2). Read more
You now need to ensure you've updated most Windows versions to support Azure Code Signing (ACS) before you install or update Sophos Endpoint and Server Protection. We've made this change to comply with Microsoft's ACS program. Read more
You now need to ensure you've updated most Windows versions to support Azure Code Signing (ACS) before you install or update Sophos Endpoint and Server Protection. We've made this change to comply with Microsoft's ACS program. Read more
You can now clone any Sophos Email policy. The cloned policy is added just above the policy being cloned. You should modify the cloned policy to suit your needs before you enforce it. Read more
Sophos Switch MR3 release enhances layer 2 capabilities and Sophos Central management. Read more
You can now define port ranges for agent based resoures. Read more
Sophos for Virtual Environments (SVE) will reach End of Life on July 20, 2023. Install our Endpoint or Server Protection on your Guest VMs as a replacement. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to the replacement product, Sophos Protection for Linux. Read more
We're adding long term support (LTS) software packages for Windows computers and servers. Read more
Sophos for Virtual Environments (SVE) will reach End of Life on July 20, 2023. Install our Endpoint or Server Protection on your Guest VMs as a replacement. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to the replacement product, Sophos Protection for Linux. Read more
Join the XDR Early Access Program to try a new, simplified search of endpoint data in the Data Lake. It doesn't require any SQL knowledge. Read more
You can now snooze issues you're not ready to fix immediately. We'll remind you to review them again later. You can also add comments to an issue, for example about your plans for fixing it. Read more
Central Partner now lets you automatically create service tickets in ConnectWise PSA from Sophos Central alerts. You can also close and acknowledge alerts in Connectwise. Read more
Improved management of Sophos software versions is now available for Windows servers as well as Windows computers. Read more
You can now use Data Control rules to inspect messages for attributes such as headers, source, and size. You can also modify the headers by choosing new actions in the rules. Read more
We've made admin and user quarantines more organized and easier to use. You can also now add up to 500 very important people (VIPs) in impersonation protection, submit emails to port 587, and benefit from a new feature that detects compromised accounts. Read more
This new policy gives more granular control by bringing together all settings for message encryption, decryption, signing and verification. It also lets you assign the Portal Encryption license. Read more
You can now set different spam catch rate levels for different external senders and domains, and for different internal users, groups, and domains. Read more
Administrators can now isolate Macs from the network manually. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to the new Sophos Protection for Linux agent. Read more
You can now put customers in a group and easily give administrators access to the whole group. Or you can still give administrators access to customers individually. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to Sophos Protection for Linux. Read more
We've added new security assessment rules for AWS in the new CIS certified policy. You may see new alerts generated by these rules. Read more
The latest release of the Sophos Protection for Linux (SPL) agent now includes on-access scanning and quarantine capabilities. Read more
Sophos Anti-Virus for Linux will reach End of Life on July 20, 2023. Migrate to Sophos Protection for Linux. Read more
We're improving the management of endpoint software versions, beginning with Windows computers. Read more
Planning to run Windows Server 2012 R2 beyond the end of standard support in October 2023? Find out everything you need to know here. Read more
A new deployment mode in Sophos ZTNA lets you use a Sophos-protected data plane in the cloud to give access to private apps. Read more
The Sophos ZTNA agent for macOS provides access to private apps that use TCP (like SSH) or UDP (like Remote Desktop). Read more
The retirement date for Sophos Anti-Virus for Linux and Sophos for Virtual Environments is July 20, 2023. Read more
We have updated our Data Processing Addendum to reflect the updated EU Standard Contractual Clauses (SCCs), and UK Addendum on international transfers of personal data.
Apple released macOS Ventura recently. If you upgrade Macs that run our Endpoint Protection, you must take steps to stay protected. Read more
There's a new filter on the Computers and Servers pages. By default, you see "Recently online" devices. Change the filter to see inactive devices and decide whether to fix or delete them. Read more
The MSP Flex billing for Cloud Optix has changed to improve support for customers whose cloud asset usage fluctuates during the month. Read more
You can now use an API to query Message History data, which is collected in the Sophos Central XDR Data Lake. Read more
You can now use advanced search in Message History. Also you can view a list of the URLs in a message by going to the URL tab of Message Details. Read more
Do more with your switches in Sophos Central! We've added management of per-VLAN IPs, static routes, DHCP relay, DHCP snooping, and more. Read more
MDR customers can now integrate alert data from third-party security products. Integrations are available for email, firewall, network, cloud security, and identity provider products. Read more
MDR customers can now add the Sophos Network Detection and Response (NDR) product to their environment. NDR detects threats by monitoring north-south and east-west network traffic. Read more
We're changing the subject line in MTR email notifications to refer to the new product name, MDR. Read more
Apple released macOS Ventura last month. If you upgrade Macs that run our Endpoint Protection, you must take steps to stay protected. Read more
Look out for enhancements to our XDR Detections dashboard. Read more
We've added a "Fix Automatically" option to each part of Account Health Check, so it's now much easier to correct any issues. Read more
We've started the early access program for ZTNA as a service. This new way of deploying ZTNA lets admins use the new Sophos-protected data plane in the cloud to give access to private apps. Read more
We're starting an early access program for a ZTNA agent for Macs. The agent provides access to private apps that use TCP (like SSH) or UDP (like Remote Desktop). Read more
Central Partner now lets you set alerts to sync as tickets in ConnectWise Manage PSA, where you can also close and acknowledge alerts. Read more
Want to test Sophos detection, investigation, and response capabilities while running non-Sophos endpoint protection? The new XDR Sensor deployment might be just what you need. Read more
On-demand case creation lets you request a health check or an investigation of a detection you see in the Threat Analysis Center. Read more
The latest ZTNA release offers enhanced troubleshooting. It also now has Hyper-V support for ZTNA Gateways. Read more
We've greatly simplified the process for silent deployment of Endpoint Protection for macOS using Jamf Pro. Read more
Tamper protection helps protect devices. The Devices list now lets you see whether it's turned on, filter for devices where it's off, and turn it on for selected devices. And Account Health Check will warn you if tamper protection is off. Read more
The Sophos Cloud Native Security bundle includes Intercept X for Server with XDR and Cloud Optix, providing flexible host and container workload security for Windows and Linux. Unify your security across workloads, single or multi-cloud environments, and identities.
Sophos Switch now lets you send command-line commands to one or more switches directly from Sophos Central. Whether for one-time configuration changes or getting information for troubleshooting, Switch command-line access is at your fingertips in Sophos Central! Read more
The Sophos Central sign-in screen and user interface have an updated look and feel, including dark mode support. It’s now available for all Central Admin, Central Enterprise and Central Partner users. Read more
Sophos Mobile customers now have access to User Activity Verification, which lets them send questions to a user's mobile. For example, they can ask about suspicious activity seen on a user's desktop, or ask an admin to approve actions. Read more
You can now control access to customer firewall templates according to an admin's role. Be sure to double-check permissions for your admins so they can access the accounts they need. Read more
We've updated the process for creating a new support case from Sophos Central. This now requires you to register with Sophos Support Portal first. It will also improve the accuracy of the details submitted. Read more
You can now create accounts in these regions: Australia, Brazil, India, and Japan. For an account in the Canada region, contact us.
Beginning in early July, the Sophos Central sign-in screen and user interface will have an updated look and feel, including dark mode support. Read more
Tamper protection helps protect devices. The Devices list now lets you see whether it's turned on, filter for devices where it's off, and turn it on for selected devices. And soon Account Health Check will warn you if Tamper Protection is off. Read more
Sophos Linux Sensor is a new way to deploy Intercept X Advanced for Server with XDR. It uses APIs to integrate Linux runtime threat detections with your existing threat response tools. Click "Read more" to find out how to activate it. Read more
The Sophos CS210-24FP and CS210-48FP switches are available to be managed in Sophos Central. Read more
Partners can now unlink inactive accounts from Sophos Central Partner. Partners can also now convert trial accounts to monthly accounts.
You can now easily see if any of your scanning exclusions or threat protection policy settings are reducing your protection. Read more
The next Sophos Endpoint and Server Protection update for Windows will contain new root certificates. Activate automatic root certificate updating to ensure successful installation. Read more
Sophos Cloud Optix is now available from our Sophos Central EU data center in Germany. Read more
You can now easily see if any of your threat protection policy settings are reducing your protection. More checks coming soon, such as exclusions. Read more
Intercept X Advanced for Server with XDR now provides complete visibility into your host and container workloads, identifying malware, exploits, and anomalous behaviors before they get a foothold. Read more
Cloud Optix can now be deployed and managed from the Sophos data center in Frankfurt, Germany, ensuring organizations that require EU data storage meet compliance requirements.
If you use the ConnectWise Manage ticketing solution and would like to participate in the early access program for integration with Sophos Central Partner, please contact your account manager or sales engineer to enroll.
Now integrate directly with Microsoft 365 for faster mail processing without the need for MX record redirection. Enroll new domains, or update existing ones from Sophos Gateway to Sophos Mailflow in Sophos Central and retain all your policy settings. Read more
Ideal for regulated industries, S/MIME encrypts email messages and adds a digital signature to authenticate senders and safeguard against email spoofing. S/MIME is now included with Sophos Email Advanced. Read more
You can now use API credentials to limit the permissions given to software that Sophos Central integrates with. Roles include Super Admin, Management, Forensics, Read-only, and Active Directory. For details, search for "API credential management" in the Sophos Central help.
Changes to the way we update your Windows devices mean that you must allow new Sophos domains (if you manage them through a firewall or proxy). Read more
Partner Super Admins can now create additional administrators directly from Sophos Central Partner. Read more
Enterprise and Partner Admins can now use global template settings to exclude devices from Device isolation and allow applications by their SHA 256 or certificate. For details, search for "Global templates" in Central Enterprise or Partner help.
Benefit from enhanced cross-platform visibility by uploading Android, iOS and Chrome OS data to the Sophos Data Lake. Read more
With the latest XDR updates, busy teams can collaborate more effectively on incident analysis using the new Investigations feature, and customers with Microsoft 365 can upload Microsoft log data to the Sophos Data Lake and query it. Read more
You can now choose how far back in time one-off or scheduled queries go when they search the Data Lake. The default is 7 days. Read more
Help Sophos make XDR products that work the way you want them to. Take this survey to help us connect you with the appropriate project teams. Typically we only need 1 hour of your time, scheduled at your convenience. Read more
We've redesigned the way our ransomware detection works, so we now detect more ransomware families and protect more file types and larger files. Read more
We’ve updated our End User Terms of Use, which now contain consolidated terms and conditions for all our subscription software, cloud services, and managed services. Read more
The Federation (Single Sign-On) EAP is here. It’s available for Central Admin and Central Enterprise and supports these identity providers (IdPs): Azure AD, ADFS, and Okta (with OpenID Connect). Support for Central Partner and more IdPs to follow. Contact Sophos for more information.
You can now easily see if any of your devices are missing security software. Further checks coming soon, such as threat protection policy settings. Read more
Sophos ZTNA enables your remote workforce to securely connect to your hosted applications in an elegant, streamlined and transparent way. Read more
You may have noticed that a new "Switches" entry appeared in "My Products" recently. Our new network access layer switches are now available. Read more
Say goodbye to MX redirections. Join the Mailflow EAP to integrate directly with Microsoft 365 for inbound and outbound email protection. Read more
Adding data from Sophos Cloud Optix to Sophos XDR Data Lake now enables you to detect and assess cloud workloads and user access, and harden them against security misconfigurations and vulnerabilities. Read more
The rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite that delivers a reduced product footprint and smaller updates. Read more
We’ll be bringing in a new Sophos Central sign-in experience during January. Sign-in will start with an email ID (as it does now) and then follow different workflows depending on how sign-in has been configured by the Super Admin in Sophos Central. Read more
Our standard support has now ended for Windows 7, Windows Server 2008 R2, and Windows SBS 2011. Extended support is available for these operating systems. Contact your Sophos partner for more information. Read more
We're pleased to announce the second phase of the ZTNA Early Access Program (EAP). ZTNA policies based on device health reported by Intercept X, AWS gateways, clustering, Okta integration, and more are available. Register and get started today. Read more
We’ll be bringing in a new Sophos Central sign-in experience during January. Sign-in will start with an email ID (as it does now) and then follow different workflows depending on how sign-in has been configured by the Super Admin in Sophos Central.
Enterprise Admins can now set their MTR preferences for all their sub-estates from the Sophos Central Enterprise level. Read more
Using AWS activity logs, Cloud Optix now detects anomalies when a user's behavior deviates from normal. Examples include actions that a user hasn't done before, or are riskier than before, or are completed outside working hours. You can then investigate. Read more
The dashboard provides a prioritized list of suspicious activity and security vulnerabilities that might need your attention. This feature is now available for all XDR customers. Read more
Cloud Optix can now identify certain insecure settings in container images, in addition to vulnerabilities. Read more
The Early Access Program begins by introducing our new Detections feature, which shows a list of prioritized detections that might need further investigation. Read more
AD Sync can now synchronize devices and device groups. Read more
Sophos XDR can now get data about your AWS cloud environment from Cloud Optix, giving you greater visibility of attacker tactics used in your environment. Read more
We're making Sophos Wireless available to all Sophos Central accounts at no extra cost. You can add any number of supported AP and APX Series access points. Read more
We now have an API to allow automated deployment of the Sophos Endpoint agent across multiple accounts. Read more
You can now receive Cloud Optix alerts from Amazon Web Services (AWS) security services by enabling the new AWS Security Hub integration. Read more
We’ve achieved CIS (Center for Internet Security) certification for the Microsoft Azure Foundations Benchmark v1.3.0. A new policy template is now available in Cloud Optix. Read more
We've updated the Sophos for Virtual Environments installer to work with Sophos Central accounts that have MFA (Multi-Factor Authentication) turned on. Read more
Starting in September, all Sophos Central administrators will need multi-factor authentication (MFA) to sign in. You don’t need to do anything right now, but if you're a Super Admin, you can turn on MFA for your team at any time in Global Settings > General > Multi-factor authentication (MFA).
We've launched our Server Protection antivirus plugin for all customers, so you can now run on-demand scans of your Linux servers. Read more
We’re preparing to end the first phase of our ZTNA Early Access Program (EAP) on August 10. The second phase will begin soon. Read more
Use Cloud Optix to remove Sophos server agents from Sophos Central automatically when your AWS and Azure VMs are terminated. Read more
Cloud Optix Advanced now combines network flow log data from AWS, Azure, and GCP with threat intelligence from SophosLabs to identify traffic to known bad IP addresses. Read more
Smart Banners now allow email recipients to report spam and unwanted bulk email to SophosLabs to improve future email scanning. Read more
We've upgraded all Sophos EDR customers to XDR and increased the standard storage period for historical data in the Data Lake from seven days to thirty. Read more
Now get even more from your email history. Search messages by sender, see multiple recipients' details (SMTP and Header), filter messages by the reason for quarantine, and just hover over email status to see SMTP logs from Postfix. Read more
We're pleased to announce that we've now added support for ARM64 Windows devices to Intercept X. Read more
We’ll soon be making exciting changes to the Web Protection feature in our Early Access Program, allowing it to decrypt HTTPS traffic. Read more
Managing your protection just got easier. You can now see protection summarized in a single column. And to change it, just select devices in the list, using its search and filters to help you, click "Manage Endpoint Software", and select a package. We’ll add or remove software so that the devices get the protection you want. Take a look
You can now authenticate to our SIEM API from your parent organization across all your managed tenants. Just use API credentials in your setup (see the Getting Started page on our developer portal). We no longer recommend API tokens for new customers. If you already have a token, you can renew it, but it only authorizes you for the tenant organization. Read more
The latest version of Sophos Mobile adds support for the iOS "User Enrollment" mode. Read more
AWS and Azure connections in Intercept X Advanced for Server and Central Server Protection are being replaced by Cloud Optix, which provides more detailed insight into cloud environments. You'll need to add your cloud accounts to Cloud Optix before June 30, 2021. This doesn't affect cloud workload protection. Read more
Sophos XDR is here! Get access to rich data from our Sophos Firewall, Central Email, Endpoint and Server EDR products, giving even more insight into your IT environment. And the Sophos Data Lake (for EDR and XDR) gives you critical information from devices even when they’re offline. Read more
Join our Early Access Program to try Endpoint Protection for Apple M1 (ARM) hardware in your test environment. Read more
Intercept X Advanced for Server customers will soon benefit from protection for critical cloud services. We're including Cloud Optix Standard in their license, while still offering full Cloud Optix as Cloud Optix Advanced. Read more
Add Microsoft Azure environments to Cloud Optix in minutes, with our simple two-step Quick-start option. Read more
We’re pleased to announce the start of the Early Access Program (EAP) for Sophos Zero Trust Network Access (ZTNA). Register and get started today. Read more
Get more delivery options and a better experience with the enhanced range of message encryption methods now available for Sophos Email Advanced. Read more
We've added our AV plugin to early access programs to allow customers to run on-demand scans of their Linux servers. Read more
Easily pivot to a new Live Discover query without copying, pasting and starting a new query. Join the XDR and EDR Data Lake EAP to test out this new functionality. Read more
We're introducing audit logs for Live Response sessions. Admins will be able to download logs to see the commands run during a session. Read more
Scan cloud container images to prevent threats from operating system vulnerabilities and identify available fixes. Read more
This Early Access Program lets you quickly see, understand and act on critical network data in addition to endpoint and server data, as well as enabling you to query both online and offline devices. Read more
Now you can filter the users and groups you synchronize from Azure AD. Read more
Now you can change the directory service that Sophos Central synchronizes with. Users, groups, and mailboxes already in Sophos Central are preserved if they match ones in the new directory service. Read more
Search and Destroy for Sophos Email Advanced uses O365 APIs to directly access O365 mailboxes, allowing Sophos to identify and automatically remove emails containing malicious links and malware before a user clicks on them. Read more
Our endpoint APIs can now isolate computers singly or in bulk (or remove them from isolation). We've also upgraded our exclusion APIs to manage isolation exclusion, and enabled endpoint APIs to run queries on computers filtered by their isolation status. Read more
We sent an email incorrectly stating that the Early Access Program (EAP) is closing at the end of January. The EAP will remain open to all customers. Please keep your Big Sur devices enrolled in the program. Read more
We're adding the ability to export tamper protection passwords in CSV and PDF formats so you have this crucial information ready if an incident happens. Read more
EAP coming soon: Search and Destroy uses O365 APIs to identify and automatically remove malicious links hiding in plain sight. Read more
You can now identify and correct overprivileged AWS IAM users, groups and roles, plus much more. Read more
We plan to end Sophos Central support for Internet Explorer on March 31, 2021. We recommend that you use the latest version of Chrome, Edge, Firefox, or Safari instead. Read more
The current Endpoint Protection release doesn’t support macOS 11 Big Sur, but we now have an early access release that does. Join the EAP to try it on test devices. Read more
The current Endpoint Protection release doesn’t support macOS 11 Big Sur, but we now have an early access release that does. Join the EAP to try it on test devices. Read more
AWS and Azure connections in Intercept X Advanced for Server and Central Server Protection are being replaced by Cloud Optix, which provides more detailed insight into cloud environments. You'll need to add your cloud accounts to Cloud Optix before April 30, 2021. This doesn't affect cloud workload protection. Read more
Now you can see which of your AWS and Azure hosts are protected by Sophos, and check their security health, in Cloud Optix. Also, see XG Firewalls on AWS in the Cloud Optix network visualization. Read more
Join our EAP to try Endpoint Protection for macOS 11 Big Sur in your test environment. Read more
Endpoint Protection isn't generally available for macOS 11 Big Sur. If you use Endpoint Protection, don't upgrade Macs in your production environment yet.
Central Device Encryption 1.5.3 supports macOS 11 Big Sur. We've updated your Macs to 1.5.3 automatically. So if they only have Central Device Encryption (no Endpoint Protection), you can upgrade them to macOS 11.
Endpoint Protection doesn't support macOS 11 Big Sur yet. If you use Endpoint Protection, please don't upgrade Macs until support is available. An EAP release is coming soon.
Central Device Encryption 1.5.3 supports macOS 11 Big Sur. We've updated your Macs to 1.5.3 automatically. So if your Macs only have Central Device Encryption (no Endpoint Protection), you can upgrade them to macOS 11 now.
With Central Firewall Reporting Advanced, you can now include multiple firewalls in a single report. The Report Hub and Report Generator both support multi-device reporting. Read more
You'll need to use API credentials for AD Sync, instead of a Sophos Central username and password, from February 2021. This means that you no longer need Sophos Central accounts with multi-factor authentication turned off. If your AD Sync client is earlier than 3.3.4 (check in the Diagnostic screen), you must upgrade before you can switch to API credentials. Read more
We're adding a new threat protection policy option, "Track network connections". This will improve our detection capabilities. Read more
If you have XG Firewall 18 MR3 or later, you can now schedule firmware updates. You can also configure firewalls that are in groups to update in bulk when we publish firmware updates. Read more
Sophos Central Device Encryption (CDE) isn’t currently compatible with the upcoming macOS 11 Big Sur release.
Don’t upgrade Macs running CDE to macOS 11 yet. If you do, CDE won’t work correctly. You could even lose your FileVault recovery keys, meaning that you can’t recover a Mac if the user forgets their password.
We plan to issue a CDE service release that fixes these problems. Please wait for it before you upgrade to macOS 11.
We're starting to turn on IPS and behavior detection features for endpoint and server customers. You'll see a new "Detect malicious behavior" option in threat protection policies. Read more
Our second set of global settings APIs covers scanning exclusions, exploit mitigation, and intrusion prevention. The Roles API lets you fully enumerate admin roles, as well as create, update and delete individual roles. Read more
Enable teams to monitor spend across Amazon Web Services and Microsoft Azure in a single console, compare multiple services side by side, and receive detailed recommendations to optimize cloud costs. Read more
We now provide help for Self Service Portal in all languages that Sophos Central supports. Help for Sophos Central Enterprise and Partner is already available in French, German, Italian, Japanese, and Spanish.
Getting your favorite and custom reports is now even easier.You can schedule them and have them delivered to your inbox or pick them up in Sophos Central. Or you can generate reports manually and view them or export them straight to your inbox. Read more
You can allocate a specific number of licenses, with only products you want, to each sub-estate, or pool the licenses for use when needed. You can also prevent selected sub-estates from using a product by allocating zero licenses of that type.
macOS support for Live Discover and Live Response is here - plus more. Read more
We’re ending our temporary extension of the length of time you can postpone updates for. For more information and details of how to manage updates, see Controlled updates
The Early Access Program for New Server Protection and EDR Features now benefits from IPS (Intrusion Prevention System), which gives even more defense against malicious traffic. Read more
Central Firewall Reporting Advanced lets you save custom report templates. First, configure a report with the columns and layout you want. Then save it in your template library for quick access whenever you need to run it.
Sophos Central Admin, Sophos Central Partner, and Sophos Central Enterprise now allow longer sessions before timeout. By default, sessions can be inactive for 3 hours before you're automatically signed out, and can last 24 hours before sign-out is enforced. You can extend sessions up to 8 times in a 24-hour period.
Cloud Optix Quick-start is the new, easiest way to get started with the core CSPM features of Cloud Optix and see value in just a few clicks. Read more
Intercept X Advanced for Server with EDR and Cloud Optix are joining forces to extend protection beyond server workloads to critical cloud services. Make the most of this upgrade, which is included in the cost of the Server EDR license. Read more
EDR updates include role management for Live Response, new Live Discover queries, and Live Response on Linux in the server Early Access Program. Read more
We've updated the "Summary" and "Devices" tabs on a user's details page. All device types now have a consistent look, with additional actions available for mobile devices.
Ask detailed IT operations and threat hunting questions across your entire estate and respond to any potential IT issues or security threats with precision. Rollout of the powerful new EDR functionality is complete and all Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR customers have access. Read more
With this release, you can activate Synchronized Security for Sophos Endpoint separately to Sophos Mobile (UEM), restrict an SSID to only Sophos managed devices, and create a list of allowed domains for devices that have a red Security Heartbeat status. In addition, the user identity of unmanaged devices is shown on the “Devices” page. Read more
Easily search inventory data for hosts, containers, networks, storage services, IAM roles, and serverless functions, to investigate suspicious activity and insecure deployments like never before. Read more
APIs for managing users, groups, and the first wave of global settings in Sophos Central are now available. The Tenant Directory Management API covers user management and group management (users and devices). The Global Settings API (phase 1) covers allowed applications, blocked items, and website management. Read more
Check out the new features: additional device management capabilities for iOS, macOS, and Android; enhancements to Sophos Secure Email; migration from Sophos Mobile on-premise or as-a-service. Read more
Ask detailed IT operations and threat hunting questions across your entire estate and respond to any non-compliance or threats with precision. The rollout process has begun and all Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR customers will receive the new features by late June. Read more
Get unparalleled insight into email attachments that are opened in the Sophos cloud sandbox, with a breakdown of threat verdicts based on machine learning analysis, file reputation, VirusTotal results, and Mitre ATT&CK Matrix tactics. Read more
APIs for managing users, groups, and the first wave of global settings in Sophos Central are now available. The Tenant Directory Management API covers user management and group management (users and devices). The Global Settings API (phase 1) covers allowed applications, blocked items, and website management. Read more
Ensure secure configuration across public cloud environments with multiple additions to asset inventory and topology results. These provide greater insight, email alerts, brandable reports for MSPs, and activity log visualizations. The visualizations enable you to analyze CloudTrail logs by geographic location to help investigate high-risk events. Read more
The retirement date for Sophos products that are used on Windows Server 2008 is July 31, 2020. Read more
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to July 31, 2020 because of current events. Read more
A new user interface for Sophos Intercept X and Device Encryption is being rolled out to Windows devices. Read more
In Sophos Central Partner and Sophos Central Enterprise, you can grant administrators access to all current and future sub-estates or you can continue to grant them access to specific sub-estates.
With Central Firewall Reporting Advanced, you can create customized, historical reports on network activity for your Sophos XG Firewall. Easily add storage capacity as you need it and extend reporting up to one year ago.
With Live Response, admins can now remotely access devices and use a command-line interface to perform further investigations or take action directly on a device. Live Discover support for Linux has also been added to the program. Read more
There’s now an option in Global Settings that lets you automatically submit sample files to SophosLabs. This helps us to identify new threats and update your protection. Sound familiar? You might have seen it in your Threat Protection policy previously. Read more
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
There’s now an option in Global Settings that lets you automatically submit sample files to SophosLabs. This helps us to identify new threats and update your protection. Sound familiar? You might have seen it in your Threat Protection policy previously. Read more
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
Endpoint and server customers can join our Early Access Program (EAP) to take advantage of Live Discover, which enables you to run powerful queries for IT operations and threat hunting. Start using pre-built SQL queries that can be fully customized. Read more
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
The end of extended support for Sophos products used on Windows XP or Windows Server 2003 has been moved to June 30, 2020 because of current events. Read more
We are temporarily extending the length of time that Sophos software updates can be postponed for. Read more
Sophos Cloud Optix has been certified by CIS to accurately assess your public cloud environments based on best practices for secure configuration. Read more
Sophos Cloud Optix has a wealth of new features: comprehensive public cloud container visibility with support for Amazon EKS, Azure AKS, and GKE, plus new AWS service integrations, API updates, and more. Read more
We're changing the look and feel of the screen where you sign in. Don't worry, though. Your current email address and password will still work. So will the URL, bookmark or favorite that you use to get to Sophos Central.
We are extending Sophos XG Firewall free trials to 90 days to better enable organizations to provide secure remote access for employees. The trial includes use of the Sophos Connect IPSec VPN client for PCs and Macs. Read more
If you install the March Microsoft security update, we recommend that you configure Active Directory Sync to use a TLS/SSL connection. Read more
Endpoint users will automatically receive AMSI protection over the next few weeks. AMSI helps to detect and block obfuscated scripts, such as PowerShell, that are commonly used by attackers. Read more
Use AWS CloudFormation to add individual or multiple AWS accounts to Cloud Optix. This is a convenient alternative to the existing Sophos CLI script and Terraform options. Read more
The latest Sophos Cloud Optix release provides a breakthrough in IAM visualization. It also provides security-focused spend monitoring, extended container security with Amazon EKS, and more. Read more
You can now customize the full email address used in the delivery of Phish Threat training-related emails to end users. Read more
Add your firewalls to groups to keep them synchronized, manage the group policy from Sophos Central to make changes to the entire group quickly and easily, and use the tasks queue to monitor application of policies. Read more
Firewall reporting provides the flexibility and tools to create custom reports on network activity. It’s all included for free with version 18. Look for a “Premium” version in the coming months. Read more
Sophos Email Gateway now provides the ability to sign outbound emails with DKIM signatures. You can create and manage DKIM keys using the domain settings in Sophos Central.
The Early Access Program (EAP), including enhanced protection against script and memory-based attacks, heap spray attacks, CTF exploits and more, is now available for servers. Read more
Protect your organization from business email compromise and other forms of targeted phishing.
The latest release for Sophos Cloud Optix is here, including licensing improvements, management upgrades, and security enhancements. Expect more features early this year. Read more
The latest version of Sophos Mobile is now available in Sophos Central. New capabilities include Chromebook security, extended Android and Windows management functionality, various usability improvements, and much more. Read more
We’ve added flexibility to custom roles in Sophos Central, which enables you to create roles that can access only specific products and cannot edit or apply policies.
If you have Sophos EDR, you can now see the Threat Indicators list. This shows you the most suspicious items on your network so you can focus your efforts on them. Read more
Still running version 1.2.0 on your Security VMs? Restart them to upgrade as we'll stop supporting 1.2.0 in January. Read more
We've introduced new features to improve the hotspot experience for you and your users. You can customize the look of the captive portal with your logo and brand colors and also select social login as the authentication type (Facebook, Google). Read more
The new Sophos Central APIs are now available for all Sophos Central Enterprise customers. With these APIs, you can query tenants, enumerate and manage endpoints and servers, and query alerts and manage them programmatically. Read more
The Early Access Program (EAP) has been updated to include protection against Encrypting File System attacks, CTF exploits, and ApiSet Stub malicious DLLs, and further defenses against memory-based attacks. Read more
The latest release for Sophos Cloud Optix integrates the service with Sophos Central. This enables you to manage Cloud Optix alongside a range of complementary public cloud solutions including Sophos Intercept X for Server and Sophos XG Firewall in a single management console. Read more
You can now automatically upload snapshots to an Amazon S3 bucket that you own. This avoids you having to manually retrieve forensic snapshots from individual endpoints. Read more
We've just launched early access for new features for XG Firewall v18. Now you can run v18 firewall reports, group your v18 firewalls, and manage them all at once, right in Sophos Central.Read more
Join the Early Access Program for "New Endpoint Protection Features" and benefit from AMSI and IPS protection that gives even more defense against script and memory-based attacks and malicious traffic patterns. Read more
Provide teams with a single view of security posture across multiple public cloud environments, with a range of exciting enhancements to the Cloud Optix service for AWS, Azure, GCP, and Infrastructure as Code environments. Read more
Data loss prevention for Sophos Email is now live and included with the Sophos Email Advanced license. Read more
Protect your organization from targeted phishing attacks that rely on identity deception. Join our early access program to see how. Read more
Now you can make users change their BitLocker passcode. And users can protect files with a password before sharing, either on demand or with the Outlook add-in. Read more
Tighter security in macOS Catalina (10.15) means you must take action for Sophos protection to keep working. Read more
Now protect sensitive information, with discovery of financials, confidential contents, health information, and PII in all emails and attachments. Read more
We’ve added custom admin roles in Sophos Central Partner. This lets you create roles that can only access specific products and can’t edit or apply policies.
We’ve added custom admin roles in Sophos Central Enterprise. This lets you create roles that can only access specific products and can’t edit or apply policies.
Now you can enforce TLS secure communications by domain, for both inbound and outbound mail.
Customers with EDR enabled endpoints and servers are getting an early preview of our new Threat Indicators feature. Threat Indicators uses machine learning to show you a prioritized list of the most suspicious activity. Now you know what to look for, so you can focus on the most important investigations. Read more
Instantly see the health of your UEM-managed endpoints on the main Sophos Central dashboard. Easier workflow for managing traditional and mobile endpoints in the Devices view, with the most common actions just a few clicks away.
This new feature allows you to quarantine emails if we can't scan them or access the contents (for example, when we find an encrypted zip file, a corrupt file, unexpected content, or a large compressed attachment).
You can now customize the text that appears in smart banners.
We’ve given network visualizations for AWS a new look and the ability to show Sophos UTMs. We’ve also added more Azure security and compliance features, visualizations for GCP, an option to change how often environments are scanned, and more. Read more
The Sophos Endpoint Protection installer for macOS now includes several command-line options to allow customized installations. Read more
Intercept X for Server with EDR includes our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more
Intercept X Advanced with EDR now captures all PowerShell activity so that it can be reviewed and analyzed. Read more
We've introduced new global settings that let you control and customize email alerts in Sophos Central Enterprise, Partner and Admin. You can now configure the recipients, distribution lists, and frequency of alerts, or set custom rules. Read more
Sophos Email Encryption is now generally available. Sophos Email Advanced customers can send encrypted email on demand (using an Outlook add-in or subject tagging), via DLP rules, and domain to domain. Read more
Sophos Email Advanced customers can now enable information banners on emails from outside the organization. These help recipients identify the risk from each email and let them add senders to their allow and block lists with one click. Read more
Achieve compliance and manage security risks, with complete visibility across your Amazon Web Services, Microsoft Azure, and Google Cloud environments. Read more
Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more
Content Control for Sophos Email Advanced now makes it easy to quickly build content filtering policies across an organization, preventing outbound email data loss and inbound malware threats. Read more
You can now manage Sophos XG Firewall from Sophos Central. It’s time to Synchronize Your Security! Read more
Intercept X for Server is getting our all-new, intelligent Endpoint Detection and Response (EDR) features. Get the insights and expertise you need to respond to potential threats, report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Join the Early Access Program today! Read more
The all-new Threat Analysis Center for EDR consolidates Threat Cases and Threat Searches, across all supported device types, into a single area. Find it in the Overview. Read more
Now you can apply the same global settings and base policies to a set of sub-estates or all sub-estates. Just create and use a global template.
Sophos Central admins, Sophos Central Enterprise admins, and Self Service Portal users can now sign in using credentials stored in Microsoft Azure AD. Read more
Sophos Central Enterprise Super Admins can select a region when they create a new sub-estate. The region is now shown in the sub-estate Contact Info.
Award-winning training content, Outlook add-in to report phish, 10 languages, Synchronized Security benefits and more. Upgrade to the latest Phish Threat version for free. Read more
Join the Sophos Email Advanced Encryption Early Access Program today at no extra cost. Read more
Partner administrators can access audit logs to track changes across Sophos Central Partner. They also get access to audit logs in Sophos Central Admin they have permission to view.
IT teams can now carry out phishing simulation and a variety of cybersecurity awareness courses in Dutch. Read more
Synchronized Security now connects Sophos Email and Endpoint Protection to detect and clean up infected computers sending out spam and viruses. Read more
Stop or quarantine content based on keywords and attachment types in this Sophos Email Advanced early access program. Read more
Now you can send multiple emails in random order during simulated attacks. This makes training more effective and shows you more about user behavior. Read more
Alerts are now integrated into AWS Security Hub, so you can consolidate alerts across AWS. And our S3 bucket health reporting highlights critical misconfiguration. Read more
Manage global settings and base policies for customers. Create templates that consist of these settings and apply them to customer groups.
We’ve added role-based access control (RBAC) for Central Partner. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.
The best just got better: our all-new, intelligent Endpoint Detection and Response (EDR) features give you the insights and expertise you need to respond to potential threats. Add EDR today to report on your security posture any time, detect attacks that went unnoticed, and understand the scope and impact of security incidents. Read more
Sophos Email Advanced and Phish Threat now work together to find and train users who click on risky links in email. Read more
Analyze for a prize! Submit your suspicious files to SophosLabs for your chance to win a prize.Read more
We’ve added a new Alert Details View to the Alerts page in Sophos Central Admin. View additional details, including links to EDR Threat Cases, directly from your alerts.
We've added a new File Integrity Monitoring feature for Windows Servers. Track for unplanned and unexpected changes to critical system files and meet certain compliance requirements of the PCI Data Security Standard. Read more
Already using message relays for your Windows computers? If you have any macOS devices, they'll now automatically use your current message relays and any you set up in future.
Report suspected phishing and spam messages with one click right from Outlook. The Phish Threat Outlook add-in turns your employees into an active line of defense against cyberattacks. Read more
We’ve been hard at work overhauling Root Cause Analysis (RCA) and implementing additional features to make it easier for admins to conduct deeper investigations. Read more
Sophos Wireless now includes debugging, audit and accounting features which help you to diagnose WLAN issues on the network and address them. This release also improves the wireless client scalability on the APX series and brings many other UI improvements. Read more
Enterprise Super Administrators can now disable enterprise management for individually-licensed accounts, unlink sub-estates to operate as standalone Sophos Central Admin accounts, or delete sub-estates entirely.
This feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other files so you can determine if a file should be blocked or allowed. Read more
Check your Endpoint and Server Threat Protection policies to ensure that you're protected against advanced malware and ransomware. Sophos continually adds new features, but not all are turned on automatically.
The Intercept X agent now supports the latest Windows 10 Redstone 5 and Windows Server 2019 update. If you have paused updates, you will need to start them again to receive the updated agent. If you don't have Intercept X, you don't have to take any action as no changes are needed. Read more
The best just got better. Intercept X is adding detection, investigation, and response capabilities. The early access program is now open to the public.
Protecting Windows Servers running in Azure just got even easier: use a VM extension script. Read more
New detailed message summaries, policy enhancements and mailbox search added to Sophos Email. Read more
Take advantage of 30 new award-winning Phish Threat training courses today. Plus new ways to find the latest email templates fast.
Enhanced Unified Endpoint Management (UEM) capabilities with macOS app management, macOS DEP support, Android Zero Touch, Knox Mobile Enrollment, usability improvements and much more. New managed Mobile Threat Defense capabilities for both Android and iOS, including device, app, and network security features. Read more
Enterprise administrators can access audit logs to track changes across Sophos Enterprise Admin. They can also get access to audit logs in Sophos Central Admin that they have permissions to.
Sophos Central Admin now has the ability to export to CSV the lists of Computers, Servers and People on the Overview pages.
We've updated the People pages in the Overview and Products sections. On the Users tab, all columns are now sortable, all the data shown is searchable, and we've added new columns for Last Active and Group Name.
We've now completed the global roll-out of Intercept X Advanced for Server. New deep learning, exploit prevention, anti-hacker and Root Cause Analysis capabilities can now be enabled in your Server Protection policies. For details on enabling the new features: Read more
Server Protection Advanced is now called Intercept X Advanced for Server and includes powerful deep learning, exploit prevention, anti-hacker features and Root Cause Analysis. We're rolling out the new features over the next few weeks. Read more
Server Protection Standard is now called Server Protection and includes Peripheral, Application and Web Control, along with DLP, Malicious Traffic Detection and Synchronized Security Heartbeat. New features now available at no extra cost, but you need to turn them on. Read more
Now part of Intercept X Advanced for Server, Root Cause Analysis helps you to investigate the chain of events around a malware infection. Data may be sent to Sophos to help us to improve your protection, but you can opt out in Account Details > Account Preferences. Read more
Sophos Wireless now includes support for our next-generation APX Series access points. The three new APX models provide the first Synchronized Security functionality between Wireless, Endpoint and Mobile. With 802.11ac Wave 2 technology, they are custom-built for overall enhanced performance. This release also includes enhancements to Rogue AP detection, bulk provisioning and many other UI improvements. Read more
SophosLabs sees malware on up to 77 percent of blocked mail. Train employees to spot these attacks with new malicious attachment simulations.
Introducing Sophos Email Advanced and new features for Email Standard. Sandboxing, advanced URL protection, DKIM, DMARC, and more. Read more
We’ve added role-based access control (RBAC) for Sophos Central Enterprise. This lets you use pre-defined roles to give your admins different levels of access, depending on their responsibilities.
Soon you'll see new options for handling alerts. You'll be able to view and resolve alerts in groups, use new filters, and control who gets email alerts and how often they get them.
Sophos Central now monitors Windows Firewall on most Windows desktops and servers. It can also control whether it’s active for public, private or domain connections.
We've added a new exploit mitigation that detects abuse of Application Procedure Calls, used recently as the method of spreading the WannaCry worm. Read more
You can now enable HTTPS updating for all endpoints (Windows, macOS and Linux) with a single, global setting for your account.
Want better protection for Windows servers? Try our Early Access Program (EAP), which adds Intercept X features including Deep Learning, Root Cause Analysis, Master Boot Record protection, exploit prevention and anti-hacker options. Read more
The Server Protection - Intercept X EAP may send data to Sophos from May 10, 2018. This helps us improve your protection, but you can opt out in Account Details > Account Preferences if you want to.
Device Encryption now supports unattended activation when “Require startup authentication” is set to off. Get started faster with the on-boarding wizard, and use the updated Encryption dashboard for a more detailed overview.
We'd love to get your feedback. Take a short survey to tell us about your experiences. Read more
You can now sign in to Sophos Central Admin or Sophos Central Enterprise with an SMS text message as a second factor - or you can still use Sophos/Google Authenticator.
The most trialed Sophos Central product for two months – now featuring security training campaigns, more customization options, and improved campaign scheduling. Read more
We've added a map view for AWS workloads. We also now discover workloads in every public AWS region, even ones you're not actively using, as attackers can use them to hide. So you can reduce risk by ensuring all your instances are protected, see your whole AWS EC2 environment in a single view, and still easily drill down to details.
Sophos Wireless now makes your life much easier: the latest version has better throughput under load, lets you search clients, and has simple support for VLAN for Hotspot. Read more
The new version of Sophos Mobile is here. We’ve added macOS management and configuration, app management on Windows 10, extended management for Android and iOS, and much more. Read more
We've added Remote Desktop Services support, including tracking of license usage, to Server Protection. Read more
You can now use Server Lockdown on Windows Server 2016, and have Linux servers and Macs updated from an update cache on your network.
You can now get the password you need to uninstall Sophos software, even if you've deleted the computer from Sophos Central. Read more
We've added options to the threat protection policy so that you can turn our new active adversary features on or off. These features prevent credential theft, APC violations, privilege escalation, code caves, and more. This is in addition to the deep learning options already announced. Read more
Sophos for Virtual Environments 1.2 lets guest VMs move between Security VMs to stay protected even if they can’t connect to their current Security VM.Read more
We'll retire Sophos Anti-Virus for vShield on March 31st, 2018. To stay protected, migrate to Sophos for Virtual Environments before then -- it uses the same licenses, so there's no extra cost. Read more
Next time you download the Sophos Endpoint installer for Windows, you must change your settings. But you'll never need to download it again -- our new installer doesn't expire. Read more
We’ve released a new Sophos Endpoint installer for macOS. If you have old installers, they'll stop working in mid-February -- delete them and download the new one. Read more
Macs running OS X 10.9 will stop getting Sophos updates when we release Sophos Anti-Virus for macOS 9.7.4. We ended support for OS X 10.9 last April.Read more
You can now do initial installation of Sophos Endpoint on Windows from an update cache on your network, saving you internet bandwidth. Read more
The latest version of Intercept X is here. The new version includes deep learning, an advanced form of machine learning, to detect malware and potentially unwanted applications. It also includes new credential theft, privilege escalation and code cave protection, and much more. The new features will be enabled by default over the next several weeks unless you have turned them on/off already in the threat protection policy. Read more
Multi-factor authentication (MFA) is here. For Sophos Central Admin, super admins decide whether admins must log in with MFA. For Enterprise Dashboard, admins must always use MFA. Read more
New phishing templates for TalkTalk Group, Google, Santander Bank, and more are now available in Phish Threat. Browse templates