Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=MDR-settings

MDR settings

Configure or edit your Managed Detection and Response (MDR) settings, including your contacts and service level.

The first time you sign in to Sophos Central after you activate an MDR license, you’re prompted to enter settings needed for the MDR service.

You can also enter or change your settings at any time.

You need to do as follows:

  • Set authorized contacts.
  • Set the threat response.
  • Enter additional information about your organization to help us focus our investigations.
  • Install or upgrade Sophos endpoint software on your devices if you haven't already done this.

For details of these tasks, see the sections below.

Set authorized contacts

Enter contact details for Sophos Central administrators who will get MDR notifications and work with the MDR team. If there's an active threat, we'll contact each of them in turn until we get a response.

You must set at least one contact before you can configure other MDR settings.

To set authorized contacts, do as follows:

  1. Go to My Products > MDR.
  2. Click Settings.

  3. Select the Authorized Contacts tab.

    Authorized contacts tab.

  4. (Optional) If you need to create a new Sophos Central administrator, click Create new Central administrator and add a user with the Super Admin, Admin, or Help Desk role.

    If you use a Sophos Central administrator with an email address that's a distribution list, multiple users can use the admin account. To limit what they do, select the Help Desk role because it has the lowest privileges.

  5. Click the drop-down arrow under Primary and select one of your Sophos Central administrators. Enter their contact details.

    If you don't want the administrator to get MDR reports or broadcast announcements by email, select the opt-out checkboxes.

  6. Select Secondary and Tertiary contacts if you want to, and enter their details.

    You must at least have a Primary contact. We recommend that you create multiple contacts in case the primary contact is unavailable when the MDR Ops team needs to contact you.

  7. Click Save.

Set the threat response

Specify how we respond to active threats, as follows:

  1. Go to My Products > MDR.
  2. Click Settings.

  3. Select the Threat Response tab and select one of these responses:

    • Authorize: We'll take any action needed to resolve the threat and we'll notify you.

      We prompt you to turn on Live Response. This lets the MDR Operations team access your devices. If you don't want us to access sensitive devices, exclude them. To do this, go to My Products > General Settings > Endpoint or Server, and select Live Response.

    • Collaborate: We'll work with your contacts to resolve the threat.

      You can authorize our MDR Operations team to take action even if they can't reach your contacts. Select the checkbox below the Collaborate option.

    • Notify Only: If you select this, we can't take action against threats. We can only do limited investigation and notify your authorized contacts.

      We don't recommend using this option for an extended time.

      Threat response settings.

  4. Click Save.

Additional settings

Enter details about your organization that help us focus our threat investigations.

  1. Go to My Products > MDR.
  2. Click Settings.

  3. Select the Additional Settings tab.

    Additional Settings tab.

  4. In Industry Vertical, select your specialized market, if applicable.

    Industry verticals are groups of companies that focus on a specialized market spanning multiple industries, such as Fintech or digital health.

  5. Enter your organization's primary location.

  6. Add details of network subnets used in your estate.
  7. Click Save.

Install or upgrade Sophos software

You need Sophos endpoint software that supports MDR on each of your computers or servers. If you don't already have it, or you're not sure, follow the appropriate steps below.

Existing customer

If you already have the Sophos endpoint agent on your devices but have now bought an MDR license, do as follows:

  1. Go to Devices > Computers and servers.

  2. Check the Protection column:

    • If your devices show XDR, you don't need to make any changes.
    • If your devices show Endpoint, continue to the next step.

  3. Select devices and click Manage software.

  4. In Manage device software, under Protection, select XDR.
  5. Click Save.

New customer

If you're new to Sophos, download and install the Sophos endpoint software. To find the download, go to Devices > Installers. The download includes all features you're licensed for.