Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=DNS-protection-network-setup-windows-devices-secure-DNS

Configure Windows devices to use DNS Protection with Secure DNS

If you have a Workspace Protection license, we recommend that you protect your Windows endpoints using the Endpoint DNS Protection policy. See Endpoint DNS Protection policy.

Alternatively, you can configure your users' devices to directly use DNS Protection with Secure DNS if you're using a DNS cloud service, such as Google Public DNS or Cloudflare DNS. When you configure your users' devices as described on this page, DNS Protection handles all DNS requests instead of your configured cloud service.

Requirements

You must meet the following requirements:

  1. In Sophos Central, make sure you copy the DNS over HTTPS URL that's generated when you add a location with Secure DNS. See Add a location.

  2. Copy the DNS Protection IP addresses as follows:

    1. In Sophos Central, go to My Products > DNS Protection > Installers.
    2. Next to IP addresses, click Copy to copy the DNS Protection IP addresses.

Configure Windows devices

To configure Windows devices to use DNS Protection with Secure DNS, do as follows:

  1. On the Windows device, go to Settings > Network & internet > Wi-Fi.

  2. Click your Wi-Fi network's properties. For example, click CompanyNetwork properties.

    Your Wi-Fi network's properties.

  3. Go to DNS server assignment and click Edit.

  4. Select Manual.
  5. In Preferred DNS, enter one of the DNS Protection IP addresses you copied from Sophos Central.
  6. Turn IPv4 on.
  7. In DNS over HTTPS, select On (manual template).
  8. In DNS over HTTPS template, enter the URL you copied from Sophos Central when you added a location. See Add a location.

  9. Click Save.

    DNS over HTTPS URL.