Update Management Policy

By default, we update Sophos products on your computers automatically.

The Update Management policy lets you control the day and time when updates become available on your network. This ensures that your computers don't start updating until a time that suits you.

The policy also lets you suspend updating for an extended period. You can do this by selecting our custom "software packages".

Whichever option you choose, you always get automatic updates to protect against new threats. Your policy only controls updating of product features.

To set up a policy, do as follows:

1. Go to My Products > Endpoint > Policies
2. Create an Update Management policy. See Create or Edit a Policy.
3. Open the policy's Settings tab and configure the policy as described below. Make sure the policy is turned on.

Scheduled Updates

Enable Scheduled Updates and select the day and time when you want product updates to become available.

The time is local to each computer. For example, if you select 9 PM, each computer will get the update at 9 PM local time for the computer. This means that computers in different time zones will not get the update at the same time.

Remember that if computers aren’t on, they won't get the update until the next time they start.

We sometimes update computers immediately even if you've set up scheduled updates. We may do this as follows:

• If you change your license or your license changes.

  For example, if you apply an Intercept X with XDR license to an account that had only Intercept X Advanced, we install XDR features on computers.

• If you change the software assigned to a computer.

  For example, if you assign a Device Encryption license to a computer running Intercept X Advanced, we install the new software immediately.

Software packages

Software packages let you remain on the same version of our products for a set time.

If you apply a software package, you don't get automatic updates. When the package expires, you must select another.

Package types

We offer the following package types:

• Recommended: This package is automatically updated to give you our latest protection. It never expires.
• Fixed term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 120 days after the release date (or at least 30 days after the next release to allow for testing).

• Long term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 18 months after the release date.

  Note

  Only use this package type on computers you can't update regularly.

• Special: Special packages fix specific issues. You can only get them from Sophos support.

• EAP: Sophos Early Access Program. Devices in an EAP ignore any other software package you've assigned to them until the EAP ends.

Select a package

You select software packages in the Windows drop-down menu. For package information, click Details of packages.

You don't need to turn on scheduled updates to use this option.

To view and manage your packages, go to My Products > General Settings > Administration > Software packages.

Timing of content updates

A content update is an update to detection data, not features, which has a staged rollout. You can specify the stage at which you want your devices to receive content updates.

Configure content update timings

To configure content update timings, do as follows:

1. In the Select a software package section, in Windows or Mac, select a stage.

   • First stage: Select this stage in a policy for devices where you test new software.
   • Second stage: Select this stage for all your other devices.
   • Last stage: Select this stage in a policy for business-critical devices.

2. Click Save.