Skip to content

Device Exposure

This feature might not be available for all customers yet.

The Device Exposure page gives you an overview of which devices are out of date and vulnerable to threats.


  • You need a license that includes XDR or MDR to use this feature.
  • You must turn on Data Lake uploads for devices so that details will show on the Device Exposure page. See Turn on uploads for devices.
  • You must be a Super Admin or Admin, or have a custom role with Full access to Endpoint Protection and Server Protection to view the Device Exposure page. For more details about custom roles, see Add a custom role.

Go to Threat Analysis Center > Device Exposure.

Device Exposure page.

You can see the following charts on the Device Exposure page:

  • Days since last OS update: This chart is categorized by the number of days since the devices were last updated.
  • OS updates: Breakdown by OS type: This chart is categorized by the operating system type and the number of days since the devices were last updated. You can refer to the chart legends to see what operating system type each color represents.


The more days since a device was updated, the more vulnerable it is to threats.

You can hover over the charts to see the number of devices that fall into a specific category. For example, hover over the yellow section of the Days since last OS update chart to see how many devices were last updated over 30 days ago.

Hover over the chart.

Run custom queries

Click Get more details. You'll be redirected to the OS updates category in Live Discover, where you can run custom queries on the data in the Sophos Data Lake.

Device details

You can see the following device details in the table:

  • Device: The device name. Click the device to see more details.
  • User: The user associated with the device. Click the user to see more details.
  • OS: The operating system type. For example, Windows 10 Enterprise or Windows Server 2019.
  • OS Version: The operating system version number.
  • Platform: The operating system. For example, Windows or Windows Server.
  • Type: The device type. Computer or Server.
  • Last seen: The date when the endpoint last sent query data to Sophos Central.
  • Last OS update: The date when the last operating system update happened.
  • Days since update: The number of days since the last operating system update.

Filter devices

You can filter the details that are shown in the table using the following filters:

  • Over 30 days: Shows devices last updated between 30 and 89 days ago.
  • Over 90 days: Shows devices last updated between 90 and 179 days ago.
  • Over 180 days: Shows devices last updated between 180 and 364 days ago.
  • Over 365 days: Shows devices last updated 365 days ago or more.

You can click the charts to filter the table by Last OS update.

Use Search to find a specific device. You can search for the device name, operating system type, operating system version, platform, or device type.