MDR settings

Configure Managed Detection and Response (MDR) for your sub-estates.

Managed Detection and Response (MDR) is a service that warns you about threats and helps you resolve them.

This page tells you how to configure MDR.

Enter MDR settings

By default, your settings apply to all your sub-estates. You can customize your settings for specific sub-estates if you want to.

To set or edit MDR settings, do as follows:

• Set authorized contacts.
• Set the threat response.

Set authorized contacts

Enter contact details for administrators who will get MDR notifications and work with the MDR team. If there's an active threat, we'll contact each of them in turn until we get a response.

You must enter at least one contact before you can edit any other MDR settings.

We'll use these contact details as the default contacts for existing sub-estates and for any new sub-estates.

To set your authorized contacts, do as follows:

1. Go to My Products > MDR.
2. Click Settings.
3. Select the Default Authorized Contacts tab.

4. In the Primary drop-down menu, select an administrator.

   You can only choose an Enterprise Super Admin. We show you your available Enterprise Super Admins.

   You must have at least a Primary contact. We recommend that you create multiple contacts in case the primary contact is unavailable when the MDR Operations team needs to contact you.

5. Enter the administrator's contact details.

6. Enter Secondary and Tertiary contacts.

   If a sub-estate doesn't already have contacts assigned to it, the contacts you've set here become its MDR contacts.

   

Set the threat response

Set a response to threats as follows:

1. Go to My Products > MDR.
2. Click Settings.

3. Select the Default Threat Response tab and choose how you want us to respond to active threats.

   • Authorize: We'll take any action needed to resolve the threat, and we'll notify your contacts.

     Leave the Live Response checkbox selected. The MDR Operations team uses Live Response to access your sub-estates' devices. If you don't want us to access sensitive devices, use Live Response exclusions.

   • Collaborate: We'll work with your contacts to resolve the threat. If we can't reach the contacts, we'll take action.

     You can authorize our MDR Operations team to take action even if your contacts can't be reached. Select the checkbox below the Collaborate option.

   • Notify Only: If you select this, we can't take action against threats. We can only do limited investigation and notify your authorized contacts.

     We don’t recommend using this setting for an extended period of time.

   

4. Click Save.

Customize settings

You can set custom MDR preferences for specific sub-estates.

For example, you can choose different MDR contacts for different sub-estates. You can only select administrators assigned to that sub-estate. We show you the administrators assigned to your selected sub-estate.

To customize your settings, do as follows:

1. Go to My Products > MDR.
2. Click Settings.
3. Select the Customize Settings tab.

4. Select a sub-estate and click one of the following options:

   • Set custom settings: This lets you enter custom settings for this sub-estate, using the MDR custom settings page that opens.
   • Set from sub-estate: This opens the sub-estate's MDR settings page in Sophos Central Admin so that you can edit the settings.
   • Reset to defaults: This applies the default settings you entered in Sophos Central Enterprise.

   

5. Click Save.