Skip to content

MDR settings

Configure Managed Detection and Response (MDR) for your sub-estates.

Managed Detection and Response (MDR) is a service that warns you about threats and helps you resolve them.

You can set MDR contacts for your sub-estates in Sophos Central Enterprise. We use these as the default contacts for any new sub-estates.

If you have MDR contacts set up for a sub-estate in Sophos Central Admin, we don't override them with the contacts you set in Sophos Central Enterprise.

You can modify existing contacts for a sub-estate in Customize preferences.

Enter MDR settings

By default, your preferences apply to all your sub-estates.

You can customize your preferences for specific sub-estates if you want to.

To set or edit MDR settings, do as follows:

  1. Go to MDR.
  2. Click Settings.
  3. On the Authorized Contacts tab, enter contact details for admins who will get MDR notifications and work with the MDR team. If there's an active threat, we'll contact each of them in turn until we get a response.

    1. In the Primary drop-down menu, select an administrator.

      You can only choose an Enterprise Super Admin. We show you your available Enterprise Super Admins.

      You must have at least a Primary contact. We recommend that you create all three contacts in case the primary contact is unavailable when the MDR Ops team needs to contact you.

    2. Enter the admin's contact details.

    3. Enter Secondary and Tertiary contacts. If a sub-estate doesn't already have contacts assigned to it, the contacts you've set here become its MDR contacts.

    Authorized Contacts tab.

  4. Click the Threat response tab and choose how you want us to respond to active threats.

    • Collaborate: We'll work with your contacts to resolve the threat. If we can't reach the contacts, we'll take action.
    • Authorize: We'll take any action needed to resolve the threat, and we'll notify your contacts.
  5. Click Save.

If you're setting up MDR for the first time, you must ensure that the Sophos MDR agent (which is included in the endpoint protection installer) is installed on the sub-estate's computers. See Deployment.

Customize settings

You can set custom MDR preferences for specific sub-estates.

For example, you can choose different MDR contacts for different sub-estates. You can only select administrators assigned to that sub-estate. We show you the administrators assigned to your selected sub-estate.

To assign more admins, see Assign admins to sub-estates.

To customize your settings, do as follows:

  1. Go to MDR > Settings.
  2. Click Customize preferences and do as follows:

    1. Select a sub-estate.
    2. Choose how to manage the MDR settings for the sub-estate.

      • Use configured settings: Click this to apply the default settings you entered in Sophos Central Enterprise.
      • Set preferences from Enterprise level: Click this to enter custom settings for this sub-estate, using the MDR settings page in Sophos Central Enterprise.
      • Set preferences from sub-estate level: Click this to open the sub-estate's MDR settings page in Sophos Central Admin so that you can edit the settings.

    Customize preferences tab.

  3. Click Save.

Assign admins to sub-estates

You can assign admins to sub-estates as follows:

  • Assign an Enterprise Super Admin that has Admin permissions for a specific sub-estate to that sub-estate.
  • Assign a Sophos Central administrator to a sub-estate.

To do this, go to MDR > Customize preferences, select the sub-estate and click Define Central Admin.