MDR settings

Configure Managed Detection and Response (MDR) for your sub-estates.

Managed Detection and Response (MDR) is a service that warns you about threats and helps you resolve them.

This page tells you how to configure MDR.

Enter MDR settings

By default, your settings apply to all your sub-estates. You can customize your settings for specific sub-estates if you want to.

To set or edit MDR settings, do as follows:

• Set authorized contacts.
• Set the threat response.

Set authorized contacts

Show me how

Enter contact details for administrators who will get MDR notifications and work with the MDR team. If there's an active threat, we'll contact each of them in turn until we get a response.

You must enter at least one contact before you can edit any other MDR settings.

We'll use these contact details as the default contacts for existing sub-estates and for any new sub-estates.

To set your authorized contacts, do as follows:

1. Go to My Products > MDR.
2. Click Settings.

3. Select the Default Authorized Contacts tab.

   

4. Under Primary, select one of your Sophos Central Enterprise admins from the drop-down menu.

5. Enter the admin's contact details.

   Note

   If you have an existing authorized MDR contact with a country code in their phone number, the phone number field shows that code by default. If the contact's number doesn't have a country code, a message on the MDR Settings page prompts them to add one.

   

   If you don't want the admin to get MDR reports or broadcast announcements by email, select the opt-out checkboxes.

6. Set Secondary and Tertiary contacts, if you want to, and enter their details.

   You must at least have a Primary contact. We recommend that you create multiple contacts in case the primary contact is unavailable when the MDR Ops team needs to contact you.

7. Click Save.

Set the threat response

Show me how

Set a response to threats as follows:

1. Go to My Products > MDR.
2. Click Settings.

3. Select the Default Threat Response tab and choose how you want us to respond to active threats.

   • Authorize: We'll take any action needed to resolve the threat, and we'll notify your contacts.

     Leave the Live Response checkbox selected. The MDR Operations team uses Live Response to access your sub-estates' devices. If you don't want us to access sensitive devices, use Live Response exclusions.

   • Collaborate: We'll work with your contacts to resolve the threat. If we can't reach the contacts, we'll take action.

     You can authorize our MDR Operations team to take action even if your contacts can't be reached. Select the checkbox below the Collaborate option.

   • Notify Only: If you select this, we can't take action against threats. We can only do limited investigation and notify your authorized contacts.

     We don’t recommend using this setting for an extended period of time.

   

4. Click Save.

Customize settings

You can set custom MDR preferences for specific sub-estates.

For example, you can choose different MDR contacts for different sub-estates. You can only select administrators assigned to that sub-estate. We show you the administrators assigned to your selected sub-estate.

To customize your settings, do as follows:

1. Go to My Products > MDR.
2. Click Settings.
3. Select the Customize Settings tab.

4. Select a sub-estate and click one of the following options:

   • Set custom settings: This lets you enter custom settings for this sub-estate, using the MDR custom settings page that opens.
   • Set from sub-estate: This opens the sub-estate's MDR settings page in Sophos Central Admin so that you can edit the settings.
   • Reset to defaults: This applies the default settings you entered in Sophos Central Enterprise.

   

5. Click Save.