Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/partner/help/en-us/index.html?contextId=mdr-settings

MDR settings

Configure Managed Detection and Response (MDR) for your managed customers.

Managed Detection and Response (MDR) is a service that warns you about threats and helps you resolve them.

This page tells you how to configure MDR.

Note

If you're setting up MDR for the first time, you must ensure that the Sophos endpoint software is installed on your customers' computers. See Installers.

Enter MDR settings

By default, your settings apply to all your customers. You can customize your settings for specific customers if you want to.

To set or edit MDR settings, do as follows:

  • Set authorized contacts.
  • Set the threat response.

Set authorized contacts

Enter contact details for admins who will get MDR notifications and work with the MDR team. If there's an active threat, we'll contact each of them in turn until we get a response.

Show me how

You must set at least one contact before you can configure other MDR settings.

Restriction

  • You can only add partner details in MDR settings for MSP customers that you manage.
  • Customers who purchased termed licenses must have a local Super Admin as the primary contact.

To set your authorized contacts, do as follows:

  1. Go to My Products > MDR.
  2. Click Settings.

  3. Select the Default Authorized Contacts tab.

    Authorized Contacts tab.

  4. Click the drop-down arrow under Primary and select one of your Sophos Central Partner admins. Enter their contact details.

    If you don't want the admin to get MDR reports or broadcast announcements by email, select the opt-out checkboxes.

  5. Set Secondary and Tertiary contacts, if you want to, and enter their details.

    You must at least have a Primary contact. We recommend that you create multiple contacts in case the primary contact is unavailable when the MDR Ops team needs to contact you.

  6. Click Save.

Set the threat response

Show me how

Specify how we respond to active threats, as follows:

  1. Go to My Products > MDR.
  2. Click Settings.

  3. Select the Default Threat Response tab and select one of these responses:

    • Authorize: We'll take any action needed to resolve the threat, and we'll notify your contacts.

      Leave the Live Response checkbox selected. The MDR Operations team uses Live Response to access your customers' devices. If you don't want us to access sensitive devices, use Live Response exclusions.

    • Collaborate: We'll work with your contacts to resolve the threat.

      You can authorize our MDR Operations team to take action even if your contacts can't be reached. Select the checkbox below the Collaborate option.

    • Notify Only: If you select this, we can't take action against threats. We can only do limited investigation and notify your authorized contacts.

      We don’t recommend using this setting for an extended period of time.

      Threat response tab.

  4. Click Save.

Customize settings

You can set custom MDR settings for specific customers. For example, you can choose different MDR contacts for different customers.

  1. Go to My Products > MDR.
  2. Click Settings.
  3. Select the Customize Settings tab.

  4. Select a customer and click one of the following options:

    • Set custom settings: This lets you enter custom settings for this customer, using the MDR custom settings dialog that opens.
    • Set from customer account: This opens the customer's MDR settings page in Sophos Central so that you can edit the settings.
    • Reset to defaults: This applies the default settings you entered in Sophos Central Partner.

    Customize preferences tab.

  5. Click Save.