Device control policy

Note: This feature is not included with all licenses. If you want to use it, you might need to change your license. For more information, see
Important: Sophos device control should not be deployed alongside device control software from other vendors.

Device control enables you to prevent users from using unauthorized external hardware devices, removable storage media, and wireless connection technologies on their computers. This can help to significantly reduce your exposure to accidental data loss and restrict the ability of users to introduce software from outside of your network environment.

Removable storage devices, optical disk drives, and floppy disk drives can also be set to provide read-only access.

Using device control, you can also significantly reduce the risk of network bridging between a corporate network and a non-corporate network. The Block bridged mode is available for both wireless and modem types of device. The mode works by disabling either wireless or modem network adapters when an endpoint is connected to a physical network (typically through an Ethernet connection). Once the endpoint is disconnected from the physical network, the wireless or modem network adapters are seamlessly re-enabled.

By default, device control is turned off and all devices are allowed.

If you want to enable device control for the first time, we recommend that you:

For more information about the recommended settings for device control, see the Sophos Enterprise Console policy setup guide.

Note: If you use role-based administration:

For more information, see Managing roles and sub-estates.