A getting started guide to help you get up and running with Sophos Endpoint—setting up your environment, installing the agent, and applying common customizations.
Custom guide active
Select a guide or get one that fits your individual needs.
We've created this getting started guide to help you get up and running with Sophos Endpoint. It takes you through setting up your environment, installing Sophos Endpoint, and adding some of the most common customizations.
Sophos Endpoint is a powerful solution for safeguarding your digital environment. Watch our four-part webinar series to learn about the different steps in optimizing Sophos Endpoint.
We recommend you prepare your environment for ease of management and to reduce the chance of issues. if you want to deploy the product immediately, skip to Install Sophos Endpoint.
Ensure your environment meets the following requirements:
Synchronize your users, devices, and groups from Entra ID or Active Directory so you can assign security policies based on your existing directory structure.
These instructions tell you how to set up a Microsoft Entra ID directory source. You can synchronize users and groups from Microsoft Entra ID to Sophos Central. You can synchronize from multiple Microsoft Entra ID domains.
These instructions tell you how to set up Active Directory as a directory source. You can synchronize users, devices, and groups. You can also synchronize public folders and mailboxes. You can synchronize different domains in the same forest and select multiple child domains within a single forest.
We recommend that you install the endpoint software on a small number of devices at first. This lets you check for conflicts with other products before you deploy it to all devices.
If you have a small number of devices or want to test the product, manually download and run the installer.
You can automate deployment for your Windows devices.
You can automate deployment to macOS devices using Jamf Pro. Our document describes using Jamf Pro, but these files work with any deployment.
You can deploy Sophos Endpoint to Linux devices manually, or script the deployment. If you have virtual machines, an auto-scaling or load-balancing environment, or many Linux devices, consider creating a gold image with Sophos Endpoint.
Sophos has pre-configured policies to ensure you have the best protection possible so you can be up and running in no time. However, in some cases, you might want to customize some of these settings.
SSL/TLS decryption of HTTPS websites allows Sophos Endpoint to decrypt, scan, and act on the contents of secure web pages. We recommend that you turn it on. However, you might want to exclude some sites because decryption might let our product record personal information and show it in logs.
Many vendors provide a list of recommended security exclusions for their products to improve performance.
Sophos has a list of common applications with their vendor-recommended security exclusions. If you encounter significant performance degradation with an application not currently on our list, it's recommended to reach out to the vendor to confirm if they have a recommended list of security exclusions for their product.
We recommend configuring a scheduled scan once a week to gather information about data stored on your computers that isn't frequently accessed.
See Threat Protection policy – scheduled scanning.
You can configure an acceptable web usage policy for users and exclusions for specific users. For example, you can block access to social media websites for all your users except the Marketing team.
If you want to allow access to a specific website that’s in a blocked category, you can override the category.
You can block applications that aren’t a security threat but that you decide are unsuitable for use in the office, such as games or unsupported web browsers.
You can control which peripherals and removable media can be used in your environment. Check which peripherals endpoints use, block access to new or existing peripherals, and allow read-only access for some peripheral types.
Data Loss Prevention (DLP) controls accidental data loss. DLP enables you to monitor and restrict the transfer of files containing sensitive data.
By default, we update Sophos products on your computers automatically. The Update Management policy lets you control the day and time when updates become available on your network. This ensures that your computers don't start updating until a time that best suits you. You can also configure what software packages to apply to a small subset of computers. This allows for testing of new releases before they're rolled out to the rest of your computers.
See Configure updating policy.
XDR customers can integrate third-party security products with Sophos Central. These products can then send alerts to the Sophos Data Lake, where you can analyze them.
You can integrate some popular third-party products free of charge.
You can get an overview of your Sophos protection report over the past 30 days. This report can be exported as a PDF.
Use the Account Health Check dashboard to verify that your account has the best protection. For example, see whether you're using all the protection features included in your license.
Find out about the reports you can generate. You can customize reports, save them and send them out as scheduled emails.
You can configure how administrators sign in to Sophos Central and which products or features they can manage.
Allow your users to sign in using Entra ID, Open IDC, or ADFS credentials. To do this, you must make sure that all your administrators and users are assigned to a domain and have an identity provider.
Configure management access to Sophos Central:
You can also configure federated sign-in to provide a Service-Provider initiated single-sign-in for your administrators and users to access Sophos Central. If you choose to use federated sign-in, Sophos Central will verify identities using an identity provider. See Set up federated sign-in.
To get the best technical support, collect logs and turn on remote assistance for Sophos Support.