arrow_back Back to Professional Services

MDR Guided Onboarding: Mid-Market (251-1000 users)

Product code: PE0ZTCCAA · SKU: PRPE0A00ZZPCAA

Updated February 2026

MDR Guided Onboarding: Mid-Market is intended for organizations with fewer than 1000 users that are new to Sophos Central. Guided Onboarding is a Professional Services bundle with several distinct phases. An introductory call is arranged with the Professional Services Operations team to review the service journey and to schedule engagement meetings with Professional Services Engineers for the following phases:

  • Endpoint/Server implementation
  • MDR Integrations/NDR Sensors implementation
  • XDR Training
  • Security Posture Assessment

Please note these reminders about Guided Onboarding:

  • Guided Onboarding = A Journey
  • Structured onboarding support, not instant or on-demand assistance
  • Standard Lead Time
  • 7 to - business days for scheduling and service activities
  • No Project Manager Assigned
  • Service is delivered without a dedicated PM
  • Out of Scope
  • Sophos Email, Firewall, Workspace Protection, Optix and Mobile are not included

Endpoint/Server Implementation

Professional Services Engineers will assist with the deployment of Sophos Central client software and provide guidance and knowledge transfer. This enables your IT staff to become familiar with the key concepts in the configuration and management of the Sophos Central Endpoint/Server security solution. The following is an outline of the tasks and knowledge transfer that may be completed :

Activities

  • Endpoint/Server deployment planning
  • Competitor removal review/testing
  • Up to 4 products/versions
  • Devise installation process
  • GPO,3rd party tools (e.g., SCCM, PDQ, etc.)
  • Review installation logs
  • Deployment testing (up to - devices)
  • Endpoint/Server Agent GUI
  • Tamper Protection
  • Events/Logging
  • Self-Help
  • Review and configuration of up to 2 each of the following policies
  • Threat Protection
  • Defining Exclusions
  • Peripheral Control
  • Application Control
  • Web Control
  • Update Management
  • Windows Firewall
  • Overview of Server Lockdown and File Integrity Monitoring concepts
  • Logs and Reports
  • Events
  • Custom Reports
  • Scheduling
  • Audit Logs
  • Threat Cases
  • Live Discover
  • Review/Implement Active Directory Synchronization
  • Installation of up to 2 Update Cache/Message Relay
  • Sophos Central Alerting
  • Configuration of Email Alerting
  • API Token Management for SIEM Integration
  • Communicating with Sophos Technical Support
  • Gathering Diagnose logs
  • Continued deployment assistance to Endpoints/Servers during the engagement
  • The number of devices deployed is wholly dependent on the customer
  • Q&A (as time permits)

MDR Integrations Implementation

Professional Services Engineers will assist with the deployment of MDR Integrations and provide guidance and knowledge transfer. The following is an outline of the tasks and knowledge transfer that may be completed:

  • Implementation of MDR Integrations
  • Configuration of API credentials (as needed)
  • Downloading and installation of OVA Template or script for Log Collector (as needed)
  • Configuration of virtual host
  • CPU
  • RAM
  • HDD
  • NICs
  • Creation of MGMT and Syslog interface (as needed)
  • Reviewing requirements for firewall allowances (as needed)
  • Verifying data collection
  • Checking interfaces in GUI and CLI
  • How to contact the Sophos MDR Team
  • Walk through Sophos Central MDR Reporting
  • Q&A (as time permits)

Out of scope

  • Modification to the Sophos product code base
  • Configuration of third-party products within the client network which are responsible for network traffic flow.

Client Obligations

  • The client will be responsible for ensuring that the baseline requirements for the installation of the Sophos solution are in place prior to the start of the engagement. These requirements are outlined in the pre-requisite guides, end user documentation or as communicated by the Sophos Advisory Services team.
  • Client will provide a point of contact with the necessary skills and systems access to third-party products required to complete the installation.

NDR Sensors Implementation

Professional Services Engineers will assist with the deployment of NDR Sensors and provide guidance and knowledge transfer. The following is an outline of the tasks and knowledge transfer that may be completed:

  • Implementation of NDR Sensors
  • Downloading of OVA, ISO, or script as needed
  • Configuration of virtual host (as needed)
  • CPU
  • RAM
  • HDD
  • NICs
  • Best practice walk-through of Initial Setup Wizard
  • Creation of MGMT and SPAN (on virtual host)
  • Registration of NDR Sensor
  • Synchronization with Sophos Licensing Servers
  • Configuration of NDR Sensor
  • Registering with Sophos Central
  • Accepting NDR Sensor within Sophos Central
  • Discussion on gathering network traffic
  • i.e. SPAN port
  • Verifying NDR Sensor data collection
  • Checking interfaces in GUI and CLI
  • How to contact Sophos MDR Team
  • Walk through of Sophos Central NDR Reporting
  • Q&A (as time permits)

Out of scope

  • Modification to the Sophos product code base
  • Configuration of third-party products within the client network which are responsible for network traffic flow.

Client Obligations

  • The client will be responsible for ensuring that the baseline requirements for the installation of the Sophos solution are in place prior to the start of the engagement. These requirements are outlined in the pre-requisite guides, end user documentation or as communicated by the Sophos Advisory Services team.
  • Client will provide a point of contact with the necessary skills and systems access to third-party products required to complete the installation.

XDR Training

This course is designed for technical professionals who will be administering Sophos Central and are looking to enhance their threat hunting skills using Sophos XDR.

This course is provided in a virtual classroom utilizing a Zoom or Microsoft Teams meeting. This course is completed in one session and is expected to take up to 8 hours.

You can have up to 4 people from your team attend this training on the same day.

The training consists of presentations and practical lab exercises to reinforce the content taught. To access the training labs, you will need to allow outbound access from your network for RDP using TCP port 3389.

Objectives

On completion of this course, participants will be able to:

  • Understand modern cyber attacks
  • Construct queries using the XDR interface
  • Search for Indicators of Compromise (IOC)
  • Trace the source of process, network, and file activity
  • Query devices for vulnerabilities / missing patches
  • Perform Threat Graph analysis and remediation
  • Use Investigations to identify potential IOCs

Prerequisites

This course covers advanced concepts using Live Discover from the Threat Analysis Center.

  • Attendees should be familiar with the Sophos Central Dashboard.
  • Experience with Windows networking and the ability to troubleshoot issues.
  • A good understanding of IT security.

## Lab environment

Each participant will be provided with a pre-configured environment which simulates a company using Windows devices.

Security Posture Assessment

The goal is to understand and advise on your current security posture and is not intended to perform troubleshooting or impact any immediate changes to the environment or resolve open issues. The Security Posture Assessment begins with a conference call and remote screen sharing session which may last up to 4 hours. The following will be performed during the meeting and documentation will be provided within - business days.

Sophos Central Health Check

Our Health Check of your Central environment is designed to make sure you are following our best practices, ensuring you get the most out of our endpoint solution.

Professional Services Engineers will review and provide guidance on the following:

  • Global Settings
  • General
  • Tamper Protection
  • Global Exclusions
  • HTTPS Updating
  • Multi-factor Authentication (MFA)
  • Endpoint Protection
  • Controlled Updates
  • Server Protection
  • Manage Update Caches and Message Relays
  • Controlled Updates
  • Endpoint Policies (up to 2 of each policy type)
  • Endpoint Threat Protection
  • Peripheral Control
  • Web Control
  • Server Policies (up to 2 of each policy type)
  • Server Threat Protection
  • Peripheral Control
  • Web Control
  • File Integrity Monitoring

NIST Assessment

The NIST Cyber Security Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. Completing the assessment will provide you a report giving insight into your organization’s current maturity. You will have actionable recommendations to improve your security posture.

EASM and Dark Web Scanning

The final task we will perform is an external device discovery scan, locating systems that are available on the public internet. We will complete vulnerability scans on these devices to assess if they are susceptible to attack. Finally, we will look to see if any of your corporate information can be found on the Dark Web.

Sophos Advisory Services