Sophos Central Partner. help

Similar documents
Sophos Central Enterprise. Help

Sophos Central Admin. help

Sophos Central Admin. help

Sophos Central Admin. help

WeCloud Security. Administrator's Guide

Comodo Comodo Dome Antispam MSP Software Version 2.12

Sophos Central Enterprise

Comodo Antispam Gateway Software Version 2.12



Sophos Enterprise Console help. Product version: 5.5

Sophos Enterprise Console

Sophos Enterprise Console Help. Product version: 5.3


Sophos Mobile Control startup guide. Product version: 7

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

Mail Assure Quick Start Guide

McAfee Endpoint Security

On the Surface. Security Datasheet. Security Datasheet

Extract of Summary and Key details of Symantec.cloud Health check Report

Comodo Antispam Gateway Software Version 2.11

Centralized Policy, Virus, and Outbreak Quarantines

Sophos Mobile. startup guide. Product Version: 8.1

Sophos Mobile as a Service

DSS User Guide. End User Guide. - i -

Entrust. Discovery 2.4. Administration Guide. Document issue: 3.0. Date of issue: June 2014

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Comodo Antispam Gateway Software Version 2.1

Sophos Mobile SaaS startup guide. Product version: 7.1

Service Manager. Ops Console On-Premise User Guide

Important Information

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

BBVA Compass Spend Net Payables

Firewall XG / SFOS v16 Beta

User Guide. Version R95. English


Sophos Mobile. startup guide. Product Version: 8.5

Sophos Enterprise Console

Chatter Answers Implementation Guide

GRS Enterprise Synchronization Tool

User Guide. Version R92. English

Sophos Mobile. super administrator guide. Product Version: 8

Chatter Answers Implementation Guide

Sophos Enterprise Console

Mail Assure. User Guide - Admin, Domain and Level

User Guide. Version R95. English

Partner Management Console Administrator's Guide

End User Manual. December 2014 V1.0

Mail Assure. Quick Start Guide

Trustwave SEG Cloud Customer Guide

Anchor User Guide. Presented by: Last Revised: August 07, 2017

McAfee Network Security Platform 8.3

McAfee Cloud Workload Security Product Guide

Introduction. Logging in. WebMail User Guide

Sophos Mobile Control Administrator guide. Product version: 5.1

Overview NOTE: Listing Overview. User Profile. Language Selection. Asset(s) View. Asset(s) Details. Editing Mode

Sophos Mobile in Central

Comodo Dome Shield - Admin Guide

Sync User Guide. Powered by Axient Anchor

Using Centralized Security Reporting

Managing Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.

Detector Service Delivery System (SDS) Version 3.0

AccessEnforcer Version 4.0 Features List

User Guide. Version R94. English

TrendMicro Hosted Security. Best Practice Guide

Administrator Manual. Last Updated: 15 March 2012 Manual Version:

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

Account Customer Portal Manual

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

Administrator Guide. Find out how to set up and use MyKerio to centralize and unify your Kerio software administration.

KYOCERA Net Admin User Guide

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

Integrate Microsoft Office 365. EventTracker v8.x and above

Sophos Mobile super administrator guide. Product version: 7.1

Administering isupport

Sophos Mobile Control SaaS startup guide. Product version: 7

Guide for Partners. Sophos Central Firewall Manager. Document Date: June June 2016 Page 1 of 15

HIPAA Compliance. with O365 Manager Plus.

ClientNet Admin Guide. Boundary Defense for

Comodo SecureBox Management Console Software Version 1.9

Comodo Dome Shield. Administrator Guide Guide Version Software Version 2.4. Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Sophos Appliance Configuration Guide. Product Version 4.3 Sophos Limited 2017

ClientNet. Portal Admin Guide

Using the Control Panel

Sophos Central Partner ConnectWise Integration. guide

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

The following device commands are used most frequently: Lock/Unlock device O - O O. Reset screen password O - O - Factory reset + Initialize SD Card

Kaseya 2. User Guide. Version 7.0. English

GLBA Compliance. with O365 Manager Plus.

Comodo One Software Version 3.16

Setting up Microsoft Office 365

NotifySCM Workspace Administration Guide

Salesforce CRM Content Implementation Guide

Comodo Client - Security for Linux Software Version 2.2

AgentWorks Administrator and Manager User Guide - Release 12.5

Service Desk Staff Guide. Software version 4.16 Guide version ITarian 1255 Broad Street Clifton, NJ 07013

KYOCERA Device Manager User Guide

ForeScout CounterACT. Configuration Guide. Version 5.0

McAfee MVISION Mobile epo Extension Product Guide

Comodo One Software Version 3.18

Transcription:

help

Contents About help...1 About...2 Dashboard... 3 Alerts...4 Logs... 5 Audit Logs...5 Sophos Central...7 Sophos Central customers...7 Sophos Central Licenses... 7 Managed Customer Usage... 9 Trial Licenses... 10 Deployment...11 Sophos Central Firewalls... 12 Firewall customers...12 Firewall approvals...12 Manage firewalls...13 Settings and Policies...14 Manage Administrators...14 Manage Login Settings... 17 Configure email alerts... 18 Co-branding... 20 Global templates...20 Supported Web Browsers... 50 Get additional help... 51 Legal notices... 52 (2019/04/08)

1 About help This help file provides information about and explains procedures step by step. If you can't find the help you need here, go to the Support section of our website and search there. This finds knowledge base articles or discussions in the Sophos Community. Tip Sign in to here and we'll help you get started. Copyright Sophos Limited 1

2 About allows partners to: Manage customer licenses for products related to Sophos Central. Manage customer security; access customers Sophos Central Admin accounts and act on alerts. Manage customers XG Firewalls through their Sophos Central Firewall Managers. Access the Sophos Partner Portal and all three consoles (, Sophos Central Admin, and Sophos Central Firewall Manager) with a single sign-in. Tip If you need help with the single sign-on, multi-factor authentication and getting started with Sophos Central Partner, please watch this video. You can access in either of these ways: Using the Sophos Partner Portal (https://partnerportal.sophos.com/), by clicking Manage Sophos Central at the top of the page. From Sophos Central, by following this link: https://central.sophos.com/manage/partners. 2 Copyright Sophos Limited

3 Dashboard The Dashboard provides access to the most important information about your customers at a quick glance. It consists of the Sophos Central and Sophos Central - Firewalls areas. For each of the areas, it shows license information that requires, or will soon require an action. For example, the number of expired or nearing expiration licenses or over the limit license usage. You can also see the total number of your Sophos Central and Sophos Central Firewall customers. When you click on a category on the Dashboard, you are taken to a more detailed view of the licensing information in that category. For example, clicking on Near Expiration will take you to the Sophos Central Licenses page with the Near Expiration filter applied. There, you can see the date when the license expires, name of the customer, name, ID and type of the license, as well as usage limit and actual usage. Click on Sync now to force a Professional Services Automation (PSA) sync. See the Sophos Central Partner ConnectWise Integration Guide. Copyright Sophos Limited 3

4 Alerts On the Alerts page, you can view the alerts for your Sophos Central customers that have Partner Assistance enabled. To search for alerts raised in a customer s Sophos Central Admin console, enter the customer s name. To display all the records again, clear the search field. You can filter the list of alerts based on their priority. You can choose to: Show All Alerts (default) Show High Alerts Only Show Medium Alerts Only Show Info Alerts Only Launch Sophos Central Admin If Partner Assistance is enabled in the customer s Sophos Central Admin console, you can open their console and take action on alerts. Partner Assistance can be enabled by the customer s Sophos Central administrator. The customer can enable Partner Assistance in their Sophos Central Admin console under Account Details > Sophos Support > Enable Partner Assistance. For more information about the Sophos Central Admin console, see https://www.sophos.com/en-us/ support/documentation/sophos-central.aspx. Export to CSV You can export the list of alerts to a comma separated value (CSV) file. Click Export to CSV. 4 Copyright Sophos Limited

5 Logs The Logs pages provide reports on the security features in and your customers. You can view and export a record of all activities that are monitored by using the Audit Log report, see Audit Logs (page 5). 5.1 Audit Logs You can use Audit logs to view and export a report that includes: All actions carried out in. All actions by customers managed from. Your admin role affects what you see in the Audit log. If you don't have access to a customer, you don't see that customer's actions. To find the Audit Log reports, go to the Logs page. All activities for the past 7 days are shown in the Audit Log by default. You can view all activities for up to 90 days. You can export an Audit Log report containing a record of all activities in the last 90 days. The Audit Log lists the following for each activity: Date: Date and time when the activity or change occurred. Event Location: Where the event occurred. This could be or one of the customers. Modified by: The account that made the change or signed in. Item type: The type of activity or change. For example Users and Groups were changed. Item modified: What was added, changed or deleted. For example the name of a new user that was added. Description: More details about the activity or change. For example a successful authentication by a Sophos Central Admin account. IP Address: The IP Address from where the activity or change was carried out. Filter You can filter the Audit Log by date range, event locations and by search results. You must click Update to apply the filters. Date: Use this option to set the date range for the activities you want to view. You can select any date within the last 90 days. The date range works with the Search field and the Audit Log shows the items related to your selected date range and search term. If you do not enter a search term or filter, the Audit Log shows all activities for your selected date range. Event locations: You can filter results by All locations, Partner only and Customers only. Copyright Sophos Limited 5

Search There is a limited search available. The Audit Log shows the items related to your search term and the selected date range. If you do not set a date range the Audit Log shows the items related to your search term for the last 7 days, by default. You can search by: Customer: Shows all changes and activity made from a specific customer over the selected date range. IP Address: Shows all changes and activity from an IP Address over the selected date range. Modified By: Shows all changes and actions made by a Admin account over the selected date range. Export You can export an Audit Log report that contains a record of activities for a selected date range or the last 90 days. You can filter the Audit Log before exporting. Search filtering applies to all export options. The date range does not. To export an audit report: 1. Filter the Audit Log, if required. Click Update to apply the filters to the Audit Log. 2. Click Export on the right-hand side of the Audit Log page and choose an option from the dropdown list. CSV of current view or PDF of current view: Exports the current view as a comma separated file or as a PDF file. If you select one of these options all currently selected filters are applied to the exported file. CSV of past 90 days or PDF of past 90 days: Exports activities from the past 90 days as a comma separated file or as a PDF file. If you select one of these options only search filtering is applied to the exported file. 3. Review the audit report to check that it contains the information you require. 4. Change the audit report name. Audit reports are exported as audit.csv or audit.pdf. 6 Copyright Sophos Limited

6 Sophos Central If your customers use Sophos Central Admin, you can request their approval for you to be able to manage their consoles and help them with some management tasks or alert resolution. 6.1 Sophos Central customers The Sophos Central Customers page contains the list of your Sophos Central Admin customers and shows the status of their licenses. Click Show my protection only to view the active license categories. To search for a customer, enter the customer s name. To display all the records again, clear the search field. Clicking on a customer s name opens the customer s contact info pop-up. Create Monthly Account You can create managed customer accounts, click Create Monthly Account. See Monthly Usage Account (page 10). Launch Sophos Central Select a customer and click Launch Sophos Central. If Partner Assistance is enabled in the customer s Sophos Central Admin, you can open their console. Partner Assistance can be enabled by the customer s Sophos Central administrator. You can't see, enable or disable this option in the customer s Sophos Central Admin console. Partner Assistance is enabled automatically when you create a trial for a customer. If a customer created a trial themselves, Partner Assistance is not enabled automatically and the customer has to enable it in their console. The customer can enable Partner Assistance in their Sophos Central Admin console under Account Details > Sophos Support > Enable Partner Assistance. For more information about the Sophos Central console, see https://www.sophos.com/en-us/support/ documentation/sophos-central.aspx. 6.2 Sophos Central Licenses The Sophos Central Licenses page contains the list of Sophos Central licenses that your customers have. It displays the total number of licenses. It also shows the licenses that are near expiration, expired or have exceeded their usage limit. Copyright Sophos Limited 7

To search for a customer, enter the customer s name. To display all the records again, clear the search field. Clicking on a customer s name opens the customer s contact info pop-up. Click on a license to see its information. Renew Now If you are viewing expired or expiring licenses, the Renew Now button is displayed at the top of the page. Select a license and click Renew Now to create an order for the customer in the Sophos Partner Portal. Once you have purchased a Sophos Central license, a license key is issued and sent to the email address you specified. If the license key has been sent to you, enter the license key, see Apply License Key (page 8). If the license key has been sent to your customer, they will have to enter it in their Sophos Central Admin console. The term of the license will begin once the license key is entered. Export to CSV In the All Licenses view, you can export the license list to a comma separated value (CSV) file. Click Export to CSV. 6.2.1 Apply License Key You can activate a new license on the Sophos Central Licenses page. You can also activate an upgraded license there if necessary. Some upgraded licenses are activated automatically. Alternatively, if at the time of ordering you specified the customer's email address for sending the license to, the customer can enter the license key in their Sophos Central Admin console. Important You can't reverse license activation. Make sure that you apply the correct license key to the customer. For assistance, contact Customer Support. To activate a license, do as follows. We're changing license activation. The choices in the last step below might not be available yet. 1. On the Sophos Central Licenses page, enter the key: If you see Apply Activation Key, enter the key and click Apply. If you see an Apply License Key link, click it. Then enter the key and click Apply. 8 Copyright Sophos Limited

2. If the account already has licenses for the features included on the key, you might see another dialog. This lets you choose how to use the new licenses. Change adds the new licenses to the current licenses now. We'll adjust the license term so that all the licenses expire on the same date. See the example below. Renew starts the new licenses when the current licenses expire. Click Apply again. How the "Change" option works A customer orders 50 licenses for one year. Six months later, they place another order for 50 licenses for one year. If the customer selects Change, we do as follows: Add the new licenses to the older ones. So the customer has 100 licenses. Add the remaining time on the older licenses (50 x 6 months) to the time on the new licenses (50 x 12 months). The total is 900 months. Distribute the time over all 100 licenses. So the licenses now run for 9 months from the date when the key was applied (and their expiry dates are adjusted accordingly). So the customer has 100 licenses that will all expire 9 months from now. In most cases the existing license expiry date gets extended but do check the new expiry date shown. 6.3 Managed Customer Usage The Managed Customer Usage page contains the list of your managed customers. You can view all of your managed customers, those using licences you own and those using their own licenses. For each customer you can see whether they have a termed or monthly license. You can also see the number of licenses they have. To search for a customer, enter the customer s name. To display all the records again, clear the search field. Create Monthly Account Click Create Monthly Account to create new customer accounts, see Monthly Usage Account (page 10). Launch Sophos Central Admin Select a managed customer and click Launch Sophos Central Admin to open their Sophos Central Admin console. For more information about Sophos Central Admin, see https://www.sophos.com/en-us/support/ documentation/sophos-central.aspx. Copyright Sophos Limited 9

License Details Select a managed customer and click License Details to review their license information. You can renew licenses by clicking Renew Now, see Sophos Central Licenses (page 7). Export to CSV You can export the managed customer list to a comma separated value (CSV) file. Click Export to CSV. 6.3.1 Monthly Usage Account You must be a Managed Service Provider (MSP) Flex partner to create a monthly usage account. You can't convert new trial accounts to monthly usage accounts. You can create a monthly customer account from the Sophos Central Customers page or from the Managed Customer Usage page. To create a monthly customer: 1. Click Create Monthly Account. 2. Enter the details for the customer. 3. You can now start deploying the products. 6.4 Trial Licenses This page lists the trial licenses your customers have, together with their start and end dates. You can also search for a customer. You can create new trial licenses and convert trial licenses to full Sophos Central licenses. You can't create Monthly Usage accounts from trial accounts, see Monthly Usage Account (page 10). Start New Trial Clicking the Start New Trial button on this page takes you to the Sophos Partner Portal and opens the Create a new trial account online form. In the online form, fill in the details of the customer. Type in their company name, address, email, and so on. When finished, click Create Trial Account. The new trial appears in. No email notifications about new trials are sent. 10 Copyright Sophos Limited

Apply License Key You can convert a trial license by buying a Sophos Central license. Once you have purchased a Sophos Central license, a license key is issued and sent to the email address you specified at the time of ordering. If the license key has been sent to you, enter the license key in, see Apply License Key (page 8). If the activation key has been sent to your customer, they will have to enter it in their Sophos Central Admin console. The term of the license will begin once the license key is entered. 6.5 Deployment You can deploy Sophos Central Endpoint protection across any of your sub-estates. You can download an installer that you can use on any supported Windows version. To deploy the installer you need to create an installation script for each sub-estate. To use the installer: 1. Download the installer. You have to use this installer together with the information in the sub-estate CSV file that is available on the same page. 2. Download the CSV file. 3. Use the CSV file and installer to create your installation script. For more information on creating the script see knowledge base article 126951. 4. Use the script to install Sophos Central Endpoint protection. Copyright Sophos Limited 11

7 Sophos Central Firewalls If your customers use Sophos Central Firewall Manager to manage their XG Firewalls, you can request their approval for you to be able to manage their firewalls and help them with some management tasks or alert resolution. For more information about Sophos Central Firewall Manager, see https://www.sophos.com/en-us/ support/documentation/sophos-central-firewall-manager.aspx. Before you can manage your customers firewalls, you need to go through the authorization process. Once you have requested authorization and received approval, you can start selling and managing firewalls. 7.1 Firewall customers On this page, you can view a summary of your Sophos Central firewall customers. You can see how many firewalls they have, how many of those are managed, and the earliest license expiration date. When you select a customer and click the View All Firewalls button, you can view the details of the customer's firewalls. Click Manage license to review and manage their licenses. 7.2 Firewall approvals On this page, you can view and manage firewall authorization for Sophos Central Firewall Manager. Before you can manage your customers firewalls, you need to go through the authorization process. When you first open the Firewall Approvals page, the primary administrator for your account needs to apply for approval (by clicking Apply) and accept the terms and conditions. Once the application is sent, your channel account team at Sophos reviews and approves it. Then you can start sending requests to customers asking to allow you to manage their Sophos Central Firewalls. You can view the numbers and details for the following categories: Requests Not Sent To send a firewall management request, select a firewall entry and click Request to Manage. This sends an email to the customer. The customer can then approve your request from their My Sophos customer portal by following the link in the email. If you don t want to manage a firewall, select it and click Ignore Firewall. Approval Pending Here you can see all your requests that haven t been approved by customers, and the date when you sent each request. To resend a request, select the corresponding entry and click Resend Request. Rejected By Customer Rescinded by Partner Approved Firewalls If you want to stop managing an approved firewall, for example, in case of account changes, select it and click Rescind Management. 12 Copyright Sophos Limited

All Firewalls 7.3 Manage firewalls On this page, you can launch Sophos Central Firewall Manager, by clicking Manage. Sophos Central Firewall Manager allows you to manage multiple customer firewalls from a single console. For more information about Sophos Central Firewall Manager, see https://www.sophos.com/en-us/ support/documentation/sophos-central-firewall-manager.aspx. You can create managed customer accounts, see Monthly Usage Account (page 10). You can then assign firewalls to these new customer accounts. Copyright Sophos Limited 13

8 Settings and Policies You can manage your multi-factor authentication sign-in settings, see Manage Login Settings (page 17). If you are part of the Early Access Program you can manage email alerts for your customers, see Configure email alerts (page 18). You can manage global settings and base policies for your customers, see. Global templates (page 20). 8.1 Manage Administrators On the Manage Administrators page, you can view and manage the Sophos Central and Sophos Central Firewall administrators. You can also see the details of the primary administrator. A primary administrator grants permissions to manage Sophos Central firewalls. By default, non-primary administrators have the right to manage Sophos Central but not Sophos Central firewalls. Partner administrators can only be created in the Partner Portal. The Primary Partner Admin and the Portal Admins can add new administrators. The administrators created in the Partner Portal are synced to. New administrators added in the Partner Portal have a read-only access and are not assigned to any customer until a Super Admin assigns them. The Primary Partner Admin always has the Partner Super Admin role. There can only be one Primary Partner Admin and up to five Portal Admins. Making an user inactive in Partner Portal deletes the Partner Admin in. A primary administrator grants permissions to manage Sophos Central Firewalls. Related concepts Roles (page 14) 8.1.1 Roles Administration roles divide security administration by responsibility level. includes several predefined roles. These roles cannot be edited or deleted. This is the access level for an administrator. The options are Partner Super Admin, Partner Admin, Partner Help Desk or Partner Read-only. There can be multiple administrators with the same role. Primary Partner Admin is a Partner SuperAdmin and their role can't be changed. 14 Copyright Sophos Limited

Role Administrators with this role... Administrators with this role can't... Partner Super Admin There must be at least one administrator with an Partner Super Admin role. Can edit roles and scope (customer access) of an administrator created on the Partner Portal. Have access to everything insophos Central and Sophos Central Admin. In addition they can: Update other partner administrator roles. Choose the customers that the other administrators are allowed to access. Manage licenses. Start trials. Create monthly accounts. Manage global templates. Reset the multi-factor authentication/pin. Manage alert emails for your customers. This option is available if you have signed up to the Early Access Program. Add or delete other partner administrators from Sophos Central Partner. Partner Admin Have access to everything in Sophos Centraland Sophos Central Admin. Access their designated customer accounts. Add or delete other partner administrators from Sophos Central. Change the roles for other partner administrators. Create trials or monthly accounts. Manage global templates. Reset the multi-factor authentication/pin. This role has no other limitations. Copyright Sophos Limited 15

Role Administrators with this role... Administrators with this role can't... Partner Help Desk Partner Read-only Have read-only access for all settings in Sophos Central and Sophos Central Admin. In addition they can: Access their designated customer accounts. Look at sensitive logs or reports. Receive alerts. Mark alerts as resolved if they go to Alerts from the dashboard. They can't mark alerts as resolved on individual devices. Update the Sophos agent software on a computer. Scan computers. Have read-only access for all settings in Sophos Centraland Sophos Central Admin. In addition they can: Access their designated customer accounts. Look at sensitive logs or reports. Receive alerts. Add or delete other partner administrators from Sophos Central. Change the roles for other partner administrators. Create trials or monthly accounts. Reset the multi-factor authentication/pin. Assign policies. Change settings. Manage global templates. Add or delete other partner administrators from Sophos Central. Change the roles for other partner administrators. Create trials or monthly accounts. Reset the multi-factor authentication/pin. Manage global templates. Assign policies. Change settings. Clear alerts. Update the Sophos agent software on a computer. Scan computers. 16 Copyright Sophos Limited

Role Administrators with this role... Administrators with this role can't... Partner Business Admin This role has no access to customer accounts. For instance this means they can't receive alerts. Have access to licensing in Sophos Central. In addition they can: Manage Licenses for all customers and trials. Access any customer accounts using Launch Sophos Central Admin. Add or delete other partner administrators from Sophos Central. Change the roles for other partner administrators. Create trials or monthly accounts. Reset the multi-factor authentication/pin. Assign policies. Change settings. Manage global templates. Receive alerts. Clear alerts. Update the Sophos agent software on a computer. Scan computers. 8.2 Manage Login Settings To manage your multi-factor authentication sign-in settings, click Settings > Login Settings. For more information about multi-factor authentication in Sophos Central, see knowledgebase article 122893. On the Manage Login Settings page, you can: Change your default challenge type. Change the PIN used in conjunction with the secondary email validation method. Challenge Settings You can choose between: SMS Text Message. Enter a cell phone number to receive security codes via text message. Google Authenticator. Use the Google Authenticator app on your mobile device to generate security codes. PIN Settings You can change the PIN used in conjunction with the secondary email validation method. You will need this PIN when you need to verify your login with your email. Enter a new 6-digit PIN and click Submit. Copyright Sophos Limited 17

8.3 Configure email alerts You can manage how you and your customers receive email alerts. You can only do this for Sophos Central Admin accounts you manage. You can't manage email alerts for accounts that your customers manage themselves. Click Partner control if you want to manage email alerts. You can turn Partner control off again if you want your customers to manage their own email alerts. Click Partner control to do this. This also restores any settings previously specified by customers. You can: Manage which administrators get email alerts. Add distribution lists or email address that you want to receive email alerts. Manage the frequency of email alerts. Set custom rules to specify which alerts an administrator gets. Edit the exceptions that have been set up for individual alert types in your customer accounts. You must be a Partner Super Admin to manage email alerts. Administrators The Administrators list shows who receives email alerts by default. The list shows the name, email address and admin role for each administrator. You can choose which administrators you want to receive alerts. Click Yes or No in the administrator's details to do this. Distribution lists You can manage the distribution lists or email addresses that you want to receive email alerts. Use this option to add the email addresses of your distribution lists, ticketing system or people you want to notify about alerts, but do not have access to. If you want to provide access to, add the person as an administrator. Click Add email address. Enter the email address and give a description and click Save. To remove an email address, select the address and click Delete. Frequency You can manage the frequency with which admins receive email alerts. You can set the frequency depending on one of the following: The severity of the alert. The product. 18 Copyright Sophos Limited

The category the alert is in. You can only use one of these attributes to set frequency. You can choose between Immediately, Hourly, Daily or Never. Your choices are used for alerts from all your customers. The Hourly and Daily options aren't a digest of all alerts generated in the specified time. Admins will get an email for each alert. Custom rules By default, admins get all email alerts for all your customers. Custom rules make it easy to specify that some admins will only get alerts for certain customers, products, or events. 1. Click Create new rule. 2. In Role, choose an administrator role that this rule will apply to. Click Next. 3. In Administrators and Distribution lists, choose administrators that this rule will apply to. You can also add distribution lists. Use this option to add the email addresses of your distribution lists, ticketing system or people you want to notify about alerts, but do not have access to. Click Next. 4. In Customers, choose the customers that this rule will apply to. Click Next. 5. In Alert types, choose the types of alert to send. You can select the type by severity, product or alert category. Click Next. You must choose at least one option for each attribute. 6. In Name & Description, name your rule. Click Save. The rule is now shown in the Custom rules list. To see details of a rule, click the fold-out arrow next to it in the list. To pause a rule, edit it or delete it, click the appropriate icon beside it in the list. Hover over icons to see what they do. Exceptions The Exceptions list shows the exceptions you have set. These change the frequency of email alerts for certain alert types. You set them in individual alert details on the Alerts page in Sophos Central Admin. You can also edit them here. Copyright Sophos Limited 19

8.4 Co-branding You can set up co-branding, that is add your branding to the Sophos Self Service Portal. You can have your logo displayed to your customers' end users in the Sophos Self Service Portal. Important By default all your customers get the logo you choose here. If you want some customers to get a different logo, or no logo, go to their individual Sophos Central Admin accounts and set custom cobranding there. Click Settings > Co-branding. Add a logo Click Browse (on the right of the page), select a file to upload and click Save. Logo images must meet the requirements shown on the page. Change or remove the logo To add a new logo, or to go back to the Sophos logo, you must remove any current logo. Click Remove under the logo preview and click Save. 8.5 Global templates You can create templates that consist of settings and base policies. You can apply these templates to groups of your customers. A global template lets you: Apply the same settings to all customers in a group. Stop customers from changing your settings. Update templates and push changes to customers. Admins with the Primary Partner Admin and Partner Super Admin roles can manage global templates. The Global Templates page shows your templates, the number of customers they apply to, when the template was last pushed and their push status. You can filter the templates by searching for a customer. Click a template name to see the customers, global settings and base policies associated with it. To push a template to customers, select the template and click Push. Pushing a template can take a few minutes. 20 Copyright Sophos Limited

Related concepts Template (page 21) Related tasks Create a template (page 21) Clone a template (page 22) 8.5.1 Create a template To create a template: 1. Go to Settings and Policies and click Global Templates. 2. Click Add Template. 3. Give the template a name. You can also give it a description. 4. Click Edit Customers. 5. Select the customers you want to apply this global template to and add them to the Assigned customers list. Available managed customers are customers that are managed by a partner and not assigned to any other template. 6. Click Save. 7. Click Global Settings and click on the settings you want to change. 8. Click Base Policies and click on the base policies you want to change. 9. Click Push to customers and then click Push to confirm. You need to push the template to your customers. Changes take effect after you have pushed the template. All assigned customers have their base policies and global settings locked in Sophos Central Admin. Related tasks Push a template (page 23) 8.5.2 Template You can see the customers, base polices and global settings associated with the template. You can edit, clone or delete templates and push them to customers. The Customers tab lists the customers associated with the template, see Customers (page 23). Use the Global Settings tab to specify security settings that apply to your customers, see Global Settings (page 23). Use the Base Policies tab to customize base policies for your customers, see Base Policies (page 27). Related tasks Edit a template (page 22) Clone a template (page 22) Delete a template (page 23) Push a template (page 23) Copyright Sophos Limited 21

Clone a template You can clone an existing template, assign it to new customers, and edit the settings and policies. You can then push the new template to your customers. The list of assigned customers is not cloned. 1. Select the template. 2. Click Clone. 3. Give the template a new name. You can also give it a description. 4. Click Edit Customers. 5. Select the customers you want to apply this global template to and add them to the Assigned customers list. Available managed customers are customers that are managed by a partner and not assigned to any other template. 6. Edit the Global Settings. 7. Edit the Base Policies. 8. Push the template to your customers. Changes take effect after you have pushed the template. Related tasks Push a template (page 23) Edit a template You can edit an existing template, assign it to new customers, or edit the settings and policies. You can then push the new template to your customers. If you want to switch customers from one template to another you need to remove them from a template before adding them to another template. 1. Select the template. 2. Click Edit. 3. Click Edit Customers, if required. You can: Select customers you want to apply this global template to and add them to the Assigned customers list. Click OK to confirm the additions. Assigning a customer to a template locks the base policy in Sophos Central Admin. Remove customers from a template by selecting them in the Assigned customers list and adding them to the Available managed customers list. Click Unassign to confirm their removal. Removing a customer leaves them with the last settings pushed to them. Customers can reset the base policies and settings in Sophos Central Admin. 4. Edit the Global Settings. 5. Edit the Base Policies. 6. Push the template to your customers. Changes take effect after you have pushed the template. Related tasks Push a template (page 23) 22 Copyright Sophos Limited

Push a template When you add a customer to a template, all the global and policy settings covered by the template are locked in Sophos Central Admin. They take effect when you push the template. Pushing a template can take a few minutes. To push a template: 1. Select the template. 2. Click Push to customers. 3. Click Push to confirm. The status of push is indicated on the Global Templates page. It also shows the last time the template was pushed and who pushed it. Delete a template To delete a template: 1. Select the template. 2. Click Delete. 3. Confirm that you want to delete the files by selecting Yes, I want to delete this template and clicking Delete. Deleting a template leaves customers with the last base policies and settings pushed to them. Customers can reset the base policies and settings in Sophos Central Admin. 8.5.3 Customers You can only do this if you are part of the Early Access Program. When you add a customer to a template, all the base policies and settings covered by the template are locked. They take effect when you push the template. Customers you add won't be able to change any base policies or custom global settings shown in the template. To change the list of customers: 1. Click Edit Customers. 2. Select customers in the Available managed customers list and add them to the Assigned customers list. Available managed customers are customers that are managed by a partner and not assigned to any other template. 3. You can remove customers by selecting them in the Assigned customers list and adding them to the Available managed customers list. 4. Click Save. 5. Click Push to customers. Pushing a template can take a few minutes. 8.5.4 Global Settings You can only use these options if you are part of the Early Access Program. Copyright Sophos Limited 23

The Global Settings tab is used to specify security settings that apply to your customers. Customers won t be able to change these custom settings. You can specify different security settings depending on the global template you apply to your customer. The pages displayed depend on the features included in your licenses. Some settings are only available in the base polices. Related concepts Base Policies (page 27) Allowed applications (page 24) Related tasks Website Management (page 26) Global Scanning Exclusions (page 25) Allowed applications If you have allowed applications in Sophos Central Admin you can't see them in the list of allowed applications in. Any applications that you allow in are merged into the list of allowed applications in Sophos Central Admin when you push a template to your customers. About allowed applications Our software detects threats that are previously unknown. However, it may sometimes identify an application as a threat, even though you know that it s safe. When this happens, you can allow the application. This does as follows: Prevents this detection from happening again. Restores all copies that have been cleaned up (removed from computers). Alternatively, you can allow an application in advance, so that it won't be detected when you install it for users. Think carefully before you do this as it reduces your protection. Allow an application in advance You can allow an application in advance, so that it won't be detected when you install it for users. Only allow an application if you know it's safe but think it might be detected as a threat. Think carefully as doing this reduces your protection. that: You can only allow the application by using its path (location). This allows the application to start, but we ll still check the application for threats, exploits and malicious behavior when it's running. 1. On the Global Settings page, click Allowed Applications. 2. Click Add apps by path. 3. Enter a path. You can use variables if the application is in a different location on different computers. 24 Copyright Sophos Limited

Edit the path for an allowed application You can change the path that you specified when you allowed an application. 1. On the Allowed Applications page, find the application. The current path is shown in the details. 2. Click the edit icon (the pen) on the far right of the page. 3. In the Edit path dialog, enter the new path. When you edit a path, details of the original detection (user, computer and path) are removed from the list. Start detecting an application again If you want Sophos to start detecting and removing an application again, you remove it from the Allowed applications list. Select the application and click Remove (in the upper right of the page). Global Scanning Exclusions You can exclude files, websites and applications from scanning for threats, as described below. We'll still check the excluded items for exploits. These exclusions will apply to all your users (and their devices) and servers. If you want them to apply only to certain users or servers, use the scanning exclusions in the Sophos Central Admin policies instead. Customers won't be able to add to the Global Exclusions list from Global Settings. They can add global scanning exclusions from the events list. These are not added to the global scanning exclusions list you can view and edit in Sophos Central. Global scanning exclusions pushed from Sophos Central are merged with the Sophos Central Admin list. 1. In Global Settings, click Global Scanning Exclusions. 2. Click Add Exclusion (on the right of the page). The Add Scanning Exclusion dialog is displayed. 3. In the Exclusion Type drop-down list, select a type of item to exclude (file or folder, website or potentially unwanted application). 4. Specify the item or items you want to exclude. The following rules apply: File or folder (Mac and Linux). You can exclude a folder or file. You can use the wildcards? and *. Examples: /Volumes/excluded (Mac) /mnt/hgfs/excluded (Linux) File or folder (Virtual Server). On Windows guest VMs protected by a Sophos security VM, you can exclude a drive, folder or file by full path. You can use the wildcards * and? but only for file names. Copyright Sophos Limited 25

Process (Windows). You can exclude any process running from an application. This also excludes files that the process uses (but only when they are accessed by that process). If possible, enter the full path from the application, not just the process name shown in Task Manager. Example: %PROGRAMFILES%\Microsoft Office\Office 14\Outlook.exe To see all processes or other items that you need to exclude for an application, see the application vendor's documentation. You can use wildcards and variables. Website. Websites can be specified as IP address, IP address range (in CIDR notation), or domain. Examples: IP address: 192.168.0.1 IP address range: 192.168.0.0/24 The appendix /24 symbolizes the number of bits in the prefix common to all IP addresses of this range. Thus /24 equals the netmask 11111111.11111111.11111111.00000000. In our example, the range includes all IP addresses starting with 192.168.0. Domain: google.com Potentially Unwanted Application. Here, you can exclude applications that are normally detected as spyware. Specify the exclusion using the same name under which it was detected by the system. Find more information about PUAs in the Sophos Threat Center. 5. For File or folder exclusions, in the Active for drop-down list, specify if the exclusion should be valid for real-time scanning, for scheduled scanning, or for both. 6. Click Add or Add Another. The exclusion is added to the scanning exclusions list. Website Management You can extend the website filtering provided by Sophos Central. In Website Management, you can use a website list to tag websites. This puts them in groups, which are like custom categories. You can then use them in Web Control policies in Sophos Central Admin to control these websites for certain users. If you think Sophos has put a website in the wrong category, you can ask us to change it. Go to https://www.sophos.com/en-us/threat-center/reassessment-request.aspx. 1. Click Add in the upper right of the page. The Add Website Customization dialog is displayed. 2. Enter sites. Entries in the website list can be single URLs, full domains, TLDs, IP addresses, CIDR ranges, or even top level domains. 26 Copyright Sophos Limited

Managing websites using IP addresses only controls browser-based access. It does not block other applications or interact with rules for a local firewall. 3. Select Enable Tags to associate a tag with the sites you have entered. Then type a tag name. Tags can be used when creating web control policies in Sophos Central Admin. 4. Enter text in the Comments text box. It can be helpful to include information about tags you have created and categories you have overridden for troubleshooting policy issues in the future. 5. Click Save. Your entry will be added to the website list. 8.5.5 Base Policies You can only use these options if you are part of the Early Access Program. If you're new to policies, read this page to find out how base policies work. What is a policy? A policy is a set of options that Sophos Central applies to protected users, devices or servers. There is a policy for each product, or for a feature that s part of a product (for example, there is a policy for the application control feature). Users, devices and servers have separate policies. What is a global base policy? Each feature has a base policy. Sophos provides this policy and initially it applies to all users (and devices) or all servers. For some features, like threat protection, Sophos configures the base policy with the best practice settings. You can leave it unchanged if you want to. For other features, like application control or peripheral control, which are more specific to your network, you must edit the policy to set up the feature. The base policy is always available and is used if you don't have other policies activated. You can't disable or delete the base policy. What is in each global base policy? A global base policy lets you: Configure base policy settings for your customers, see Edit a base policy (page 28). Copyright Sophos Limited 27

Specify which customers the policy applies to. You do this using a Global Template, see Global templates (page 20). Customers won't be able to change any of the base policies shown here. Which base policies can I set globally? You can set up a base policy for Email Security, see Email Security (page 29). You can set up a base policy for Device Encryption, see Encryption: Device Encryption (page 32). You can set up base policies for endpoints, see: Endpoint: Application Control (page 33) Endpoint: Peripheral Control (page 34) Endpoint: Threat Protection (page 35) Endpoint: Update Management (page 38) Endpoint: Web Control (page 38) Endpoint: Windows Firewall (page 40) You can set up base policies for servers, see: Server: Application Control (page 40) Server: Lockdown (page 41) Server: Peripheral Control (page 42) Server: Threat Protection (page 44) Server: Update Management (page 47) Server: Web Control (page 47) Server: Windows Firewall (page 48) Edit a base policy 1. Click on a template on the Global Templates page. 2. Go to Base Policies. You see a list of base policies. 3. Find the base policy you want to edit and click it. 4. In the base policy, use the tabs to: Assign the base policy. For example, assign it to specific users, groups or devices. Enter settings for the base policy. See the Help topic for that base policy type. Enable or disable the base policy. 28 Copyright Sophos Limited

Email Security The following settings only apply to inbound messages with the exception of Enhanced Email Malware Scan, which applies to both inbound and outbound messages: Spam Filtering Each email message is analyzed and given a spam score. The higher the score the more likely the message is to be spam. Messages with the highest spam scores are rated as Confirmed Spam. Messages are categorized based on their spam score and you can choose how the categories are processed. Messages are split into: Confirmed Spam: These are messages that conform to known and verified spam patterns. Bulk: These are messages that are dubious mass mailings. Suspected Spam: These are messages that have been identified as suspicious. Non-Spam: These are messages that are confirmed to come from a trusted source and or contain no spam characteristics. For each category choose an Action from: Quarantine Deliver Delete The default settings are: Confirmed Spam: Quarantine Bulk: Quarantine Suspected Spam: Deliver Non-Spam: Deliver Quarantine Settings You can choose to send a quarantine summary message to each protected mailbox. The message contains a table containing spam messages that were quarantined since the last summary message was sent. You can schedule when the messages are sent. Users can release or delete quarantined spam messages by clicking the appropriate link in the quarantine summary message. To set up quarantine summary messages: 1. Switch on the sending of quarantine summary messages. 2. Select the Time Zone, Days and Time you want the messages sent. Tip All days are selected by default. Click on the day to deselect it. Copyright Sophos Limited 29

3. Click Save. Sender Checks Sender checks allow you to verify whether an email originates from where it claims to come from. Email Security uses DMARC, SPF, DKIM and Header anomalies to do this. Sender checks are performed in the order they appear on the UI. If an email fails the first sender check, the other checks will not be carried out. You can override the sender checks by adding domains and email addresses to the Allow list. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy and reporting protocol. It builds on the DKIM and SPF protocols to detect and prevent email spoofing. You can control what happens to messages that fail DMARC checks. Select from: Conform to sender policy: What happens to the message depends on what the sender stated in their DMARC policy. (This is the default value). Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. Quarantine: Message is quarantined. Reject: Message is rejected. Deliver: Sends the message to the mail server for delivery. SPF (Sender Policy Framework) allows you to verify that incoming email comes from an IP address authorized by the sending domain's administrators. Emails from IP addresses marked as "fail" by the sending domain's administrators are rejected. Spam and phishing emails often use forged From addresses. This results in an SPF check rejecting the email. DKIM (DomainKeys Identified Mail) is an authentication framework used to sign and validate a message based on the domain of the sender. You can control what happens to messages that fail DKIM checks. Select from: Reject: Message is rejected. (This is the default value). Quarantine: Message is quarantined. Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. Deliver: Sends the message to the mail server for delivery. The Header anomalies check identifies email that appears to come from your own domain but originates from an external domain by checking the from header of the email against the recipient domain. If the domain in the from address matches the recipient domain, the mail is considered to be spoofed. You can control what happens to messages that fail the Header Anomalies check. Select from: Tag subject line: Email Security adds a tag to the message's subject line indicating that it is a spoofed message. (This is the default value.). Quarantine: Message is quarantined. Reject: Message is rejected. 30 Copyright Sophos Limited

Deliver: Sends the message to the mail server for delivery. Enhanced Email Malware Scan This setting applies to inbound and outbound messages. It is an enhanced email content and file property scan and it is our highest level of protection against email malware. It is on by default. Important If malware is detected in a message, it is always discarded. Email Advanced license features These features are turned on by default. They are also turned on when a new policy is created. (This applies to both existing and new Email Advanced licenses.) Time of Click URL Protection: When Time of Click URL Protection is enabled, URLs contained within inbound messages are rewritten so that they point to Sophos Email instead of the original destination. When the link is clicked, Sophos Email performs an SXL lookup, and if it is malicious it is blocked. If the URL is clean, the action taken when you click the link will depend on what you have specified in the policy. For example, if you have medium risk websites set to Allow, once the link has been checked and has been classified as not malicious, the link will take you to the original link destination. The domain name will be displayed at the start of the rewritten URL so that you can see where the link will send you, if allowed. For example d=domain.com. You can select the action you want to take for websites with a reputation of high risk, medium risk, and unverified. Choose either Block, Warn, or Allow for each reputation category. You cannot Allow high risk websites. URLs you add to the Time of Click allow list are never rewritten at time of click. You can also control whether URLs are rewritten in plain text messages and within securely signed messages. Plain text messages: refers to emails with no HTML formatting. Without HTML formatting, when URL rewriting is enabled, the entire encoded URL will display in the email. You can bypass URL re-writing in these messages by deselecting the Rewrite URLs in plain text option. Copyright Sophos Limited 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback