As of November 30th, 2021, Sophos will no longer support authentication into Sophos Central using admin credentials from the AD Sync utility (username and password); consequently, sync operations will start failing. API credentials will be the only supported authorization method moving forward.
If you’re running an older AD Sync agent than version 4.2.23 (this could happen if your agent failed to auto-upgrade), please follow the instructions in this KBA - Sophos Central: Upgrade the AD Sync Utility to the latest version. We strongly advise that you replace these admin credentials with API credentials as soon as possible.
For the AD Sync utility yet to move to API credentials, we developed an AD sync version that automatically replaces admin credentials with API credentials. The intention is to minimize the disruption of sync operations. This functionality will be remotely turned on starting mid-October.
In addition, recent AD Sync versions(4.0.2.21 and later) exercise a new and more scalable data transport layer from the agent to Central.
Please ensure that the URLs listed under the “Sophos AD Sync utility” section in this KBA - Domains and ports to allow aren’t blocked by your corporate FW.
The new data transport layer and any future functionality will be only available for the Ad Sync utility using API credentials.