On January 31st the Intercept X Advanced with EDR Early Access Program (EAP) will be closing down. From January 21st the EAP will be closed to new customer registrations and no new endpoints can be assigned to the Early Access Program for existing customers who have joined the EAP.


What will the experience be for customers coming out of the Early Access Program on January 31st?

For customers who had joined the Early Access Program and have purchased Intercept X Advanced with EDR, things will continue to work in the same way as they already are. As endpoints are removed from the Early Access Program they will be prompted to reboot those endpoints but no new endpoint software will need to be downloaded. Customers should ensure that the ‘Allow computers to send data on suspicious files and network events to Sophos Central’ policy setting is enabled in Threat Protection policies where customers want to send data to Sophos Central on portable executable files with an uncertain or bad reputation and the network destinations those files have connected to.


For customers who had joined the Early Access Program and have not purchased Intercept X Advanced with EDR they will no longer see or have access to new EDR capabilities such as the Threat Search, the Clean and Block action, and Admin led Isolation capabilities. From an endpoint perspective once removed from the EAP the endpoints won't need to download any new endpoint software, but you will be prompted to reboot the endpoint.