Greetings,I am running in to an issue where there are a few dozen remote endpoints which are active but not present on the portal. I need to get the clients checking back in, but everything I have found which should readily work either requires physical interaction with an advanced startup or will require the tamper protection, which I do not have as the endpoints are not in the portal.I have confirmed I am looking at the correct tenant for each endpoint, so they're not sitting in the wrong locations. It's possible to get on-site for these devices, but it would be a much better use of time to be able to get them to check in remotely. Remote access to the endpoints is not an issue.
Thank you for any potential insight into this.Andrew
Thanks for reaching out.
I'd suggest checking if you can find the affected devices listed under "Logs & Reports > Recover Tamper Protection passwords".
There is also an additional drop-down menu in Sophos Central which will state "Recently online" by default. If you change this to "All" do you see the devices in the list?
Kushal,Thanks for the response.I had checked the tamper protection recovery. Unfortunately, it looks like the agents are outside the 90-day window. I also had the "all computers" filter enabled, so there was nothing keeping them from showing up if they were on the account.I also verified the client ID on the affected devices to verify they are configured to be in the correct tenant, as well as pulled their endpoint IDs and tried manually navigating to them by replacing the ID of an existing endpoint in the tenant portal. This, unfortunately, did not work.Andrew
The checks you've performed here are the same ones I would have suggested. If the devices are outside of the 90 day period Sophos Central retains data for, Tamper Recovery may be the only option.
Once the recovery process is complete, you can instead run "SophosSetup.exe --registeronly" as opposed to doing a full uninstall and re-install, which may help speed things up to some degree.
Kushal,Can this be done entirely remotely? It's my understanding the tamper recovery requires booting into advanced startup for part of it which I would love to avoid since that would mean either user interaction or my being on-site.Andrew
Accessing a device when booted into advanced startup is not possible without a KVM or similar solution.
Unfortunate. Well, there's my answer, I guess. Thanks for the clarification!