I have in my Sophos central a device in "unmanaged devices"
I checked the agent and i haven't errors.
I tried to unistall agent but i don't be able because tamper is enable and by console i can't because devices in "unmanged devices" can't to be modify.
The agent is connect correctly on local panel
Thank you for reaching the community, The possible reason for this unmanaged device was you have ad sync active in your environment, so it imports all devices from your AD to central. However, since the package that has been used on this device isn’t the package that came from the Sophos central you used to manage, it won't be able to manage this device and will show unmanaged. To correct this, you may need to check if you have any other Sophos central account you used before either trial or license and validate that the said device is managed under those accounts. If so? Then you can retrieve the TP and register the device under your Sophos central account that you used to manage via re-installation of the package or via running (--registeronly) switch on the command prompt. If the above scenario is not applicable, you may need to manually recover the tamper protection password on this device by following this community article. And proceed with the reinstallation of the endpoint.
Thank you GlennSen
Yes, i have imported all devices from my AD.
I have three unmanaged computers, one i was able to disable tamper through your link and now, after reinstalling agent, computer is "managed". But the other two don't actualy have the Sophos Agent and i don't wanto install agent. How can these computer delete from central control?
Thaks a lot
Hello Rob,Thank you for your reply. Since AD Sync is active, even if you delete those two devices on your central, it will come back again after the AD Sync performs its auto sync. To avoid it from coming back again, you need to move those machine to a different OU on your AD, which does not include in your AD sync. Or if all of your OU on your AD has been imported through ADSync, you can create a Separate OU for that two devices and exclude it from your ADSync. In that way, once your ADSync performs sync, those two devices won't be registered again on central. I hope this helps you with your query.