Policy update frequency

Hi Richard,

Thanks for reaching out to the Sophos Community Forum.

I was able to locate some additional information on this in the following article. Let me know if this helps. 
- Understand and troubleshoot policy compliance of managed devices

Although the policy is authored in Sophos Central, it is up to the client to check in to Sophos Central to look for updates to the policy at regular intervals.....Typically, this is less than 15 minutes but can be longer if the policy is user-based and activated by a new user signing into a system.

Regarding the Web Control Policy specifically, I'd suggest trying an Incognito browser if User 1's policy appears to still be applied. In some cases, I have found that the browser will cache the "Block" page and continue showing it even after receiving the new policy.

The user policies aren't cached locally for each user so as the new user is recognised a policy request from Sophos Central is required. 

I assume a new status is sent due to the new user, which results in a new policy render in Central for that user.  Then either the client polls for the new config, which I believe is 120 seconds. The config of MCS Client can be read with this one-line PS command::

[xml]$mcs=gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\Config.xml';$mcs.Configuration.McsClient

There is also push notifications, so assume in that case, the polling is a fallback and the policy should be picked up quicker by the client.  There is a push notification section in the above policy.

$mcs.Configuration.McsClient.pushServers

Worth noting, MCSClient can also back-off from time to time under-certain conditions, you can see how often that might be happening by running:

$(gc 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log') | Select-String "\[backoff\]"