Hii
Our company manages devices via Intune. Sophos Endpoint Protection is installed on all devices. In addition, encryption is managed via Sophos Device Encryption.
Some of our customers also use Intune to manage devices. For new devices, we always set them up first and manually add them to the Encryption Policy after they are set up so that the prompt for encryption appears.
Is there a way to automate this process?
Thanks!
Hi Joël Walker ,
Thank you for reaching out to the Sophos Community Forum.
We currently don't have documented instructions or scripts on how to automate the process of adding devices to the Encryption Policy. But I checked internally, and if you have a large number of devices to add, you can use the Sophos Central API with either a PowerShell or Python script.
However, automating this process by pushing a PowerShell script to machines is not recommended, as it poses a security risk due to the script storing API credentials. But if you decide to give this one a try, here's an outline of the script idea:
1. Create a text file that contains a list of hostnames to be added to the Central Encryption policy.
2. Using the input file, utilize the Sophos Central API to assign the required policy to all the endpoints in the list.
3. Make sure the script is run only by the administrator as it requires API credentials for access.
Remember to always exercise caution and follow best security practices when working with API credentials or automating processes.
I hope this helps.
