Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 6241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central Policies vs. Enterprise Console Policies

Fahid Shaheen

Hi everyone.

I'm new to Sophos Central and at the moment we're testing it to see if it's a viable solution for our organization.

We already have Sophos Enterprise Console on-prem.  My initial view is that everything that we already have in SEC, we can implement via SC, bar one important thing... the policies.

Server policies are obvious and I like the use of user based policies, but what options are there for device based policies?

We're on a single forest multi-domain environment with each domain owned by different organizations.  So what happens when a user from within the forest but not our domain, logs on to one of our PCs?

We need to be able to secure both user activity and devices.

Cheers.



This thread was automatically locked due to age.
Parents
  • 0

    HI Fahid , 

    We have policies for Server(Machine based policy does not rely on user's policy ), User policy (User based policy , can be applied on Multiple devices the user logs  onto. As the user logs into a system which is the first time for the system . Sophos Endpoint would allow the user to login as per AD creds. As soon the user is allowed to be logged in it would contact the Central for apply the user policy . If the user is not listed on Central , it would automatically create the user as the username used.  If the user is listed in the Central Console and would log in to another system the Central would Sync the Policy defined for that user otherwise it would follow the base Policy .

    You may opt for a trial and test with your domain, to see for yourself.  You may also refer the KB article https://sophos.com/kb/121858 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya,

     

    Many thanks for your response on this.

     

    I see how we can use the base user policy for none AD users... that should be fine.

    But let me use a scenario.

    • You have a device with a Windows desktop OS (so server policies cannot be applied). But due to requirements, Bluetooth and Optical Drive write need to be enabled.
    • You want any user, using the said machine to be able to use those functions BUT you don't want them to be able to do that on all PCs.

    How do you implement a policy to achieve this?

     

    Cheers.

Reply
  • 0 in reply to Aditya Patel

    Hi Aditya,

     

    Many thanks for your response on this.

     

    I see how we can use the base user policy for none AD users... that should be fine.

    But let me use a scenario.

    • You have a device with a Windows desktop OS (so server policies cannot be applied). But due to requirements, Bluetooth and Optical Drive write need to be enabled.
    • You want any user, using the said machine to be able to use those functions BUT you don't want them to be able to do that on all PCs.

    How do you implement a policy to achieve this?

     

    Cheers.

Children
Unfiltered HTML