Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
In this step, you prepare to make sure you have the right product license, be ready with the list of assets and validate the devices for minimum system requirements. To get started, follow the below topics.
Choosing your Sophos Endpoint Protection license is essential in preparing for your migration.
Sophos Products are licensed or made available by the applicable units specified in the table below. The Schedule issued by Sophos specifies the number of applicable units that the Customer has ordered for each Product.
Definitions for Sophos Products
1.'Computer' means any device or computing environment which benefits from the Product (for example, but without limitation, workstations, personal computers, laptops, netbooks, tablets, smartphones, and environments connected to an email server, an internet proxy or a gateway device, or a database). The Product does not have to be physically installed on the computer environment to provide benefits, nor is there a requirement for the computing hardware to be owned by the Customer. The term Computer as defined herein includes non-persistent deployments, electronic devices capable of retrieving data, and virtual machines.
2.'Server' means a Computer (I) upon which the Product is installed or (ii) which benefits from the Product, wherein the computer provides at least one application, client service, or capability.
3.'User' means an employee, consultant or another individual who benefits from the Product.
NOTE: The Product does not have to be physically installed on the User's computer environment to provide benefit to the User.
Read more about the licensing guidelines here.
Sophos Central Products
Central Intercept X Advanced
Central Intercept X Advanced with XDR
Central Intercept X Advanced for Server
Central Intercept X Advanced for Server with XDR
Managed Detection and Response
Managed Detection and Response Complete
Managed Detection and Response Server
Managed Detection and Response Complete Server
Sophos Central product licenses have power-packed features to detect, prevent and respond to a threat or malware. The below document will help you understand the available features for the license you choose. https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-license-guide.pdf
If you are yet to decide and feel you need more help to figure it out, we have our best sales team in the wild. Please see the contacts section to reach out to our sales team.
If you already chose your license, continue to read the below sections.
The next thing you do is to collect your devices list from your active directory. This will help identify the license requirements that must be purchased and help prepare those devices for Sophos endpoint protection deployment.
How to collect the asset list
You can collect the asset lists by using your AD (Active Directory) management tool or by using PowerShell to execute a command and export the list.
Using 3rd party tool:
If you manage your active directory via 3rd party tools, you can utilize it to export a list of all computers and save it as a csv file. You may need to customize the columns with specific column names as mentioned below.
“Name, OperatingSystem, ipv4Address, LastLogonDate”
Follow the below steps:
Continue to read the below sections.
We recommend you check the minimum system requirements for your endpoints before we install the Sophos endpoint protection.
Each of the product licenses has varying system requirements and it is important that you verify in at least one computer and one server that it satisfies the recommended values as per the table below.
Windows Endpoint System Requirement
Windows 7, 8, 8.1, 10, and 11
Intercept X Advanced
Intercept X Advanced with XDR
Intercept X Advanced with XDR and MDR
Free disk space
Windows Server System Requirement
Intercept X Advanced for Server
· Hard disk space: 8 GB free
· RAM: 8 GB
· Cores: 2
· 2012 R2
· SBS 2011
· 2008 R2
· Simplified Chinese
· Traditional Chinese
Intercept X Advanced for Server with XDR
· Hard disk space: 10 GB free
Intercept X Advanced for Server with XDR and MDR
For more information about the minimum system requirements, please read the articles below.
Windows Endpoint System Requirements Windows Server system requirements XDR Sensor Only Supported Platform
Step 1 of preparation is now complete, continue to read the below sections.
In this step, you prepare to set up a new Sophos Central account and get it activated. Follow the topics below to get started.
By following the steps below, you can easily signup for a Sophos Central Trial account.
To activate your account and get your security software, do as follows:
With this, you have successfully completed setting up a new Sophos Central account and have activated it. If you are unable to follow the steps, The Sophos Central start-up guide with screenshots can help you with the setup and activation.
Read our GDRP compliance statement in the below article. https://www.sophos.com/en-us/legal/sophos-gdpr
In this step, you must set up the network to ensure it allows Sophos domains and prioritizes devices to install the Sophos endpoint protection.
This is mandatory to perform as it will allow your devices to communicate with Sophos Central.
The list is extensive and is subject to change as the product goes through changes and upgrades. Please visit the link below to know the domains and ports that you need to allow.
URL: Domain and ports to allow
From the list of devices, you have exported from AD, curate another list that has prioritized devices to install with Sophos endpoint protection.
This list can be saved in the same AD exported file or you can create a new file.
In this step, you set up devices to make sure it is updated with the latest windows patch and security updates.
To update your devices with the latest patch and security updates. Review Microsoft’s update procedure and align those with your update management to make sure that devices are up to date.
This also includes that you update your existing endpoint protection solution with the latest updates.
This is only required to make sure that the devices are compliant with your organization’s security policy, and it also reduces the failure of removal of your existing endpoint protection software.
Sophos supports various deployment methods to automate and ease the installation of Sophos endpoint protection to your devices.
Below are some methods we recommend you use for automating the installation.
We have an article describing the steps for each method mentioned above and providing an example of deploying Sophos endpoint protection to a windows device.
URL: Automate the software deployment to devices.
We also allow using 3rd party deployment tools such as PDQ and Ansible. However, the support for troubleshooting issues with this 3rd party application is out of Sophos support scope.
If you need help with a deployment strategy discussion, planning and execution, we strongly recommend you join our Professional services team to help you with customizing the deployment. See the contact section.
In this step, you must choose the right protection modes and review the configuration after deployment.
Before you begin, you need to read about our competitor removal tool (CRT).
The CRT is a program that runs during the deployment/installation of Sophos Endpoint that detects and attempts to remove third-party software. Removal of third-party software is not guaranteed and is optional but turned on by default and it will attempt to remove non-Sophos software.
We have a list of supported 3rd party security products that will be removed by CRT, refer to Sophos CRT product list.
With our next-gen anti-virus solution, we now provide Sensor-only deployments to customers having Intercept X Advanced with an XDR license.
Intercept X Advanced with an XDR license offers XDR Sensor as an installation specifically designed for our customers who wish to see our detection, investigation, and response capabilities along with the existing non-Sophos endpoint protection. Later after the sensor-only installation is completed, you can choose to remove/uninstall the non-Sophos endpoint protection to upgrade it to a full Sophos endpoint protection.
You can either choose to deploy XDR Sensor or full Sophos endpoint protection.
If you do not have the Intercept X Advanced with XDR license, skip to the “Full Sophos Protection deployment” section below.
Note: Before you begin the installation, we strongly recommend you read the XDR Sensor Only Supported Platform.
From the Sophos Central dashboard that will manage the devices, download the installer SophosSetup.exe.
The same applies to Server Protection except that it does not have Device Encryption or the option to choose components. Server Protection comes with Full malware protection and lockdown features depending on the license.
Intercept X is a powerful product. It has multiple layers of protection to protect against lots of different threat vectors and does not rely on one specific form of scanning. As we all know, however, great power comes with great responsibility. That responsibility, in our case, comes in the form of Policy configuration.
Misconfigured policies lead to critical pieces of that threat protection fortress of defence being inactive when the threat actor starts attacking and put you in a position you do NOT want to be in as the IT (Information Technology) guy. We know there are a ton of configuration options available, and it can be a bit daunting at first.
We have an article published on how you can review the policy configuration for Sophos Central Intercept X and follow the best practices. URL: Best Practices for Sophos Central Intercept X Endpoint
Sophos Professional Services
Sophos Sales Regional Contacts
We can probably also add the link to the Licensing page on the Sophos website - https://www.sophos.com/en-us/legal/license-entitlement-and-usage-policy [GR1]