Sophos provides the ability to associate your Microsoft Azure accounts with your Sophos Central account to improve the management of Sophos Server Protection on Azure Virtual Machines. This knowledge base article answers the frequently asked questions on Microsoft Azure integration with Sophos Central.
Applies to the following Sophos product(s) and version(s) Sophos Central Server Protection
The following questions are answered:
This integration with Azure improves the management of Sophos Server Protection on VMs in Azure. It will:
Azure integration is covered under both Server Standard Protection and Server Advanced Protection licenses. A license is required for each virtual machine that is protected with a Sophos Server Protection Agent.
Note: If using Windows Virtual Desktop, when running the Windows 10 Enterprise multi-session version for pooled desktops, you will need a Server Protection agent.
Both Windows and Linux servers can be managed:
Create an application in your Azure Active Directory first. Once the Application registration is complete and the recommended permissions have been given, you can associate the Azure Active Directory in your Sophos Central account under System Settings > Connect to Microsoft Azure. Take a look at Microsoft Azure: Application registration and setting permissions.
Go to the Servers > Azure VMs area within the Sophos Central Admin console. If you have not connected your Azure Active Directory, the list will only display servers running in Azure that have a Sophos Server Protection Agent installed. When your Azure account is connected, the list is extended to show ALL VMs, identifying whether each VM has a Sophos Server Protection Agent installed or not. Connecting your Azure account to Sophos Central will also augment the list with additional metadata including running state, VM ID, Resource Group Name, VM location, and more.
Sophos provides the ability to connect your Azure Active Directory with your Sophos Central account to improve the management of Sophos Server Protection on Azure virtual machines.
By providing credentials for an application registration in your Azure Active Directory, you are explicitly granting Sophos permission to connect to your Azure Active Directory for read-only access to information relating to Azure virtual machines. This connection from Sophos Central will enable Azure virtual machine information to be displayed and deleted virtual machines to be removed automatically.
The Azure application identity and secret key are stored with AES 256 encryption (using a unique key) within a key store. These credentials are removed automatically when the Azure Active Directory connection is removed from Sophos Central.
Other non-personally identifiable data stored for the purposes of providing this Sophos Central Azure service are stored in a separate database. In more detail, this data includes, although is not limited to, the Active Directory identity and name, Subscription identity and name and Virtual Machine information such as Virtual Machine identity, name, location, resource group, OS type, availability set identity, power state and provisioning status time. Active Directory data is automatically removed when the Active Directory connection is removed from Sophos Central.
When a VM is deleted in Azure, the server will be removed from the Sophos Central console automatically within a few minutes. License usage information in Sophos Central will also be updated automatically.
You can download a VM Extension script from Sophos Central to protect your Azure Windows Virtual Machines (VMs) with Intercept X for Server as you create them.
The script is support on Server 2012, 2012 R2 and 2016. The following Microsoft article details how to use your script in Azure:
The following provides example information on how to deploy VMs with Sophos Agent from launch and creating and deploying from an image with Sophos Agent for Windows servers:
The following provides example information on how to deploy VMs with Sophos Agent from launch and creating and deploying from an image with Sophos Agent for Linux servers:
The Sophos Server Protection Agent can be installed on existing Azure VMs by following the guidance in the following article:
Automatic license release is not yet supported for scale set VMs protected by Intercept X. The Sophos Central API can be used to automate device removal.
The credentials for your Azure Active Directory '********' are invalid.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.