We have some user endpoint installed offsite, these systems are not added in console center, how to add, and how to apply policy them?
I assume you are using Sophos Enterprise Console to manage the computers?
Have you considered migrating to Sophos Central as the management platform to make the management of computers easier?Regards,
Thank you, Jak,
Yes, We are using Enterprise console, without goto Sophos central what else option to apply the policy for an offsite user?
There are a few options:
1. VPN of course
2. Setup a public accessible Message Router - https://community.sophos.com/products/endpoint-security-control/f/sophos-endpoint-software/3154/configure-endpoint-server-10-with-rms-behind-a-firewall-nat-don-t-want-to-use-message-relay might detail some of what you may need if you go down this route. I.e. port forwarding and setting a FQDN in the router's IOR. It's not trivial but can be done and might be more complex given your environment and what computers are available to you to use.
3. To get policy to endpoints but have no reporting you can configure policy in the CIDs with XML files. Using ExportConfig and ConfigCID. I assume you have publicly accessible web cids the clients update from? https://community.sophos.com/kb/en-us/13111
To be honest, I would seriously consider getting a Sophos Central account, test managing a couple of computers for a month for free and see how it goes. Maybe then contact Sales to see if you can get some licences moved from on-prem to Central.
Is there any reason Central is not an option as this is the future of Sophos? The protection and reporting offered is so much better.