In my Sophos Endpoint application I got a notification with 'Data protection is off'. Where in the Sophos Central portal do I turn it on?
This thread was automatically locked due to age.
In my Sophos Endpoint application I got a notification with 'Data protection is off'. Where in the Sophos Central portal do I turn it on?
We just started to see this on devices in our network. What is troubling to us is that it states it has notified the IT Administrator, but no notification has been received by them (which is me). From a optics perspective, this message is worrier because our end users are going to think the machines are unprotected, but when I review the information on the computer through the console, all components are running and the Sophos Endpoint does communicate that the machine is protected.
We do have the licenses for Device Encryption, the device that I am specifically troubleshooting has the Bitlocker enabled and managed through Sophos. What is the next step needed to ensure that our data protection is on?
I have just started to see this on my network as well.
31 machines in the last 2 days have gone from managed to unmanaged for Encryption.
All machines show that they received an update just before changing to unmanaged, first machine was 14th Feb.
I have logged a support call with Sophos Support - as looking at the machines they all seem fine.
All services are running correctly and they have a green tick in sophos central.
Same here we have encryption enabled and managed by Sophos but still see that "Data protection is off"
My group has not gotten any notification about this.
We are also facing this issue. With the new installer, the device encryption is not kicking in anymore on new installations. TPM is ready and Group Policy settings are set up correctly. No way to manually kickstart the Device Encryption either unfortunately. Device Encryption service is running, licenses are available. Tried assigning the policy to an individual device as well as via device groups, restarted several times, cleared tpm several times. Not sure what to try more.
What's also worrying is that Sophos Central states "The Device Encryption status changed from Not available to Unmanaged" in events, but in the status tab it is showing the green checkmark at "Sophos Device Encryption Service". Whereas I used to get notified that "A device that should be encrypted is not encrypted", I have not received such an alert mail now.
Hope this gets fixed very soon.
In Endpoint Self-Help I now see that "Encryption is off by policy", but that's not right. It is in fact turned on, but apparently the client is not reading the policy settings from Sophos Central correctly.
It seems that the issue lies in the encryption policy assigned to a device group. I previously mentioned that assigning it to a device individually did not work, but in fact that is now working. I previously had the policy enabled via device group AND assigned it to the device individually, which didn't work. I now removed that device from that group and re-assigned the policy to the device individually, and finally the device encryption was triggered.
So hoping for a Sophos representative to read this and take a look at assigning policies via device groups, which seems to be broken.
I've done what you suggested and that did work until I re-assigned it back to a group policy. Once I did that, it went back to reporting that the data is unprotected. I would agree that Sophos will hopefully see this and work on getting a resolution to this, since how my organization is set up, I cannot leave all our machines in a default state of protection because of the exceptions that need to be made are unique to the role the staff here have.
