Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 9834 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remove endpoint device from Sophos Central

Gregory Shearer

We use Sophos Central for our organization. We are an educational institution, with a one-to-one laptop program for our students, and Sophos is installed on these devices. When students graduate, they can take their laptop with them. That means they also have Sophos still installed unless they manually remove it. Graduates are notified that they need to uninstall Sophos and install an alternative solution, since we have a limited number of device licenses.

The problem is that we have no way to remotely uninstall Sophos or permanently remove these devices from our Sophos Central account, because the next time a device updates, it is re-added. Is there any solution or a workaround?



This thread was automatically locked due to age.
  • +1

    Hi  

    If your objective is to save the license count, you may simply remove the respective client computer and the user entry from the Sophos Central Dashboard. (The clients can longer be managed by you and it will not re-register automatically to the central account). Once the clients & user are removed, the license count should be restored within 24-48 hours.

    Once you have removed the client entry, over a period of time the client computer will stop receiving the definitions and eventually the end user would have to remove or get a new license.

    Note: make sure you disable the tamper protection or share the tamper protection password to the respective user before removing the client entry.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0

    Thank you for your response, Gowtham. I posted my question, because I was informed by Sophos that, if I removed a device from our SC account, it would simply return, when the client computer next updates. If  I understand you correctly, your response indicates that is not true.

    Regarding your statement about tamper protection. I do not enable this feature, because doing so makes it just not logistically possible to inform all users about their tamper protection password. It would be nice, as I have stated in feedback, to have the tamper protection be a policy rather than a universal option, so I could put accounts into it to enable the owners of the computers to remove the application without a password.

    Best,

    Gregory

  • 0 in reply to Gregory Shearer

    Hi  

    The clients that were removed from the Central dashboard will not automatically re-register back again. However, you can manually make it re-register as mentioned here.

    Having the Tamper protection disabled for all the client is not something I would advise, it leaves the client vulnerable and modern threats are very much capable of removing or corrupting the AV files. Regarding the tamper protection as a policy, we already have a feature request. Please vote for it so that it might be taken into consideration by the respective team.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Gowtham Mani

    Thanks for the additional information. I have voted.

    We are an educational institution with a one-to-one laptop program. As such, when students graduate, they can take the laptop with them. This means about 190 clients suddenly leave our domain each year. It is just not feasible to send them all a passcode for the TP. From the start, it seemed odd that TP is a global setting rather than a group policy. This only encourages organizations to keep the feature disabled. I initially had TP enabled, but quickly realized how problematic it was for the IT support, so I fairly quickly disabled it.

Unfiltered HTML