Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

We’re excited to announce changes designed to enhance Sophos Central login and new user enrollment. These enhancements are now available when signing into all Sophos Central applications.  

What has changed?

User PIN Requirement Change to 6

During the current Sophos Central enrollment flow, users are required to enter a unique number (a PIN). This PIN can then be used with an emailed one-time-password plus their account password for login. Previously, in some experiences, the PIN was allowed to be 4 characters however we have changed this to require 6 numbers to enhance security incrementally and to ensure consistency. This will only be seen during new user enrollment to Central or if a user has their MFA reset. In other words, users with already-configured 4-digit PINs will continue to be able to use them until an MFA reset is performed on their account.

Sophos.com New User Enrollment and Password Reset Emails

In a world where users are trained to spot the phish, new user enrollment and password reset emails need to be from a verifiable source. Previously, these emails were sent from Microsoft “on behalf of Sophos PROD” (msonlineservicesteam@microsoftonlone.com). We have updated the sender for these invites to be do-not-reply@central.sophos.com so that they easily appear as authentically from Sophos and are consistent with other Sophos email experiences. In addition, this should remove past problems with intermittently delayed emails from Microsoft for enrollment invites and password resets.

 

Picture above: Password reset email from Sophos Central with updated do-not-reply@sophos.com.