I setup a new account & tenancy for Sophos and AAD earlier this month.
Got the AAD Sync setup, users populated across based on the group set and all seemed fine.
Started deploying Sophos through InTune this week and I find that the 'People' tab in Central is now essentially dual populated.
It's got ticked entries for all the users who are installed, e-mail address and such - and it's got the 'AzureAD\username' entries for what the Sync had populated. Though the AzureAD entries don't have a an email address - which seems to be the main difference and what I can only suspect is root of the issue. Like Sophos is recognising logins by UPN rather than AzureAD.
This in turn suggests to me that I've got the Sync setup wrong - but I'm not clear on how exactly I'm supposed to set it to pick up by UPN. Should I be doing it by user filter rather than group ID?
Any suggestions welcomed.