Avoid duplicate accounts in the People section in the Sophos Centra console.

Hello,

I am new in Sophos.

We deploy our macOS devices using an MDM.

During the Automated Device Enrollment or with the Manual Enrollment process as well,  the MDM will provision a local ADMIN account as we wanted, how macOS FileVault FDE and Security Token work we have to physically log into the admin account to enable the FileVault and assign the Security Token to the Admin account. However, we noticed by doing that, the ADMIN account has been duplicated in the Sophos Central Console/People for the same number of times where we had to log in to the local ADMIN account on each device.

Is there a way to avoid this? 

Also, what will happen if we will delete the Admin account manually? 

Thank you,

Vi



Added Tags
[edited by: GlennSen at 5:14 AM (GMT -7) on 24 Mar 2022]
  • Also, if the device will be wiped and re-assign to a new employee I can see on Sophos Central/Device section the device is duplicated, is there any solution?

    Thank you. 

  • Hi Vincezoiz, 

    Thanks for reaching out to us.

    The user account that gets created when Sophos is installed is so that user-based policies can be applied to the device right-away. If you sign in to the device with a different account and a new user entry is created in Sophos Central, you can delete the Admin user account that was created upon install. 

    The device will remain associated to the new user that has logged in. It is not possible to prevent this initial user creation in Sophos Central.

    When wiping devices and re-installing Sophos onto them, if you'd like for the device name to be displayed differently, you can use the command-line arguments in the following document. 
    -Installer command-line options for Mac

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • FormerMember
    +1 FormerMember in reply to Vincenzoiz

    Hi, 

    In MacOS those admin accounts are distinct entities created locally for each device. Although they all have the same name, they are technically different accounts. 

    I can understand the frustration of having to deal with this. 

    However, you should only be logging in with that admin account once or twice. Or are you using more frequently?

  • Hi Richard, 

    Thanks for your reply.

    I am enrolling around 200 devices Macs and Windows into the MDM and during the enrollment Sophos Intercept X will be installed.

    During the process of enrolling the device, a local support account called ADMIN will be created. Because I will need to log in from the admin account to obtain the FileVault Security Token to make the admin able to unlock the drive, Sophos will register the admin as a user besides the primary user who will use the device every day.

    As I understood the only way is to delete manually the entries from the Sophos Endpoint Console, is it right?

    Thank you,

    Vincenzo

  • FormerMember
    0 FormerMember in reply to Vincenzoiz

    that is the most straight forward method.

    For a single deploy you probably want to do this. However, if scenarios like this will be common (happen more than once a year) for you, you might want to invest in creating a script that uses our API to mass delete elements. 

    If you're interested, you can find more information here. 

    https://developer.sophos.com/

    If it's a 'one and done' scenario - then that's probably not worth it.

    MacOS user accounts are always a little tricky to deal with in these sorts of scenarios. For AD accounts we can check the UUID and remove duplicates. These accounts, though, are unique to themselves and only really match on the display name.

    I will note this down and bring it up with the development team the next time I talk to them. Maybe we can find a solution that avoids this sort of bulk action.