Thread Info
  • State Verified Answer
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 11 subscribers
  • Views 15326 views
  • Users 0 members are here
Options
Suggested

Sophos Cloud Endpoint Grouping

Brian B

So we install our clients to go to a specific group depending on dept. the user is in. Is it possible to move them to another group either with command line or api? I know I can do it in the cloud management, just though it might be easier to do it automatically like when we install.



Updated the tags
[edited by: Gladys at 7:37 AM (GMT -8) on 20 Nov 2023]
Parents
  • 0

    Hi Brian,

    Thanks for reaching out to the Sophos Community Forum. 

    It's possible to do this on installation for device groups by using the --devicegroup switch.

    If you are trying to place the user into a specific group instead, I would suggest using ADSync. Once the groups have been synchronized to Sophos Central, you can navigate to the "Groups" tab when you have the policy open to associate policies to groups as desired.

    Let me know if this helps. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    I am aware of this command line switch, that is what we currently do, hence I already said that in my first post. What I want to know is if it is possible to do it after it it installed? Outside of Central

  • 0 in reply to Brian B

    What I found out via direct testing is that you will need to disable Tamper Protection for each device that you want to move to a different group via CLI AFTER the install.  I have 600+ devices in my org that I need to move into groups, and was told to disable TP on a global level to use the CLI to move them... I wasn't about to disable TP on a global level, so am stuck using the web interface, which is clunky and slow to do for a large number of machines.

    I have a feature request in to allow group modification via CSV import, so maybe, one day, it'll get easier and better.  For now, your options will be to disable TP for each machine, or on a global level, to use CLI, or use the web interface to update those machines.  Pick your poison ;) .

Reply
  • 0 in reply to Brian B

    What I found out via direct testing is that you will need to disable Tamper Protection for each device that you want to move to a different group via CLI AFTER the install.  I have 600+ devices in my org that I need to move into groups, and was told to disable TP on a global level to use the CLI to move them... I wasn't about to disable TP on a global level, so am stuck using the web interface, which is clunky and slow to do for a large number of machines.

    I have a feature request in to allow group modification via CSV import, so maybe, one day, it'll get easier and better.  For now, your options will be to disable TP for each machine, or on a global level, to use CLI, or use the web interface to update those machines.  Pick your poison ;) .

Children
Unfiltered HTML