Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

Sophos Central Partner - Best Practices for Global Templates

As a partner, for endpoint protection, it's quick and easy to add, under Global Templates, a template and within that, Global Settings or Base Policies and allow/deny things across our customer base. However this isn't conducive for customer specific settings.

If we were to be granular, since there is a Global Template applied, we would have to create a clone of a template within the Customer Central, then, since the policy wouldn't apply to anyone, select users or groups...But first setup sync to their AD first so their groups would sync (otherwise the tedious management of every time a user is added across our tenants - some 7000 users?!?). 

I've had situations, where we can remove a customer from the partner global template, then edit and add them back and settings stick.  I've had other times when settings are removed.  It's not consistent.  Or maybe it is but I've never seen any documentation of what's preserved vs overwritten.

I'm going to hazard a guess that the recommended practices is to get as granular as possible, but where does Sophos make this even somewhat manageable for partners with a large number of users?

If a Global template had a child "global settings" and "child policies" that we could create under our customers, that would be nifty (like what's already done with Firewalls).

I appreciate your input.

Thank you,
David



Added tags
[edited by: Gladys at 6:01 AM (GMT -8) on 6 Dec 2023]
Parents
  • Hi DavidSain,

    Thank you for sharing your feedback. 

    I was able to locate a similar feature request under the ID "CENFEAT-I-212". I've added it to your account record now. 

    If other visitors on the Sophos Community Forum would also like to see Global Templates developed further in this way, please send me a private message or comment on this thread.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks  .  Glad I'm not the only one out here in the desolate wasteland of the internet that is struggling with this and the way Sophos designed it.

    Do you know if there are any best practices or do we just cowboy it up for now?

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Reply
  • Thanks  .  Glad I'm not the only one out here in the desolate wasteland of the internet that is struggling with this and the way Sophos designed it.

    Do you know if there are any best practices or do we just cowboy it up for now?

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Children
No Data