no Option for disabling welcome E-Mails for access to self service portal

This feature already exists. It’s under Federated Sign-in options.

please show me, because in our central panel there is no option at federated sign-in option.

there are only two other options for enabling self service portal:

1. directly at the user, which adds self service role

2. globaly for all users

In both cases an email will be sent, now and for future users.

we cannot use these option, and it doesnt exist on the 3rd one:

If you're using SSO/Azure, you shouldn't be using the 3rd one as you're logging in with Federated credentials (Azure). Select the 2nd option and untick the box.

Otherwise, of course Sophos is sending welcome emails. Sophos Central Admin accounts need to be setup via a link sent by Sophos.

we need the 3rd option, because login needs to be possible with UPN and of course we have admin accounts that uses sophos id to login

UPNs work with the 2nd option. Create Azure user logins for your admins and assign them the appropriate roles. Easy.

will giving it a try, nevertheless there should be options disabling welcome emails as well, or the option sending them in different languages.

There's a lot of things there SHOULD be. Just have to work around the system we've got.

Unfortunately Sophos removed their enhancement request forum, because too many customers voted up things that customer wanted but Sophos didn't want to do - for example; XG Firewall having a NTP was the top voted enhancement and at the time they shutdown the forum, it had been that way for 8 years. Apparently the new process is to go through your partner, but that ends up nowhere. Sophos don't appear to care about what customers want, which is disappointing, they simply care about what their developers/roadmap say, but their products are normally pretty good so I guess you take the bad with the good.

now i know again, we already tried that, and it was not working.

the admin users are not mail enabled, and with azure/sso you need to enter the main email address first on sophos id page. even when using upn login, after hitting sso you have to enter the upn.

but you are right i can use the second option as well, because sophos automatically creates a custom sign in rule then for the admin accounts:

now i know again, we already tried that, and it was not working.

the admin users are not mail enabled, and with azure/sso you need to enter the main email address first on sophos id page. even when using upn login, after hitting sso you have to enter the upn.

but you are right i can use the second option as well, because sophos automatically creates a custom sign in rule then for the admin accounts:

Mail enable the accounts then. You seem to be coming up with reasons not to make it work, which is fine, but the system is what the system is. Sophos aren't going to change it any time soon, so you simply need to change things to work the way it's designed. Yep, sure, it could be better, but it isn't.

haha very funny and you think everyone is always good enough to go with the regular standard options or accepting every workaround, just because it is the easy way? Sure i could mail enable them, but i dont want to spend the licenses for that, just because its easier. When i always accept the easy way, nothing will change. Sophos needs to care about customers again, what they want and not what sophos wants. We are using a lot of sophos products and spending a lot of money year by year, hence its legit for me to say no to workarounds from time to time.

There's no cost for licenses. Mail enable them, make them shared mailboxes, then de-license them. No point preaching to me about what Sophos should do, I don't work for Sophos. I'm just a user like you and trying my best to help you out. If you don't want help and instead prefer to *** and complain at me, I'll leave you to your own devices. Good luck.

another set of workarounds.... shared mailboxes / accounts have to stay disabled, otherwise they count as a regular user and they will sync to sophos, which uses an email license then as well. 

i am just telling, that i am not a fan of workarounds, and we are not able using the regular standard way in some cases, like you. It also seems you got me totally wrong, i just repeated your statement regarding customer care and sophos, i am not preaching, complaing or whatever you think at you, its a regular technical discussion not more or less.

Shared mailboxes do not have to stay disabled. You can theoretically create an O365 tenant, license one user and create 200 "shared mailboxes" all with their own username/passwords. They operate just the same as a standard user does. You can add them all to a phone or Outlook using the un/pw you set. Test it out. And it doesn't matter if they sync to Sophos. Mailboxes (shared or otherwise) only get assigned a license by Sophos if they receive an email, which in your case they won't. Licenses are also released by Sophos if a mailbox doesn't receive an email for 30 days.

Sophos won't change - as you've admitted, they never implement customer suggestions - so you either have to find a way to work with the system, or choose another product.