This is the first post in a series of upcoming Community Recommended Reads for Sophos Central Email (enduser).
In this Recommended Read we'll go over the following topics:
The Self-Service Portal allows users to manage their quarantine, Allow/Block sender list and check all inbound email from their Emergency inbox.
Once your Administrator has added you to Sophos Central, you would receive a Welcome to Sophos Central email
To start setting up your account click
1. "Set up my password", a window will show asking you to enter your email address so that you can receive a Verification Code
2. Check your mailbox for a new email with the subject "Sophos Account email verification code".
3. Enter the verification code in the previous window and click "Verify Code" followed by "Next"
4. After this, you'll land on your SSP (Self Service Portal) page.
From the Self Service Portal (SSP), you can manage your own Allow/Block list and, check your Quarantine Messages. If you have been given the role of a Distribution List owner you can also manage the quarantine for your Distribution list.
The Emergency inbox allows you to view and manage your email address from the last 14 days. (You can't reply to email from the Emergency Inbox).
Note: The official Self Service Portal (SSP) URL is https://central.sophos.com/manage/self-service or https://sophos.com/ssp for short. We recommend bookmarking this as soon as you create your SSP account.
Most external emails will have a Banner and an Allow/Block option within the banner (Internal email from your co-workers and Sophos shouldn't have a banner).
A banner help you identify the trustworthiness of each incoming email visually.
By selecting Block Sender, subsequent emails coming from this sender won't arrive at your mailbox anymore since they'll get deleted.
By selecting Allow Sender, subsequent emails coming from this sender won't have the Allow/Block sender option.
In this example, we'll first select Block Sender, after we click Block, we'll get the following screen:
The next time the sender tries to send you an email, this won't arrive at your mailbox, the email will get deleted automatically.
NOTE: Administrators will be able to see emails blocked by your block list but won't be able to see the content of the email.
If you want to allow the sender again
1. Go to your Self Service Portal (SSP)
2. Click Allow/Block
3. Find the sender's email address you want to allow again; select and click Delete
The next email coming from this sender will be allowed, however, you’ll see the Allow/Block sender option in the banner again.
NOTE: If you select Allow Sender but it fails one of the additional checks configured by your Central Email administrator, the banner will show Yellow, but without the Allow Sender option visible anymore.
NOTE: The Smart Banner will not include the Allow/Block link when an email is sent to a Distribution List or Public Folder.
As a user you’ll receive the following type of Banner colors:
NOTE: Your Allow/Block list is overridden by the Central Administrator Allow/List of your organization, so if you block email@example.com and your Administrator allows this sender or domain globally, you’ll receive the email.
The difference is that the banner won’t show the Allow option:
NOTE: In rare cases, if an external inbound email doesn't include the banner, we recommend treating it as an AMBER banner email.
Another type of banner color you might receive is RED, this is called Impersonation banner, and it detects phishing emails that pretend to come from well-known brands or from important people within your organization:
Report Spam Messages to Sophos
A new feature some users might find is called "Report Spam Messages to Sophos" when clicking the bottom "Block Sender" in the banner, a new window will open with the following two options:
Note: This feature has to be enabled by the Central Admin administrator.
The emergency inbox allows you to check all the inbound email you have received. It’s an excellent option to use if you’re unable to access your mail client. If one of the emails contains an attachment, such as a PDF, you can download the attachment.
NOTE: You can’t reply to emails using the Emergency inbox.
When you have a Quarantine email you’ll receive an email like the following:
To release an email from quarantine access you can do it two ways:
1. Click the Release bottom directly from the Quarantine Summary email
Once you do that you’ll see the following screen
2. You can go directly to your Self Service Portal, and click Quarantine
Your quarantine messages will show and the reason, the most common reasons you’ll see are SPAM and Bulk (Bulk email are usually, emails sent from Newsletter you subscribe to).
If you click the subject of any of the emails you’ll be able to see the content of the message
Each email in your quarantine will have 4 options:
NOTE: You will get an email reminder until you check your Quarantine for a maximum of 30 days, the quarantine only keeps emails for 30 days. You’ll only receive Digest email (Quarantine) if you have quarantine messages.
TIP: If you’re waiting for an important email, check your SSP, the Quarantine Summary email isn’t sent instantly.
Just been setting this up today for internal use and came across a rather embarrassing issue - which could be my fault but I can't understand how.
I setup the Azure directory sync, all mailboxes protected then setup the federated link for end user sign in. Getting one of my colleagues to test I clicked their account and send them the welcome email.
Ref: Sophos Central Admin: Enabling end-user access to the Self Service Portal (SSP)
However it decided to send it to everyone who hadn't had it in the Central 'people' section, which, because it was synchronised with Azure directory included 'guests' from 365! So I had to apologies to my clients for the random email.
This expected? It's going to be a nightmare if we set it up for a client and all the guests they have in their 365 tenant.
On another note, the end users also can't login to Central for their quarantine using Microsoft, it just sits on the 'One moment while we log you in' screen indefinitely.