Good afternoon, I have a Sophos firewall that is integrated with a Windows Server Active Directory.Can a domain user be blocked from browsing the Internet through Sophos, but allow the computer they use to download and update the operating system, and also be able to receive and send mail from their Outlook email account? . Basically it would be to block your navigation and let the rest work for you.
You could create an allow user-based FW rule/Web Filter Rule with similar settings to the KBA below for your email domains and MS updates on top of your "Block all" FW/Web Filter Rule/ App control rule
Also, please note that when configuring a "Block all sites" except email/s and Windows update, you should not include CDNs on your blocklist and other necessary resources to fully load/access your allowed websites and resources.
