Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 10 subscribers
  • Views 2598 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to add Computers to Policy by default?

Sophos User1672

I like many have cloned the default policies and created a set of "Base Policies" which have been edited to fit our needs.

 

At present we have created a new Computer Group that is applied to all these new "Base Policies" I have created. During our testing phase we have been adding computers to this Computer Group to ensure they have all the correct policies applied.

 

I would now like to automate this process so all new devices that are enrolled in Sophos get the new Policies applied by default without needing to do any manual steps. I have been told by Support the easiest way to do this is via the AD Sync tool which I have installed on-prem. The Sync Tool is restricted to only Syncing our new OUs with new devices in.

 

I have been unable to work out how to configure the AD Sync Tool to place the Computers in the relevant Group within Sophos. I have gone back to support but not heard anything yet and am worried I have installed AD Sync for no reason! Can someone clarify how to have my newly protected devices pick up the right policies automatically?

Thanks all,



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Shweta

    Hi Shweta,

    Can you confirm if we can do this via the Sync Client or not as this is what your colleague in support mentioned?

     

    The reason I ask is that we'd like to have a number of different groups in AD that contain Computer Objects. We then want each of these groups to assign different policies meaning if we need to move a device to a less restrictive policy we only need to change it in Active Directory and not require logging into the Sophos Central Portal.

    I'd like to know for sure either way so if you could confirm this is NOT possible then while not great based on the support ticket at least we know for sure.

  • 0 in reply to Sophos User1672

    Hi  

    Would you please PM me the case number that you have already registered? 

  • 0 in reply to Shweta

    I will do but you also mentioned above that there are "Also, there are other two options:" implying it's possible to do so with the Sync tool so if this is possible I'd like to know and anyone else browsing these forums would be able to see the response as well.

  • 0 in reply to Shweta

    Hi Shweta,

     

    I sent you a PM as requested  yesterday but have not yet had a response nor have I had any further contact from your support team on the ticket I have open.

    Can you clarify what it going on please?

  • 0 in reply to Sophos User1672

    Hi  

    Active Directory synchronization maps users and groups from Active Directory to Sophos Central. You can then assign the policy to the particular group. Do you want to sync the computers OU to Sophos Central account? 

  • 0 in reply to Shweta

    Hi Shweta,

    I want to apply Policies to devices based on what AD Group the computers are a part of. I am unable to see how I can assign Active Directory groups to Policies within the Sophos Central Portal. Is this something that is supported as this is what was said by your colleague in the support ticket. If this is not supported then please let me know and I can move up with the command line method.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?