Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 10 subscribers
  • Views 2570 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to add Computers to Policy by default?

Sophos User1672

I like many have cloned the default policies and created a set of "Base Policies" which have been edited to fit our needs.

 

At present we have created a new Computer Group that is applied to all these new "Base Policies" I have created. During our testing phase we have been adding computers to this Computer Group to ensure they have all the correct policies applied.

 

I would now like to automate this process so all new devices that are enrolled in Sophos get the new Policies applied by default without needing to do any manual steps. I have been told by Support the easiest way to do this is via the AD Sync tool which I have installed on-prem. The Sync Tool is restricted to only Syncing our new OUs with new devices in.

 

I have been unable to work out how to configure the AD Sync Tool to place the Computers in the relevant Group within Sophos. I have gone back to support but not heard anything yet and am worried I have installed AD Sync for no reason! Can someone clarify how to have my newly protected devices pick up the right policies automatically?

Thanks all,



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    AD sync tool will be helpful here as suggested by our Support engineer. Also, there are other two options:

    1. Set the Base policy as you desire if possible, this is applied to all devices

    2. Use the group switch in the installer (https://community.sophos.com/kb/en-us/127045) to automatically join a new device to a group; assign your desired policy to that group.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi Shweta,

    Can you confirm if we can do this via the Sync Client or not as this is what your colleague in support mentioned?

     

    The reason I ask is that we'd like to have a number of different groups in AD that contain Computer Objects. We then want each of these groups to assign different policies meaning if we need to move a device to a less restrictive policy we only need to change it in Active Directory and not require logging into the Sophos Central Portal.

    I'd like to know for sure either way so if you could confirm this is NOT possible then while not great based on the support ticket at least we know for sure.

Reply
  • 0 in reply to Shweta

    Hi Shweta,

    Can you confirm if we can do this via the Sync Client or not as this is what your colleague in support mentioned?

     

    The reason I ask is that we'd like to have a number of different groups in AD that contain Computer Objects. We then want each of these groups to assign different policies meaning if we need to move a device to a less restrictive policy we only need to change it in Active Directory and not require logging into the Sophos Central Portal.

    I'd like to know for sure either way so if you could confirm this is NOT possible then while not great based on the support ticket at least we know for sure.

Children
Unfiltered HTML