Sophos Azure

admin



You need:
  • A Microsoft Azure subscription.
  • Azure Active Directory.
  • Configure Sophos XG Firewall to forward Syslog messages to your Azure workspace via the Syslog agent. In the Azure Sentinel portal, click Data connectors and select Sophos XG Firewall connector. Select Open connector page. Follow the instructions on the Sophos XG Firewall page.
  • Sign in to Sophos Central and go to Global Settings. Under Server Protection, click Connect to Microsoft Azure and then click Add. Navigate to Settings Administration Azure AD Sync Settings/Status. Click to Edit the settings.

Find Server Protection on Microsoft Azure. Click Get your VM extension script. Then click Download Script. You’ll need an API token so that the script can find and access the installer. Sophos XG Firewall provides the world’s best network visibility, protection, and response to secure your Azure environments. Integrate multiple, leading security technologies into a single, preconfigured virtual-machine image with extensive reporting, including full insight into user and network activity.

Caution You can use either Azure Active Directory synchronization or Active Directory Sync. You can't set up Azure Active Directory synchronization if you are already using Active Directory Sync.

Chrome policy remover mac. To configure Azure Active Directory synchronization: Sinkmaster 950 splash guard.

  1. Set up your Azure applications. To do this follow the instructions in Prerequisites to access the Azure Active Directory reporting API and the instructions in the next two steps.
  2. In To register an Azure AD application, do as follows:
    1. Enter a Name.
    2. Enter https://central.sophos.com in Redirect URI.
  3. In Get your application’s client secret, do as follows:
    1. Enter a description and expiry date.
    2. Make a note of your Client secret and Secret expiration date.
    3. Make a note of your Application (client) ID and Primary Domain.
  4. In Sophos Central, in the left-hand pane, select Settings.
  5. On the Settings page, under Administration, select Azure AD Sync Settings/Status.
  6. On the Azure Sync Settings/Status page, select Edit.
  7. In the Edit Azure AD Sync dialog box, enter the following information, which you obtained when you set up your Azure applications:
    • Client ID
    • Tenant Domain
    • Application Key (client secret)
    • Application Key Expiration

    You do not have to set the expiration date. We recommend that you do enter it so that Sophos Central can send you notifications of when your key is about to expire.

  8. Select Test Connection to validate the Azure Sync connection.
  9. Select Save.
  10. On the next menu, select Sync to import users.

    Synchronization starts. This process may take some time.

Azure-->

You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Sophos Mobile, a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the Sophos Mobile app.You can configure Conditional Access policies based on Sophos Mobile risk assessment enabled through Intune device compliance policies, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats.

Note

This Mobile Threat Defense vendor is not supported for unenrolled devices.

Supported platforms

  • Android 6.0 and later
  • iOS 11.0 and later

Prerequisites

  • Azure Active Directory Premium
  • Microsoft Intune subscription
  • Sophos Mobile Threat Defense subscription

For more information, see the Sophos website.

How do Intune and Sophos Mobile help protect your company resources?

Sophos Mobile app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, and then sends the telemetry data to the Sophos Mobile cloud service to assess the device's risk for mobile threats.

The Intune device compliance policy includes a rule for Sophos Mobile Threat Defense, which is based on the Sophos Mobile risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Sophos Mobile app installed in their devices to resolve the issue and regain access to corporate resources.

Sophos Vpn Azure

Sample scenarios

Here are some common scenarios.

Control access based on threats from malicious apps

When malicious apps such as malware are detected on devices, you can block devices from the following actions until the threat is resolved:

  • Connecting to corporate e-mail
  • Syncing corporate files with the OneDrive for Work app
  • Accessing company apps

Block when malicious apps are detected:

Access granted on remediation:

Sophos Azure Sentinel

Control access based on threat to network

Detect threats to your network like Man-in-the-middle attacks, and protect access to Wi-Fi networks based on the device risk.

Block network access through Wi-Fi:
Cdl eye test chart.

Access granted on remediation:

Control access to SharePoint Online based on threat to network

Sophos Azure Marketplace

Detect threats to your network like Man-in-the-middle attacks, and prevent synchronization of corporate files based on the device risk.

Sophos Azure Vpn

Block SharePoint Online when network threats are detected:

Sophos Azure Vm

Access granted on remediation:

Sophos Azure Firewall

Next steps