Skip to content

MDR settings

Configure or edit your Managed Detection and Response (MDR) settings, including your contacts and service level.

The first time you sign in to Sophos Central after you activate an MDR license, you’re prompted to enter settings needed for the MDR service.

You can also enter or change your settings at any time, as follows:

  1. Go to My Products > MDR > MDR Settings.
  2. In Authorized Contacts, you’re asked for contacts in your organization. They must be Sophos Central admins. If there’s an active threat, we’ll contact each in turn until there's a response.

    1. If you need to create a new Sophos Central admin, click Create new Central administrator and add a user with the Super Admin, Admin, or Help Desk role.

      If you use a Sophos Central admin with an email address that's a distribution list, multiple users can use the admin account. To limit what they do, select the Help Desk role because it has the lowest privileges.

    2. Click the drop-down arrow beside Primary and select one of your Sophos Central admins. Enter their contact details.

      If you don't want the admin to get MDR reports or broadcast announcements by email, select the opt-out checkboxes.

    3. Select Secondary and Tertiary contacts, if you want to, and enter their details. We recommend that you have multiple contacts.

    Authorized contacts settings.

  3. Click the Threat response tab and choose how you want us to respond to active threats.

    1. Select one of the following:

      • Collaborate. We'll work with your contacts to resolve the threat.

        You can authorize our MDR Operations team to take action even if your contacts can't be reached. Select the checkbox below the Collaborate option.

      • Authorize. We'll take any action needed to resolve the threat, and we'll notify you.

    2. If you selected Authorize, you're prompted to let our MDR operators use Live Response to access your devices.

      If you don't want us to access sensitive devices, exclude them. To do this, go to My Products > General Settings > Endpoint > Live Response or My Products > General Settings > Server > Live Response.

    Threat response settings.

  4. Click the Account details tab and enter details that will help us target our threat investigations:

    1. In Industry Vertical, select your specialised market, if applicable.

      Industry verticals are groups of companies that focus on a specialised market spanning multiple industries. For example Fintech or digital health.

    2. Enter your company's primary location.

    3. Add details of network subnets used in your estate.

    Industry vertical.

  5. If you don't already have the Sophos MDR software on each of your computers or servers, install it on them.

    • If you already have other Sophos endpoint software, see the Existing customer installation steps.
    • If you're new to Sophos, download the Sophos MDR software and install it. To find the downloads, go to Devices > Installers.