About this course

Duration 2 Days

This 2-day course is designed for technical professionals who will be administering Sophos Enduser Protection, and delivers the skills necessary to manage endpoints that are standalone or part of a Microsoft Active Directory network.

It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. Each student will be provided with a pre-configured Enduser Protection environment which includes Windows clients and a Microsoft Active Directory domain.

The course provides certification to Sophos Certified Administrator for Enduser Protection, subject to passing the online assessment. The assessment tests the student's knowledge of both the presented and practical content, and has a passmark of 80%.


There are no pre-requisite for thiscourse, however it is recommended that students should:

  • Be able to setup a Windows server, with Windows workstations
  • Have knowledge of general Windows networking and Microsoft Active Directory

Delegates will learn how to

  • Recognize the main technical capabilities of Enduser Protection and its benefits
  • Identify the solution components and understand how they interact
  • Use Sophos Enterprise Console to configure Enduser Protection
  • Deploy Enduser Protection to clients
  • Manage alerts using Enterprise Console and the endpoint client
  • Backup and restore the system
  • Gather information that will assist investigation by Sophos Support
  • Locate and use additional online resources


Module 1 : Security threats and how we protect against them

  • Introduction to security threats
  • Malicious code
  • Botnets
  • Software vulnerabilities
  • Data Loss / Leakage
  • Inappropriate browsing
  • Social Engineering and Phishing
  • Ransomware
  • Sophos Endpoint Security and Control
  • Sophos Enterprise Console
  • Demonstration - Enterprise Console user interface
  • SophosLabs

Lab 1 - Sophos Enduser Protection in action

Module 2 : Solution architecture

  • Sophos Enterprise Console database
  • Installation scenarios
  • Component overview
  • Component communication
  • Central Installation Directories (CIDs)
  • Sophos Auto Update
  • Remote Management System

Lab 2 - Solution components

Module 3 : Deploying Enduser Protection

  • Supported clients
  • Enduser Protection system requirements
  • Deployment pre-requisites
  • Enduser Protection installation methods
  • Competitor Removal Tool (CRT)
  • Mac deployment
  • Demonstration - Mac Enduser Protection Client
  • Supported policies by endpoint platform
  • Product upgrades

Lab 3 - Deploying Sophos Enduser Protection

Module 4 : Managing updating

  • Update Managers in SEC
  • Software Subscriptions
  • Sophos Update Manager
  • Updating Policy

Lab 4 - Managing updating

Module 5 : Managing anti-virus and HIPS

  • Sophos Enterprise Console
  • Anti-virus and HIPS policy
  • Best practice for policy configuration
  • Tamper Protection
  • Alerts, smart views and right click actions

Lab 5 - Managing anti-virus and HIPS

Module 6 : Management at the endpoint

  • Enduser experience in Windows
  • Windows Services
  • Windows Groups
  • Dealing with threats
  • Quarantine Manager
  • Configuring and viewing logs
  • Authorization Manager
  • Update now
  • Running a full scan
  • Sophos Clean
  • Enduser experience on a Mac

Lab 6 - Management at the endpoint

Module 7 : Managing application, data and device control

  • Application control
  • Data control
  • Device control
  • Event viewers and dashboard

Lab 7 - Managing and testing polices for application, data and device control

Module 8 - Managing policies for web control, patch and firewall

  • Managing web control
  • Patch assessment
  • Configuring firewall policies

Lab 8 - Managing and testing policies for web control, patch and firewall

Module 9 : Administration and reporting

  • Auditing
  • Configuring role-based administration
  • The Dashboard
  • Reporting
  • PurgeDB
  • Database backup and restore

Lab 9 - Administration and reporting

Module 10 : Obtaining support

  • The Sophos support site
  • The Sophos Diagnostic Utility
  • Sample submission

Lab 10 - Administration and reporting

2 Days


This is a QA approved partner course

Delivery Method

Delivery method


Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.