Appearance

Sophos Central Setup

Sophos Central provides endpoint detection and response capabilities. Once connected, Junto can monitor endpoint health, review security alerts, trigger scans, isolate compromised devices, and run Live Discover or XDR queries.

Prerequisites

  • A Sophos Central account with Partner or Organization level access
  • OAuth 2.0 credentials (Junto connects via managed OAuth)
  • See Sophos Central API Getting Started for details on API access

Step 1: Connect via OAuth

  1. In Junto, go to Settings > Integrations > Sophos Central.
  2. Click Connect to start the OAuth flow.
  3. Sign in with your Sophos partner or organization account and grant the requested permissions.
  4. After authorization, you are redirected back to Junto with an active connection.

Step 2: Map Companies to Tenants

Sophos Central uses a hierarchical model: Partner > Organization > Tenant. Each MSP client is typically a separate tenant.

  1. After connecting, Junto lists available tenants from your Sophos account.
  2. Use the company mapping interface to link each Junto company to its Sophos tenant.
  3. Save mappings.

What the AI Agent Can Do

Once connected, the AI agent can help with endpoint security management:

  • Endpoint information -- Search for and view endpoint details including health status, OS, and isolation state.
  • Security alerts -- View and investigate active security alerts.
  • Endpoint actions -- Trigger scans and manage endpoint isolation with technician approval.
  • Advanced queries -- Run Live Discover and XDR queries for deeper investigation with technician approval.

High-impact actions like endpoint isolation and advanced queries require explicit approval before the agent proceeds.

Troubleshooting

  • OAuth connection fails -- Ensure your Sophos Central account has Partner or Organization level API access.
  • No tenants listed -- Verify your account type. Partner accounts see all customer tenants; Organization accounts see only their own.
  • Endpoint not found -- Confirm the company mapping is correct.
  • Live Discover queries returning no results -- Ensure target endpoints are online with the Sophos agent running.