Sophos Sales Samurai

Sophos MSP Connect Flex

MSP01 Program Overview

February 2019

Welcome to the MSP Connect Flex program overview.

MSP Program Overview

September 2018

© 2018 Sophos Limited. All rights reserved. No part of this document may be used
or reproduced in any form or by any means without the prior written consent of
Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other
names, logos and marks mentioned in this document may be the trademarks or
registered trademarks of Sophos Limited or their respective owners.

Sophos Limited is a company registered in England number 2096520, whose

registered office is at The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire,
OX14 3YP.

1
Course Objectives
• Once you complete this course, you will be able to:

✓Know the benefits of the Sophos MSP program

✓Understand how to provision the Sophos products in an MSP methodology

✓Be comfortable with the Sophos Central Dashboard

✓Activate your MSP Account and license products

By the end of this module, you will be able to:

Know the benefits of the Sophos MSP program

Understand how to provision the Sophos products in an MSP methodology
Be comfortable with the Sophos Central Dashboard
Activate your MSP Account and license products

Module x: Module Title - 2

Module Hub: Select a Topic

One Security Vendor Partner Management Dashboard

Sophos Central Products One Flexible Program

Finished?
Click here to continue

This is the module hub page. It provides access to the topics in this module. Click on
a topic to show a menu of the items it contains.

Topics can be repeated if you want to review a section, and the student handout
includes the slides and notes for all topics covered.

To exit from the module close this window.

**

3
One Security Vendor

4
Synchronized Security – The Sophos Advantage
Admin | Manage All Sophos Products Self Service | User Customizable Alerts Partner | Management of Customer Installations

Sophos Central

Next-Gen Firewall Next-Gen Endpoint

Wireless Mobile

Email Server

Web Encryption

Cloud Intelligence
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation |
Sophos Labs | 24x7x365, multi-continent operation | Behavioral Rules | APT Rules | App Identities | Anti-Spam | DLP | SophosID | Sandboxing | API Everywhere

So what gives Sophos the advantage in the marketplace today?

Sophos is a complete security company, in fact we’re the only company that is a
Leader in both the Network and Endpoint Gartner Magic Quadrants.

And because we have such vast experience, expertise and visibility into so many
layers of security across our portfolio, SOPHOS has the unique advantage to be able
to leverage all those insights and connect the layers together so that each solution is
contextually aware of what is going on with one another.

This type of context and synchronization aware technology isn’t unique per say,
however competing solutions require expensive, complex third party tools like SIEM
and expert users to manage and keep tabs on everything that is going on.

Sophos brings everything together with what we call Synchronized Security - the
heartbeat between security layers, simplified for our partners in our cloud platform
from a single pane of glass that we call Sophos Central.

5
Synchronized Security
The Ability for Products to Share Threat Intelligence

Security Heartbeat™

For example:

The ultimate solution to advanced threats and Ransomware is a combination of

Sophos Intercept X and XG Firewall. Together these two provide a formidable
defence against the latest attacks with IPS and Sandstorm with Deep Learning on XG
Firewall and Cryptoguard and anti-exploit technology on Intercept X… and together
they go way beyond just preventing attacks… they provide incredibly valuable instant
insights and automatic response with Security Heartbeat and Synchronized App
Control when there is a compromised system on the network.

6
End-to-end protection from a single vendor
XG Firewall Central Endpoint Protection
Ultimate enterprise firewall Endpoint Protection, App,
performance, security, and Peripheral and Web Control
control
Intercept X Advanced
Email Advanced Next Gen Endpoint security to
Proven email security for prevent, detect, investigate and
business continuity remediate
Central Mobile Advanced
Central Wireless Secure smartphones and tablets
Super secure, super easy Wi-Fi just like any other endpoint:
MDM, Containerization, Kiosk
Secure the Servers
Phish Threat Protection optimized for server
Security Awareness Training for environment (physical or virtual):
end user customers. Application Control / CryptoGuard
Central Device Encryption
Simple-to-use encryption for a
highly effective last line of
defense against data loss

Here are the services available to you in the Sophos Central Partner Dashboard.

Secure the Perimeter XG: we first start talking about securing the perimeter, and we
do this with our XG Series Firewall.

• XG Firewall is our Next-Gen Firewall solution. It fixes the main issues seen in most
other Next-Gen Firewalls by offering you and your customers increased visibility,
protection, and response all while giving you, the MSP, a zero cost, cloud based,
central management through Cloud Firewall Manager (CFM). Whether you’re
pushing out a single rule to a single firewall or a template across multiple
firewalls, the CFM can facilitate all your management needs.

Secure the Email with Central Email Advanced. This product is created through our
acquisition of Reflection. It’s architected for inbound/outbound scanning for
malware and spam while incorporating Sophos Sandstorm – our cloud sandboxing
technology – with other great features like time-of-click protection and seamless
integration with Office 365.

Secure the Wireless: To get all of the great enterprise-level features of Sophos
Wireless Access Points, like Advanced Rogue AP Detection, we recommend

7
managing them through Sophos Central rather than directly through XG Firewall. The
latest APX series Access points include Synchronized Security aspects.

Phish Threat: As you probably know, an organizations weakest link is typically it’s
users. With Sophos Phish Threat you can educate this commonly exploited link and
increase your customer’s overall security posture by testing, educating, and
managing ongoing awareness within your customer’s organization. With this great
tool, you can simulate a phishing attack in 3 easy steps. Monthly license usage is
calculated based on when emails are sent. Users enrolled in the same campaign may
be sent emails at different times and on different dates.

Secure the Endpoint (PC/MAC)

Sophos Central Endpoint Protection and Intercept X Advanced should be discussed

in the same breath. They are two symbiotic technologies and can be purchased and
deployed separately, however, most partners deploy them together for a defense in
depth strategy. When combined these technologies will provide protection against
known malware with our foundational techniques, plus unknown malware with our
advanced Deep Learning and signatures detection. Our malicious encryption rollback
feature CryptoGuard will protect customers from ransomware and our exploit
prevention technology will prevent intrusion into your customer’s workstations and
servers.

Secure the Mobile Device: Mobile Device Management

• Sophos Mobile is the comprehensive Enterprise Mobility Management solution

that lets you spend less time and effort managing and securing mobile devices
including Android, iOS, and Windows with our secure container technology to
keep business data separated.

Secure the Servers: Protect your virtual and physical servers without sacrificing
performance. Intercept X for Servers now has all the great feature of Intercept X plus
server specific feature like one-click Server Lockdown and Whitelisting.

Protect the Data

• Central Device Encryption has the ability to enforce hard drive encryption on your
users hard drives/tablets/laptops by harnessing the native Windows and Mac disc
encryption for optimal performance while giving you, the MSP, central
management, recovery, and reporting for compliance.

7
Lower Vendor Management Expenses

Think about all the different security vendors currently on your roster. Each one with
their own consoles, programs, and complexities. The Sophos Central security
portfolio allows you to consolidate all of these different point products into one
easy-to-use offering and vendor. Sophos is a global leader in the industry with best of
breed solutions at every level so you’re not compromising on protection.

8
Partner Management Dashboard

9
Sophos Central

Partner Dashboard Admin Self Service

Allows Partners to manage Endpoint Protection Wireless Allows users to customize security
multiple customer installations Mobile Protection Web Gateway status and notifications
Server Protection Email Security
Encryption Anti-Phishing

As mentioned before, one of the great benefits of the Sophos MSP Connect Flex
program is the ability to work within a single management dashboard. There are a
few different levels of access within Sophos Central; the Partner Dashboard here on
the left is the multi-tenant console where you can get a birds-eye view of your
customers, all the Sophos product they’re leveraging, alerts, and more.

From the Partner Dashboard you’ll be able to seamlessly jump into each respective
customer’s Sophos Central Admin Console. This is where customer specific action is
taken, alerts are drilled into, etc…

There’s also Self Service Portal for end users to add their own devices and manage
their notification settings to reduce the number of helpdesk calls.

10
 Sophos Central – Partner Dashboard

When you first log in to the Partner Dashboard you’ll see a high level overview of
your most critical alerts, plus a summary of your licensing information across your
entire estate.

Alerts are consolidated from all of your Customer’s Central Admin Accounts.

Monthly Usage is also displayed showing your consolidated usage across all MSP Flex
Customers.

11
MSP Alerting Across Managed Customers

By drilling into the alerts section you will see all alerts across the customers that you
currently manage.

From here you can see that you have a customer with Malicious Traffic Detected. You
can then dive down into that specific customer through the Central Admin
Dashboard. Select the Alert and then in the top right corner launch directly into the
Customer’s Sophos Central Admin through a Single Sign-on Connection.

12
Sophos Central Admin

Now that you are in the Sophos Central Admin Dashboard, you have gone from the
multi-tenant console to the customer-specific console where you can take customer
specific actions like create policies, modify existing policies, clear addressed alerts,
and more.

13
Account
Creation

Before any alerts can be viewed or policies can be applied, you must first
have customers!

Our approved MSP Connect Flex partners will have a button in the top right
corner of the Sophos Central Customer’s section of the Partner Dashboard
that allows for provisioning new monthly customers.

*Note that creating a free trial in the trial section is another way to create an
account in the Sophos Central Partner Dashboard, however those accounts
cannot be converted to monthly flex licensing. If you have already created a
trial account that you would like to convert to monthly licensing, please
contact your Sophos Channel Account Manager and the account will be
migrated across by Sophos.

Once you’ve clicked on the “create monthly account” button, you’ll be

brought to the customer input screen to enter your customer account details.

*Note that the email address field is mandatory and care should be taken to
make sure this is correct, as this information is used as the identifier for
account creation, so therefore it must be unique for every customer.

14
Many partners are hesitant to put a customer email address in this field for a
variety of reasons, the good news is that this email address by default is not
going to receive emails, it is solely used for identifying the account. Many
partners will mock up an alias like “CustomerName@MyDomain.com” and
then actually create that email alias within their own email system after the
fact.*

It is also important to note that the Data Storage Location can’t be changed
later. So make sure you select the correct Data Storage Location that meets
your needs and requirements.

14
Monthly
License
Change

Sophos Central Monthly Customer Licenses can be changed from the Central
Partner Dashboard under Managed Customer Usage.

Select their one or multiple monthly accounts and then click on the Change
License button.

This will bring up the Change License Window. From here select the product
that you want to change. Either Endpoint, Server or Both and click Next.

On the Endpoint selection you choose the license that you want to move the
customer/s to. The Automatically install software box is checked by default.

*If your downgrading from Intercept X Advanced to Endpoint

Protection, the Agent will automatically remove the Intercept X components
from all devices.

Next select your Server License, Server will automatically get the correct
components installed.

Verify your changes and then click Save. Your customer’s license will now be

15
changed.

15
Deployment
Options

If this were a term licensed account, this screen would be limited to pre-
purchased products. But in the MSP Flex monthly licensing , everything is
unlocked. You have full access to download and install any Sophos Central
products directly from here. For example, if you were to download the full
windows installer, the executable would contain Central Endpoint, Intercept
X, and Device Encryption.

Those customers that do not want all three products, will select “choose
components” for Windows or MacOS

Then choose the components to install, either Endpoint, Intercept X, Device

Encryption, or a desired combination of the three.

New components can be deployed later if needed directly through Central

Admin, without the need for another installation.

16
Post Deployment Options

From the Devices Page, you will see a list of workstations and the installed
Sophos Components listed with a check mark.

You can install new components one of two ways.

• First by simply clicking on the + symbol on the workstation and product
you want to deploy.
• For Example to install Device Encryption on the Win10-Lab
workstation simply click the + symbol
• Second by clicking on the Manage Endpoint Software button at the top of
the page.
• Then clicking Device Encryption, selecting the Win10-Lab
workstation, clicking the blue arrow to move the workstation from
Eligible to Assigned and then clicking Save

17
Partner Deployment Options – Thin Installer

There is an advanced deployment option for partners that are looking to

perform mass deployments. The thin installer has many benefits, it’s smaller,
it can be silently installed via the command line, and many partners use this
to script automated deployments through RMM tools.

To access the thin installer, go back to the Partner Dashboard and select
“Deployment” in the left navigation. The endpoint installer will work on all
Sophos Central accounts and will never expire. The single installer can install
Endpoint, Intercept X, Device Encryption, and Server Protection.

Scripting components for the Sophos thin installer are available for most
RMM platforms by request through the MSP Hub on the Partner Portal.

For a more information on the thin installer, please refer to the Thin Installer
How-To Guide found on Sophos Hub or the Sophos Partner Portal.

18
MSP License Management

Now that you have the monthly account setup, possibly a few term license accounts,
and the users/workstations/servers protected; the next logical step is to monitor
your usage for billing. The Sophos Central Partner Dashboard makes this easy in the
“Managed Customer Usage” section. Here we see, 87 customers with MSP-owned
flex licensing and 7 with customer-owned term licenses managed by you, the MSP.

19
ConnectWise Integration

For Partners using ConnectWise Manage, we have a formalized API-level integration

specifically for billing. For more details reference the ConnectWise PSA Guide found
on the Connectwise Details Page or on the Sophos Partner Portal – MSP Hub.

It should also be noted that further integration with other PSAs like Datto AutoTask
are coming soon.

20
XG Firewall in Central Partner

At this point, we’ve covered everything from a Sophos Central perspective, so let’s
discuss how XG Firewall plays into the MSP Connect Flex program. The XG Firewall
can be licensed through the MSP Connect Flex program on a monthly basis, the XG
hardware or virtual appliance Base License must first be purchased up-front. Once
the physical or virtual appliance is purchased & registered, the serial number will
appear in the “Firewalls” section of the Sophos Central Partner Dashboard. From
there it’s as simple as clicking on the serial number and specifying the subscription
you’d like.

**XG firewalls will only show up here after they’ve been registered to a MySophos
Account.**

Under Firewalls you will have two tabs.

• Managed Firewalls – Registered XG Firewalls will show up here after the Request
to Manage has been approved. For more information on this, please check out
the Sophos MSP Global YouTube Page – XG Firewalls – Start to Finish.
• All Firewalls – All Registered XG Firewalls will show up here.

From here you can perform a couple of tasks.

• First you can use the Add link to request an MSP FLEX Subscription for the XG

21
 Firewall
• Click Add and then Select one of the four subscriptions. Upon hitting save
a request will be sent to the MSP Orders team.
• Second you can assign the XG Firewall to a Customer’s Central Admin Account.
This is simply done to identify the XG Firewall.
• Select a Firewall and Click Assign Firewalls, then enter the Customer
Central Admin Account or Create New Managed Customer
• You could also select the Subscription here as well.

21
XG Firewall Approvals

From the Firewall Approvals page we can Request to Manage the XG Firewall. Once
you select an XG Firewall and click Request to Manage it will move to Approval
Pending.

From here a request will be sent out to the MySophos Registered E-mail Address.
Once approved in MySophos the XG Firewall will be listed at Managed.

**This is a required step for managing the XG Firewall in Central Firewall Manager.

22
Sophos Licensing (MySophos)

Sophos Licensing (MySophos) is the portal where all your XG Firewalls get registered
to.

• Under Network Protection then View Devices you can see all of the Registered XG
Firewalls
• This is also where you will go to assign a customer billing name to the XG
Firewall. This name will appear on your billing report from your distributor.

23
Sophos Licensing (MySophos)

Under Network Protection then Contact Information is where the Company Name is
entered that will show up inside the XG Firewall. All XG Firewalls Registered to this
MySophos Account will have the same Company Name. As an MSP this is typically
your company name as you will either own or manage the XG Firewall on behalf of
the Customer.

24
Sophos Licensing (MySophos)
Partner Owned Firewalls
• Register all Firewall to a single
Sophos Licensing E-mail Address
• Distribution Group Recommended
XGOrders@your_domain.com
Customer Owned Firewalls
• Two options when registering the
Firewalls
o Register them to the Customer’s
Primary Contact E-mail Address
o The customer will need to setup a
Sophos Licensing Account

o Register the Firewalls to a Customer

Alias off the XGOrders Distribution
Group.
o This is the easier option for mgmt

There is two ways to handle the MySophos Account.

First is the Partner Owned Firewalls. This is the easiest method. Register all XG
Firewalls to a single MySophos Account. Typically we recommend a distribution list
such as XGOrders@yourdomain.com.
• The one thing to keep in mind here is that all XG Firewall will display your Partner
Name in the XG Firewall itself.
• If you need to have to customer’s name in the XG Firewall then use the second
option.

The second option is to either have the Customer create a MySophos Account and
then register the Firewall to that account. However the easier option for an MSP is
create an Alias off the XGOrder Distribution Group so that the customer isn’t
involved.

***Tip – Gmail Accounts allow for an alias on the fly. Meaning that you could have a
single Gmail Address and then just use the +customername to quickly create New
MySophos Accounts. No settings need to be changed or added on Gmail. Example:
Partner@gmail.com Alias: Partner+customer@gmail.com,
Partner+customer2@gmail.com

25
XG Firewall Management Options
Central Firewall Manager
Location: Central Partner Dashboard

Sophos Firewall Manager

Location: On-premise Virtual Appliance
(VMWare, Hyper-V)

Central Management
Location: Customer’s Central Admin Dashboard

For XG Firewall Management we have some options for you to review and consider
as a new partner.

1. Central Firewall Manager is hosted in Central Partner Dashboard and is

completely free for Partners.

2. Sophos Firewall Manager is a virtual appliance that would need to be hosted by

the Partner. This method is also free via the Sophos NFR Program.

3. Central Management is our newest Firewall Management Tool. It is located in the

Customer’s Central Admin Dashboard. There is no cost for this tool currently.

26
CFM vs SFM
CFM (Central Firewall Manager)
CFM is a cloud based Firewall
Manager hosted inside of Sophos
Central Partner Dashboard.
• Nothing for the Partner to host
• Multi-staged onboarding process
SFM (Sophos Firewall Manager)
On-premise Virtual Firewall
Manager
• Requires that Partner to host
onsite or in Azure (Nested)
• Simplified onboarding
• Better performance

YouTube Channel: Sophos MSP Global

https://www.youtube.com/c/SophosMSPGlobal

Let’s talk briefly about the difference between the products.

Central Firewall Manager is fully hosted by Sophos. It is access from the Central
Partner Dashboard. CFM as it is commonly referred to requires a multi-staged
onboarding process. This process can be reviewed on our Sophos MSP Global
YouTube Page. The video is XG Firewall: Start to Finish.
• Offers Template options, Backup Mgmt, Configuration Management, Group
Management and more

Sophos Firewall Manager is an on-premise virtual appliance for those that don’t
want to manage in the cloud. SFM as it is commonly referred to is exactly the same
as CFM, however the onboarding process is much easier. Also because the virtual
appliance is hosted by you the partner the performance will be much better.

27
Central Firewall Manager

The Sophos Central Cloud Firewall Manager is launchable through the Partner
Dashboard in the “Manage Firewalls” section in the left navigation. Simply click the
“Manage” button.

Access to this is control by your Primary Partner Admin or Any Super Admin.

28
Central Firewall Manager

And just a quick look at what CFM and SFM Firewall Management Dashboard looks
like.

29
CM (Central Management) in Central Admin
Easy Management option
built right into the
Customer’s Central Admin
Dashboard.
Firewall Alerts sent to
Central Admin and visible in
Central Partner

No WAN Access needs to Just a simple remote access

open. Uses a backend to the XG Firewall
Support Tunnel

New Features and

Functionality will be added
for over time.

Central Management which is referred to as CM is the newest addition to the XG

Firewall Management. This is a tool that is being built from the ground up just for XG
Firewall. It is also the first step to a complete single pane of glass for each customer.
Having their Endpoint, Servers, Mobile, etc and now Firewalls all available from the
same Central Admin Dashboard.

CM doesn’t require WAN access be enabled on the XG Firewall itself as it requests a

Secure Support Tunnel from the XG Firewall.

This new tool isn’t as feature rich as CFM and SFM, however it will be adding
features over time.

The choice is completely up to you as a Partner on which route you go. You can
always start with CFM or SFM and transition to CM as the features become available
to meet your needs.

30
CM (Central Management) in Central Admin

Again the New CM Firewall Management is location in the Customer’s Central Admin
Dashboard. Along the left you’ll find the Firewall Management. Once you click into
this section you’ll get to a Dashboard and Firewalls list.

31
Dedicated MSP Support

Continuing through Sophos Central Partner - As an MSP Connect Flex certified

partner you will receive VIP MSP Support access via email and phone, or you can
simply create a ticket directly through the partner dashboard. The phone and email
alias is available upon request once you have completed the required Sophos
certifications.

32
Co-Branded Marketing Assets and Training

You can access co-branded marketing assets and training which are linked from the
partner portal directly in the partner dashboard as shown here.

33
Secure the Perimeter XG: we first start talking about securing the perimeter, and we
do this with our XG Series Firewall.

• XG Firewall is our Next-Gen Firewall solution. It fixes the main issues seen in most
other Next-Gen Firewalls by offering you and your customers increased visibility,
protection, and response all while giving you as the MSP, a zero cost, cloud based,
central management through Cloud Firewall Manager (CFM). Whether you’re
pushing out a single rule to a single firewall or a template across multiple
firewalls, the CFM can facilitate all your management needs.

For XG Firewall you must first procure the bare-bones hardware through your
distributor. Once the firewall is registered, the serial number of that firewall will
appear in the firewall section of the Sophos Central Partner Dashboard, at which
point you can license it with either EnterpriseGuard, EnterpriseGuard Plus,
FullGuard, or FullGuard Plus via the MSP Connect Flex Program.

If you’d like a full explanation of the EnterpriseGuard and FullGuard options, please
follow the link to check out the licensing guide: https://www.sophos.com/en-
us/medialibrary/PDFs/factsheets/sophosxgfirewallflna.pdf

34
Central Email Advanced
• Protect against
fraudulent email
addresses
• Block phishing
attacks
• Sophos Sandstorm
• Time-of-click
protection
• Office 365 integration

35

Secure the Email with Central Email Advanced. This product is created through our
acquisition of Reflection. It’s architected for inbound/outbound scanning for
malware and spam, while also incorporating Sophos Sandstorm – our cloud
sandboxing technology – with other great features like time-of-click protection and
seamless integration with Office 365.

35
APX – Next Generation Access Points - 802.11ac Wave 2.0
• APX 740: Flagship 4x4:4 access point
with high-density, high-capacity for the
mid-market enterprise

• APX 530: High performance 3x3:3 access

point for the carpeted enterprise of all
sizes

• APX 320: 2x2:2 Dual 5 GHz based access

point, perfect for tablets/phones, high-
density environment in education, small
retail scenarios

All APX Models have a 5-Year Warranty

36

Secure the Wireless: To get all of the great enterprise-level features of Sophos
Wireless Access Points, like Advanced Rogue AP Detection, we recommend
managing the AP devices through Sophos Central rather than directly through XG
Firewall.

The latest APX series Access points allow you to use Sophos Synchronized Security
when managed via Sophos Central along with other Sophos products.

36
Sophos Phish Threat

37

Phish Threat: As you probably know, an organizations weakest link is typically it’s
users. With Sophos Phish Threat you can educate this commonly exploited link and
increase your customer’s overall security posture by testing, educating, and
managing ongoing awareness within your customer’s organization. With this great
tool, you can simulate a phishing attack in 3 easy steps. Monthly license usage is
calculated based on what emails are sent.
Users enrolled in the same campaign may be sent emails at different times and on
different dates.

37
 38

Secure the Endpoint (PC/MAC)

Sophos Central Endpoint Protection and Intercept X Advanced should be discussed in

the same breath. They are two symbiotic technologies and can be purchased and
deployed separately, however, most partners deploy them together for a defense in
depth strategy. Combined these technologies will provide protection against known
malware with our foundational techniques, plus unknown malware with our
advanced Deep Learning and signatures detection. Our malicious encryption rollback
feature CryptoGuard will protect customers from ransomware and our exploit
prevention technology will prevent intrusion into your customer’s workstations and
servers.

Above and beyond all the great technology and security protection that Sophos
provides, Sophos MSP Connect Flex partners equally enjoy the ease of account
creation and administration on the fly.

38
Secure the Mobile Device: Mobile Device Management

• Sophos Mobile is the comprehensive Enterprise Mobility Management solution

that lets you spend less time and effort managing and securing mobile devices
including Android, iOS, and Windows with our secure container technology to
keep business data separated.

39
Secure the Servers: Protect your virtual and physical servers without sacrificing
performance. Intercept X for Servers now has all the great features of Intercept X
plus server specific feature like one-click Server Lockdown and Whitelisting.

40
Sophos Central Device Encryption

Sophos Central Device Encryption is the easiest way to centrally

manage Windows BitLocker and macOS FileVault full disk encryption,
using the intuitive, web-based, Sophos Central Admin console

41

Protect the Data

• Central Device Encryption has the ability to enforce hard drive encryption on your
users hard drives/tablets/laptops by harnessing the native Windows and Mac disc
encryption for optimal performance while giving you, the MSP, central
management, recovery, and reporting for compliance.

41
 Sophos MSP Connect Program
Simplifies customer management of industry-leading security solutions while
streamlining key tools integration, and offering flexible pricing and billing

Better Best of Breed

Visibility Products
• ONE Simple • Choose annual
• Sophos Central termed licenses or • Endpoint, Server,
Security Solution Cloud Based MDM, Mobile
monthly
Security, Cloud Web
Management
Gateway, XG Firewall,
Increased WiFi, Email, etc.
More control
flexibility

Sophos MSP Connect Program

• We recognize providing you with an MSP partner program that works in the way that you
do business and go to market is what you need to be successful. And for that reason we
rolled up our sleeves and rebuilt our MSP program.
• It is designed to meet the needs of an MSP, providing structure and support for you to
manage your solutions and your customers as efficiently as possible.

42
 The Journey to MSP Connect

Distributor
approval for
Flex Training: monthly billing
MSP Sales
Prerequisite Consultancy
Training: Training
MSP Connect Sales
application Fundamentals
Proven approval (SC01)
managed
services
business

The Journey to MSP Connect

So how do you get there?

1. First you fill out an MSP application, which you’ve already done or you wouldn’t
be here. Only proven managed services business are approved.
2. Then you complete the two mandatory trainings that you are well on your way
through, SC01 Sales Fundamentals and MSP01 MSP Connect
3. We then get you distributor approval for monthly billing on your behalf

Contact your Channel Account Manager for distributor options.

43
 End-to-end protection from a single vendor
Secure the Perimeter XG Central Endpoint Protection
D Ultimate enterprise firewall Endpoint Protection, App, U
performance, security, and Peripheral and Web Control
control
Secure the Servers Intercept X Advanced
Protection optimized for server Next Gen Endpoint security to
S environment (physical or virtual): prevent, detect, investigate and U
Application Control / CrypoGuard remediate
Secure the Mobile Device
Secure the Wireless Secure smartphones and tablets
W Super secure, super easy Wi-Fi U
just like any other endpoint:
MDM, Containerization, Kiosk
Protect the Data
Phish Threat
U Simple-to-use encryption for a U
Security Awareness Training for highly effective last line of
end user customers. defense against data loss

Secure the Email

Proven email security for U
business continuity

When it comes to Licencing and how it applies to monthly pricing this is how it it
works in the Flex Program.

If we go back to our product wheel, and look at the various services, we categorize
them as so:

D: Devices
W: Wireless
S: Servers
U: User based licensing (installed to a human being)

The number of users you have across your customer base, and across product makes
up your license aggregation (your total number of assets)!
This dictates your pricing per product per month.

44
Aggregate License Calculation
User Licenses: Endpoint, Intercept X Adv, Mobile, Encryption, Phish Threat Device: XG Firewall
1 -99 user licenses 1-24 devices
100-499 user licenses 25-99 devices
500-999 user licenses 100-199 devices
1,000-4,999 user licenses 200 -499 devices
5,000-9,999 user licenses 500-999 devices
10,000+ user licenses 1,000 + devices

Server Licenses: Standard and Advanced Wireless: AP15, AP55, AP100

1 -24 server licenses 1-24 access points
25-99 server licenses 25-99 access points
100-249 server licenses 100-199 access points
250-499 server licenses 200 -499 access points
500-999 server licenses 500-999 access points
1,000 + server licenses 1,000 + access points

The MSP Connect Flex program has a tiered licensing structure. There are 4 product
categories each of which contain 6 pricing tiers based on license number.

This is a significant advantage in the user category, because so many products fall
into this category. For example:

45
Licensing Example
80 Intercept X Advanced

80 Mobile

180 User licenses

25 Server licenses
=
20 Encryption

5 Wireless
Customer A 25 Servers 2 Devices

5 Wireless

2 XG FullGuard

Let’s consider 4 customers, all managed by the same MSP.

Customer A is using all of the supported products, which when tallied gives 180
licenses, 25 servers, 5 APs and 2 devices.

46
Licensing Example
180 User
120 Intercept X Advanced w/EDR
25 Server
5 Wireless
Customer A 2 Devices
10 Mobile

20 Encryption
150 User licenses

Customer B 5 Servers
= 5 Server licenses
2 Wireless

2 Wireless

0 XG

The next customer, B, is slightly smaller, and so doesn’t need so many licenses, or
even a firewall. Hopefully they have another solution in place!

Their usage totals up into 150 licenses, 5 servers and 2 APs.

47
Licensing Example
180 User
100 Central Endpoint Protection
25 Server
5 Wireless
Customer A 2 Devices
100 Mobile

150 User
5 Server 300 User licenses
=
2 Wireless 100 Encryption
Customer B 10 Server licenses
Customer C
5 Devices
10 Servers

0 Wireless

5 XG EnterpriseGuard

Customer C is a larger company, with lots of devices, servers and firewalls, but no
need for Wi-Fi at the moment. In total, they use 300 user licenses, 10 servers and 5
devices.

48
Licensing Example
180 User
230 Intercept X Advanced
25 Server
5 Wireless
Customer A 2 Devices
0 Mobile

150 User
5 Server 230 User licenses
=
2 Wireless 0 Encryption
Customer B 5 Server licenses
Customer D
4 Devices
300 User 5 Servers
10 Server
5 Devices
Customer C
0 Wireless

4 XG FullGuard

The final customer, D, has a lot of endpoint devices, but no need for mobile or
encryption. They consume 230 licenses, 5 servers and 4 devices.

49
Licensing Example
180 User
25 Server
5 Wireless
MSP Aggregate Usage
Customer A 2 Devices

150 User
5 Server
2 Wireless 860 User

= 45 Server
Customer B

300 User 7 Wireless

10 Server
5 Devices
11 Devices
Customer C

230 User
5 Server
4 Devices
Customer D

To calculate the overall usage for the MSP, all of the customer usage is added up,
which gives the figures shown. This is the MSP’s total monthly usage.

Click Next to continue, and we’ll look at what this means for licensing tiers.

50
Aggregate License Calculation
User Licenses: Endpoint, Intercept X Adv, Mobile, Encryption, Phish Threat Device: XG Firewall
1 -99 user licenses 1-24 devices
100-499 user licenses 25-99 devices
500-999 user licenses 100-199 devices
1,000-4,999 user licenses 200 -499 devices

860 User
5,000-9,999 user licenses 500-999 devices
10,000+ user licenses 1,000 + devices
45 Server
Server Licenses: Standard and Advanced 7 Wireless Wireless: AP15, AP55, AP100
1 -24 server licenses 11 Devices 1-24 access points
25-99 server licenses 25-99 access points
100-249 server licenses 100-199 access points
250-499 server licenses 200 -499 access points
500-999 server licenses 500-999 access points
1,000 + server licenses 1,000 + access points

51
Sophos MSP FLEX Advantage
Increased Revenue
o Upsell and cross-sell security services
o Add additional products to MSP menu of offerings
o Increase profitability through aggregate billing

Lower Costs
o Reduce vendor management time and resources
o Improve security posture with Synchronized Security
o Convert from Capex to Opex

Improved Operational Efficiency

o Integration into MSP Vendor Ecosystem
o On-demand configuration to add customers at your leisure
o Single dashboard to manage better endpoint and network security

52

The Sophos MSP program has 3 main advantages: Increased revenue, lower costs,
and improved operational efficiency.

You’ll be able to more effectively upsell and cross-sell security offerings to your
customers – creating longer lasting and more effective relationships. Beyond that
you’ll have a wider range of products to wrap around your own service offerings and
will benefit from increased profitability through aggregate billing.

As an MSP, you’ll lower costs by reducing vendor management time and resources.
Your security posture will be improved with Synchronized Security. And you’ll be able
to convert capital expenditure to operational expenditure to be more in line with
your revenue stream.

Lastly, you’ll improve your operational efficiency by integrating into Sophos’ MSP
vendor ecosystem giving you on-demand configuration to add customers at your
leisure and a single dashboard to better manage endpoint and network security.

The same factors will allow you to look at lowering your costs, and increase your
operational efficiency; you’ll be dealing with one provider, Sophos, for multiple
products, meaning that you’re spending less time managing this type of relationship,

52
and more time on offering services to your customers.

When you reach a certain level of user licenses, your per-license cost drops, and
you’ll be spending less while delivering more.

With monthly billing, you get one, consolidated bill, even further reducing the
amount of time you have to spend on administration.

And last but not least, everything is managed through Sophos Central. One place for
you to visit to oversee and administer all of your customers and licenses to give you
more time for you to focus on growing your business!

52
Who Does What?
Sophos
• Legal relationship with MSPs
Distribution • MSP training and certification
• Synchronized Security
• Level 2 Support to MSP

Distributor
• Handles hardware logistics
MSP • Provides MSP terms
• Invoices MSPs
• Pays Sophos

MSP
• Level 1 Support to customer
• Provisioning and configuration
CUSTOMER CUSTOMER CUSTOMER • Invoices customers
• Buys via distribution

We’ve already covered how to get set up with Sophos, how you roll out solutions,
and how you license. The final step in this process is your relationship with the
distributor.

Your distributor provides hardware logistics, can provide credit terms, and ultimately
invoices you for your monthly aggregate license usage.

53
In Summary
• You should now be able to:

✓Know the benefits of the Sophos MSP program

✓Understand how to provision the Sophos products in an MSP methodology

✓Be comfortable with the Sophos Central Dashboard

✓Activate your MSP Account and license products

In summary, you should now be able to:

By the end of this module, you will be able to:

Know the benefits of the Sophos MSP program

Understand how to provision the Sophos products in an MSP methodology
Be comfortable with the Sophos Central Dashboard
Activate your MSP Account and license products

54

Module x: Module Title - 54

 Sophos Server Protection Course
Material
Sophos MSP Connect Flex Portal Overview

GlobalTraining@Sophos.com

Please checkout the other Sophos Server Protection course material. And as always –
your feedback is greatly appreciated – please drop us a line at
GlobalTraining@Sophos.com

55