If the polling happens once every 6 minutes, it is possible to have this reduced to every 20 minutes. If the entries are once every 20 to 30 minutes, this is currently expected until there are further improvements made within Sophos plugins. This in turn results in an Audit log entry for access denied being logged in both the Central Dashboard (and the corresponding Partner and/Enterprise Dashboards) Our APIs handle the rejection of non-managed tenants by understanding the permissions embedded in the API token, and returning a 403 when the credential does not have permission for that tenant. This currently includes any of the Partners customers who are either not managed by the Partner or are currently Trial/Evaluation customers. The RMM Sophos software plug-in is polling all of the Partner's Customers. It is the Sophos Plugin running on the Partners Server that is the source of the request. These are entries made by your Partner's RMM applications that utilize our Sophos plug-in/Management APIs. Please whitelist the IP addresses from the Europe region: Ĭentral Dashboard Audit Logs: repeated "Access Denied" entries referencing 'alerts:read' and 'endpoint-state:read'Ĭustomers (Central Dashboard and Enterprise Dashboard), as well as Partners (Partner Dashboard) - could see excess amounts of Audit log entries that reference both 'alerts:read' and 'endpoint-state:read'. This requires customers on-premise IDP server to be able to communicate with Auth0’s servers. Sophos Federation login utilizes Auth0 as a third-party proxy service for integration with different IDP providers. One common reason for these errors is a result of customers' local IDP server being behind a firewall with regional restrictions that is preventing communication with Auth0 services hosted in Europe. (Okta) Attempting to log in via SSO you receive an "Expected 200 OK, got: 403 Forbidden" error (ADFS) "Failed to change IDP status" error attempting to add a new Identity Provider configuration. The footer information incorrectly states ‘Groups’ when it should state ‘Users’.Ĭentral Federation login: "Failed to change IDP status" or "Expected 200 OK, got: 403 Forbidden" errors When viewing the contents of a group within the People > Groups section. If a Partner needs to refresh the Alerts webpage (and there is a Customers Dashboard loaded in another tab), logging out of the Customers Dashboard first will avoid encountering this issue.Ĭentral Users > Groups section: When opening a group, the footer total should say Users (not Groups) There is a known behavior seen where the Partner Dashboards Alert page will not load fully if the browser webpage is refreshed after they have opened a customer to manage in a different tab. Partner Dashboard: Refreshing the Partners Alert page will fail to load if a customer is loaded in another tab. The alert can be acknowledged when its identified as related to this known issue. If this is related to this known issue, you will not see an extra banner, and your sync is normal/successful. If this was a legitimate error, you will see a banner with the same message stating API permissions are missing, and the sync would fail. What to do if you receive this alert: go to your Global Settings > Directory Services > select your Azure AD sync service in question. While the timeout is temporary, it is incorrectly triggering this alert to be sent. This alert is incorrectly be triggered due to a timeout with the Azure AD sync. Some customers may see an alert in the dashboard showing the message: “Microsoft API permissions are missing." Even when the permissions are correctly configured. In the interim of this being removed, the icon should be ignored.Ĭentral Dashboard: Medium Alert that states The Graph Api permissions are missing. The customers' dashboard does not have an Optix trial enabled. The Partner Dashboard ‘Sophos Customers’ page, may incorrectly show an empty Optix trial icon for one or more customers. Partner Dashboard: Sophos Customers page - A Cloud Optix trial icon may incorrectly show for next to some Customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |