Sophos: EOL notice – Admin credentials usage in AD Sync Utility
After 30th November 2021; Sophos will no longer support authentication into Sophos Central using admin credentials from the AD Sync utility (username and password). Consequently, sync operations will start failing if API credentials are not used.
Moving forward, AD Sync utility will only support authentication using API credentials.
If you are running on an AD Sync utility that is older than version 4.2.23 (this could happen if your agent failed to auto upgrade), please follow the instructions in this KBA – Sophos Central: Upgrade the AD Sync Utility to the latest version.
You are strongly advised to replace these admin credentials with API credentials as soon as possible.
For AD Sync utility yet to move to API credentials, we developed an AD sync version that automatically replaces admin credentials with API credentials. The intention is to minimize disruption of sync operations.
This functionality will be remotely turned on starting mid October.
In addition, recent AD Sync utility versions (126.96.36.199 and above) exercise a new and more scalable data transport layer from the agent to Central.
Please make sure that the URLs listed under the “Sophos AD Sync utility” section in this KBA – Domains and ports to allow are not blocked by your corporate Firewall.
The new data transport layer and any future functionality will be only available for AD Sync utility using API credentials.