What is changing?
As part of a Thuringia-wide project of the HS-ITZ network, the previous malware protection solution Sophos Endpoint Protection is being replaced by Microsoft Defender for Endpoint. This changeover affects all official computers and servers at the university.
The existing Sophos contract expires on 28/02/2026.
Why is the change taking place?
By successfully concluding a framework agreement with Microsoft, the Thuringian universities have already acquired all the necessary licences with a remaining term of four years. Microsoft Defender for Endpoint is part of the Microsoft 365 A3 licences available to employees. The switch makes it possible to optimise the use of existing resources and consolidate the IT security infrastructure.
Microsoft Defender offers comprehensive protection against malware, ransomware and other cyber threats and integrates seamlessly into the existing Microsoft environment.
What does that mean for you?
Centrally managed service devices (Windows): The changeover will be carried out automatically by the University Computer and Media Centre (URMZ) over the next few weeks. Sophos will be removed and Microsoft Defender will be activated. There will be no protection gap.
Self-administered service devices: Devices that are not managed via the University Computer and Media Centre (URMZ) must be converted manually.
- Uninstall Sophos
- Options for malware protection
- Extended protection via Microsoft Defender for Endpoint (via onboarding script of the university for Windows - provision for MacOS and Linux is still being checked)
- Integrated protection: Microsoft Defender (Windows), Xprotect (MacOS)
- Third-party software (must be requested and checked with the University Computer and Media Centre (URMZ))
Private devices: Anyone who has previously used Sophos Home on private devices should look for an alternative. Microsoft Defender, which is integrated into Windows, or Xprotect, which is integrated into MacOS, offer solid basic protection.
Action required for centrally administered devices (Windows) by 28/02/2026
In order to ensure that the Sophos software can be properly uninstalled on all devices at the time of the changeover, it is necessary that end devices that are not regularly used are also updated by 28/02/2026 at the latest. For this purpose, it must be ensured that these devices are connected to the Internet for at least 10 minutes so that the necessary central updates can be received.
Please also take this opportunity to:
- update the Windows updates to the latest version
(Windows settings → Windows Update → "Check for updates") and - install the software distributions provided.
To make the software distributions as easy as possible, we recommend using the application
"eduVPN Softwareupdate und Netzlaufwerke verbinden" within the ZENworks app in the taskbar or via the start menu.
Please note that software distributions can only be carried out in the university network or via an active eduVPN connection. Detailed information on using eduVPN can be found at the following link:
https://www.uni-erfurt.de/universitaetsrechen-und-medienzentrum/beratung-und-hilfe/weiteres/vpn
Warnings, blocking, application misbehaviour
If warnings or blocking by Microsoft Defender occur on your device, please contact the IT Security Officer.
Please include the following information:
- Date and time of the message
- Affected application or the file path displayed in the message
In addition, please also report any applications that suddenly react incorrectly or stop working in connection with the switch from Sophos to Microsoft Defender for Endpoint.
![[Translate to English:] facebook icon](/fileadmin/SocialMediaIcons/iconfinder_06-facebook_white.svg)
![[Translate to English:] instagram icon](/fileadmin/SocialMediaIcons/iconfinder_38-instagram_white.svg)
![[Translate to English:] YouTube icon](/fileadmin/SocialMediaIcons/iconfinder_18-youtube_white.svg)
![[Translate to English:] xing icon](/fileadmin/SocialMediaIcons/iconfinder_xing_white.svg)
