Introducing Sophos DNS Protection for Endpoints

ProductsSophos DNS Protection

Join the Early Access Program for this new product

Nov 24 2025 By

We released Sophos DNS Protection for networks last year, and it is now close to serving its 600 billionth query. Since then, many of you have asked for a version that can be used on roaming endpoints and for additional insights into DNS requests along with DNS over HTTPS.

Today, we are excited to launch the early access program (EAP) for DNS Protection on Windows endpoints with enhanced visibility into what user and device are making DNS queries and support for HTTPS.

As you know, Sophos DNS Protection for endpoints enables an added layer of transparent web protection across all ports, protocols, and applications.

Sophos DNS Protection for Endpoints

DNS Protection can now be deployed and enabled on your Windows endpoint devices in Sophos Central. Once deployed, the agent intercepts all DNS traffic from programs and apps on the Windows device and forwards it to the nearest DNS Protection resolver via DNS over HTTPS. DNS Protection will check the requests for security risks and policy compliance and allow or block access accordingly.

DNS Protection policies provide a comprehensive set of controls:

  • Category-based allow and block rules
  • Custom domain allow and block lists
  • Enforcing safe search features on Google, YouTube and other search engines

Enhanced Visibility

All DNS queries originating from your endpoint devices are logged with the user and device name. This allows you to pinpoint problematic devices and target responses to address security issues. It also enhances the data available during XDR and MDR incident investigations.

Note: Device and user identities are only available when used in conjunction with the Sophos DNS for endpoints agent and not yet for DNS Protection on Sophos Firewall.

DNS over HTTPS for Privacy and Integrity

Sophos DNS Protection for endpoints supports DNS over HTTPS for added privacy and integrity. By using a secure, encrypted TLS tunnel, all queries and responses are protected from network snooping and from attacks such as DNS cache poisoning that exploit the open nature of traditional DNS protocols.

HTTPS support is only available on DNS Protection for Endpoints at this point, however it will come to Sophos Firewall in the near future.

Getting Started:

Get started today with the early access program for DNS Protection for endpoints on the Sophos Community.

About the Author

Chris McCormack is a network security specialist at Sophos where he has been focused on firewall and network protection since joining Sophos in 2008. When not evangelizing Sophos network security products, Chris specializes in providing advice and insight into the latest threats and network protection technologies and strategies.