PURPOSE How to avoid risky or unapproved actions during investigation, isolation, remediation, or exclusions. GENERAL STEPS Open Sophos Central in a supported browser, sign in with the correct work account, and navigate to the relevant tenant, dashboard, device, user, alert, policy, report, quarantine, VPN, or settings area. VERIFY RESULTS Confirm that the device, user, alert, policy assignment, remediation state, isolation state, report, quarantine action, ticket reference, or investigation detail appears as expected before closing the task. TROUBLESHOOTING If Sophos Central behaves unexpectedly, refresh the page, confirm you are viewing the correct tenant and device, check your permissions, verify the endpoint is reporting, and capture any error message, hostname, alert ID, or timestamp. BEST PRACTICE Treat security actions carefully. Do not dismiss, remediate, isolate, release, exclude, or communicate security findings without enough context and the correct approval path.