Following instructions allow to block all web access for a particular user, except few manually whitelisted websites. All actions are performed in the Sophos Central Admin web console.
- Go to Endpoint Protection > Settings > Website Management and add all websites you want to allow. Make sure to add a tag.
- While still in Endpoint Protection section go to Policies and add a new Web Control policy
- Modify the new policy as follows:
- Under Users add all users that web block will apply to.
- Under Settings
- Web Control - Enabled
- Additional security options - Let me specify - set all categories to Block
- Acceptable web usage - Let me specify - set all categories to Block
- Log web control events - Enabled
- Control sites tagged in Website Management - click Add New and select the tag you added in the first step for whitelisted websites.
- Under Policy Enforced make sure Policy is enforced is enabled.
- Click Save
That's it. In my experience policy is applied pretty much immediately after clicking Save. If you make any changes to the whitelist (under Settings > Website Management), open the Web Control policy and save it without making any changes to re-apply the policy to clients.
Sophos Endpoint Protection
Sophos Central Admin
Windows 10 Pro