Deploying the Datto Endpoint Security agent via Datto RMM

SECURITY   Datto EDR subscription with administrator-level platform access or Datto AV subscription with administrator-level platform access

This article provides knowledge resources related to deploying the Endpoint Security agent via Datto RMM.

For a comprehensive overview of the Datto EDR + Datto RMM integration, refer to Understanding the Datto EDR + Datto RMM integration. To learn how to set up the RMM integration, refer to Datto EDR Integration in the Datto RMM Help system.

NOTE  Datto AV protection is delivered by the Datto Endpoint Security agent and is managed from the Policies page.

Overview

If you are a Datto RMM customer, and if Datto Endpoint Detection and Response (EDR) is enabled for your Datto RMM account, you can deploy the Endpoint Security agent through an Endpoint Security policy to start analyzing activity on targeted hosts.

BEFORE YOU BEGIN   If you are directly installing the Endpoint Security agent on an endpoint, refer to Deploying the Datto Endpoint Security agent and Deploying the Datto Endpoint Security agent to virtual machines. To learn how to deploy the agent via GPO, review our Deploying the Datto Endpoint Security agent via Group Policy Object (GPO).

If you install the Endpoint Security agent on an endpoint before installing the RMM agent, the endpoint will not be automatically assigned to its corresponding Datto RMM location in Datto EDR until the host is rebooted.

Prerequisites

Before you begin, we need to understand your current environment and what you'd like to do.

  • If you're a Datto EDR or Datto AV customer deploying the Endpoint Security agent to endpoints that currently don't have it, proceed to the next section of this article.

  • If you're a Datto EDR or Datto AV customer seeking to enable AV protection on one or more endpoints where the Endpoint Security agent is present, you do not need to redeploy any software. Refer to our Working with the Policies page article.

Resources

Documentation and support content for this deployment method is available in the Datto RMM Help system. Refer to the following articles to get started:

  • Endpoint Security policy: Centralized, policy-based configuration and deployment of various endpoint security technologies. Refer to Endpoint Security policy.

    • Datto EDR: Deploy the Datto Endpoint Detection and Response (EDR) and Antivirus (AV) agent through an Endpoint Security policy to start analyzing activity on the targeted endpoints. Refer to Datto EDR and Datto AV.

    • Ransomware Detection: Deploy the Datto RMM Ransomware Detection engine through an Endpoint Security policy to start analyzing file activity on the targeted endpoints. Refer to Ransomware Detection.

      • NOTE   If you choose to run Ransomware Detection in Datto RMM, it must be disabled in Datto EDR, and vice versa. Refer to the Datto EDR Ransomware policy overview.

    • Windows Defender Antivirus configuration management: Enforce a more secure configuration for Windows endpoints through an Endpoint Security policy. This feature allows you to configure attack surface reduction rules and scan schedules among other things. Refer to Managed Windows Defender Antivirus.

      • NOTE   If you choose to run Windows Defender Antivirus in Datto RMM, it must be disabled in Datto EDR, and vice versa. Refer to Leveraging Microsoft Defender Antivirus with Datto EDR.

  • Endpoint Security card: View a comprehensive status of all security solutions for a device with the ability to drill into the details of a managed antivirus product. Refer to Endpoint Security in Device Summary - New UI.

  • Endpoint Security alerts: View detailed diagnostic information and recommendations for specific security threats. Refer to Endpoint Security alerts.

  • Device isolation actions: These actions allow you to respond to security threats. When Ransomware Detection or Datto EDR is active, a device can be isolated (and reverted from isolation) directly from the Endpoint Security card. Refer to Endpoint Security in Device Summary - New UI.

  • Dashboard widgets: Widgets displaying the Ransomware Detection status, Datto EDR status, and Managed Windows Defender Status of your devices are available in the Widget Library. Refer to Managed Windows Defender Status, Datto EDR, and Ransomware Status. An Alerts Over Time widget and a Security Threats widget are also available in the Widget Library.

Wrapping up

If this agent deployment is for or will include Datto AV service, proceed to our Working with the Policies page article to continue.