Working with the Location details page

NAVIGATION  Organizations > select an organization > select a location

SECURITY   Datto EDR subscription with administrator or analyst-level platform access or Datto AV subscription with administrator or analyst-level platform access

BEFORE YOU BEGIN  The type of subscription you have may define the features available to you on this page. For a comprehensive overview of features available to Datto EDR and Datto AV customers, refer to Datto EDR and Datto AV access control.

The Location details page enumerates all of the devices assigned to a specific location, their details, and the open alerts for each.

This article describes the page's layout and functions.

Overview

  1. In the top navigation menu of your instance, click Organizations.

  2. The All Organizations page will load. Click the name of the client organization you'd like to view.

  3. The Organization details page opens.

  1. Select a location by clicking its name.

  2. The Location details page opens.

  1. As you navigate, you'll see the following features and fields:

Organizations, locations, and devices with an icon preceding their name are synced from Datto RMM. Entities with an icon preceding their name are synced from VSA 10. Special conditions apply to these entries. Learn more in our Understanding the Datto EDR + Datto RMM integration and Configuring the VSA 10 integration articles.

Feature Definition
Download Agent

Invokes a download menu containing the agent installers associated with the location; also provides a mechanism to copy the terminal commands and download link for use in advanced deployment scenarios
Move

Enables you to move the current location to a different organization

NOTE   Locations synced from Datto RMM cannot be moved, renamed, or deleted from Datto EDR.

Actions menu; provides options to edit or delete the location, schedule a scan, enable or disable monitoring, or upload a survey file

Click any organization name or device count to open a pivot report filtered to the selected item.

Field name Definition

Organization

Name of the associated organization

Devices

 Total count of devices assigned to the location
Alerts

The number of unacknowledged alerts open for the location

Monitored

Indicates whether the devices in the location are monitored by an agent; indicates that the location is monitored; indicates that the location is unmonitored

Schedule

Reports the scan frequency used by the location; possible values are Daily, Weekly, Monthly, or Monitored; interval can be changed at > Schedule
Description A brief description of the location's purpose or characteristics

The Assigned Policies table enables you to manage the location's assigned Ransomware Detection and Windows Defender policies. Learn more in Policy List.

Field or feature name Definition

Assign Policy

Click to assign a policy to the organization or location

Name

The name of the policy

Description

The extended description of the policy's purpose, functions, and any other pertinent information

Type

The type of policy

Assigned To

Indicates whether the policy has been applied at the organization or location level

Assigned On

The date and time at which the policy was assigned to the organization or location

Updated On

The most recent date and time at which the policy was updated

Status

Indicates whether the policy is enabled or disabled

Actions menu; enables you to enable, disable, or unassign the policy

Click any device name to open a pivot report filtered to the selected item.

Devices with an icon preceding their name are synced from Datto RMM. Learn more in our Understanding the Datto EDR + Datto RMM integration article.

Column header Definition

Search

Enter a partial or whole value to filter current view to matching records

Devices

Count of the total devices in the current filter view
Scan

Runs an on-demand threat scan of all monitored hosts; to learn more, review our Performing a manual scan article

IMPORTANT  This button will be unavailable if no devices are active.

Device

User-friendly name assigned to the endpoint in Datto EDR

Version

The version of the Datto Endpoint Security agent installed on the endpoint

Host name & IP

Host name and IP address of the endpoint

OS

Operating system installed on the endpoint
Last Seen Last date and time that the EDR platform received telemetry from the host
Status Details whether the device is currently monitored by Datto EDR or Datto AV

Alerts

The number of unacknowledged alerts open for the device

Actions menu; enables you to move, rename, or delete the selected device

NOTE   Devices synced from Datto RMM cannot be moved, renamed, or deleted from Datto EDR.

Datto EDR customers have access to live forensics and continuous host monitoring built into a single cloud-based platform. Our ASSESS, MONITOR, and RESPOND methodologies enable quick identification of and response to Advanced Persistent Threats (APTs), ransomware, and other malware (file-based or fileless) in your environment, regardless of the locality (including remote or distributed networks).

We refer to this comprehensive solution as Real-Time Security (RTS).

Enabling Real-Time Security

Datto EDR subscribers can enable Real-Time Security on one or all of their devices. All endpoints that you intend to monitor in this manner must reside in "Monitored" locations in EDR. As a result, you may need to relocate some devices to other locations if they are not all to be monitored with RTS. For more information, refer to Creating and managing organizations, locations, and devices.

Due to the enhanced capabilities of RTS, and more efficient use of the asset's resources, you do not need to schedule regular scans. However, if you wish, you can still do so.

To enable Real-Time Security, perform the following steps:

  1. In the top navigation menu of your instance, click Organizations.

  2. The All Organizations page will load. Click the name of the client organization you'd like to view.

  3. The Organization details page opens.

  1. Select a location by clicking its name.

  2. The Location details page opens.

  1. At the top of the page, click the icon.

  2. Select Monitor from the menu that opens.

  1. Select any extensions you would like to have running on the monitored endpoints, and note the scheduled time that the daily analysis will take place independent of RTS monitoring.

  2. Click Enable Monitoring.

  1. The Datto Endpoint Security agent will deploy to all endpoints in the location. The following conditions will apply to monitored devices:

    • Any processes started will be stored and uploaded every 15 minutes, including any embedded shell scripts.

    • A daily differential forensic analysis will upload modules, autostarts, and other artifacts not found within the last 30 days. You can customize the time of the daily analysis at > Admin > Settings > Location Monitoring.

For more information about how RTS interacts with your devices, review our How does RTS impact the overall performance and usage of the agent? and What impact will it have on processor, memory, or network utilization? topics.

Additional Resources

The following articles describe workflows that are available from this page: