Understanding the Datto EDR + Datto RMM integration
SECURITY Datto EDR subscription with administrator or analyst-level platform access
SECURITY Service account or administrator-level rights on the target endpoint
SECURITY The API token used to set up the integration in Datto RMM must be generated by a Datto EDR administrator. Refer to Generating Datto EDR API tokens.
Datto EDR provides endpoint security by detecting and responding to advanced threats that traditional antivirus software may miss. Datto RMM allows you to remotely monitor and manage your clients' IT infrastructure from a single platform. When integrated, these platforms deliver an unmatched all-in-one solution that equips you with comprehensive prevention and response tools.
This article describes the benefits of the EDR + RMM integration and provides an overview of its functionality.
NOTE For important information about changes to the Datto EDR + Datto RMM integration, refer to Enhancements to the Datto EDR + Datto RMM integration. To learn how to set up the RMM integration, consult Datto EDR Integration in the Datto RMM Help system.
Key benefits
The EDR + RMM integration introduces a truly unified remote management and response platform with the following capabilities:
-
Seamless, continuous sync of new locations and monitored endpoints from RMM to EDR
-
One-click access from EDR alerts to remote control, device agent browser, and other support tools
-
Automatic deployment of the Endpoint Security agent through Endpoint Security policies
-
A diversified toolkit of alerting and response options made possible by the combination of EDR's powerful analysis capabilities and RMM's cutting-edge management features
Best of all, if you're an RMM customer, it's already enabled for you!
Requirements
-
To sync RMM sites to EDR locations, you'll need an active Datto RMM subscription.
-
To sync RMM endpoints to EDR devices, you'll need to install the Endpoint Security agent on each host you'd like to protect, and those hosts must be checking in to your RMM platform.
Integration details
With the integration active, your Datto RMM sites will be automatically synchronized with Datto EDR as locations and assigned to the Default RMM organization. Any endpoints protected by the Endpoint Security agent will be synced as devices and assigned to their corresponding locations. Once created, you can move synced locations to the organization of your choice.
Following the initial sync, EDR will continue to check in with RMM every four hours and continue to replicate any new sites or endpoints it discovers. Additionally, you'll see the following new options appear in your EDR tenant:
-
The icon will precede the names of locations and devices synced from RMM.
-
The Open device in RMM and Web Remote options will appear on Alert Detail pages. Refer to Web Remote in the Datto RMM Help system.
Alerts generated in for RMM-synced devices will replicate to RMM.
Good to know
The following guidelines will help you get the most out of the RMM integration:
-
While Datto EDR sends all alert types, Datto RMM will only surface those in the High and Severe categories.
-
The Default RMM Org entity on the All Organizations page is used by EDR to synchronize new locations and devices. Although you can rename it, you cannot permanently delete it. If removed, the organization will repopulate the next time the integration needs to create a new location.
-
Alerts generated by EDR immediately replicate to RMM. They are not withheld for the next sync interval.
-
Alert sync is not bidirectional. The integration supports outbound alerting from EDR to RMM only.
-
Locations synced from RMM cannot be renamed or deleted from EDR.
-
Locations and devices created in EDR will not automatically replicate to RMM.
-
Only those devices with the Endpoint Security agent installed will sync from RMM.
-
Devices cannot be moved between locations within EDR. You must do so in RMM.
-
If you move a device to a new site in RMM, you must restart the endpoint after doing so for the new location to be reflected in EDR.
-
When you remove an endpoint in RMM, you must uninstall the Endpoint Security agent from the host. If the Endpoint Security agent remains on the endpoint, it will repopulate the device in your EDR portal at the next check-in event.
-
The EDR + RMM integration does not automatically deduplicate or consolidate sites or endpoints.
-
If you create a location in EDR that does not exist in RMM, and that location is subsequently also created in RMM, a duplicate location will appear in EDR.
-
If you install the Endpoint Security agent on an endpoint before installing the RMM agent, the endpoint will not be automatically assigned to its corresponding Datto RMM location in Datto EDR until the host is rebooted.
-
Additional Resources
The following additional resources will help you optimize your use of the integration.