Quick Start Guide

Read this Quick Start Guide to get started with Kaspersky Endpoint Security Cloud. The Guide contains tips for managing the accounts of your users and installing security applications on their devices.

Quick start scenario

After you complete the scenario, the devices in your organization will be protected. The scenario proceeds in stages:

Create an account
To start using Kaspersky Endpoint Security Cloud, you need an account on Kaspersky Business Hub.

To create an account:
1. Open your browser and enter the following URL: https://cloud.kaspersky.com.
2. Click the Create an account button.
3. Follow the onscreen instructions.
Create a workspace
After you create the account, you can create your first workspace. We recommend that you first create one test workspace, connect your own devices to it, and then test any modifications to the settings, noting the results.

We recommend that you create a separate workspace for each company that you manage, even if a company has only a few users. By doing this, you will be able to do the following:
- Change settings for each company individually.
- Keep track of the license count, and the increase or decrease of the number of users in the company.
- Assign administrator rights to a user within the company, who can access only that company's workspace.
To create a company workspace:
1. Open your browser and enter the following URL: https://cloud.kaspersky.com.
2. Click the Sign in button.
3. Follow the onscreen instructions.
Perform initial setup of Kaspersky Endpoint Security Cloud
After you create a company workspace, you must perform initial setup of Kaspersky Endpoint Security Cloud. The initial setup begins automatically when you start Kaspersky Endpoint Security Cloud Management Console for the first time. The Welcome to Kaspersky Endpoint Security Cloud window is displayed. Follow the onscreen instructions.

When initial setup is complete, Kaspersky Endpoint Security Cloud Management Console is ready to use.
Deploy security applications on your users' devices
When your first workspace is prepared, follow the main setup steps provided in the Information panel → Getting started section. These steps include adding user accounts, connecting devices to Kaspersky Endpoint Security Cloud, and creating a certificate for iOS and iPadOS devices.

These steps are divided into three groups:
- Preconfigured
  You already took these steps when you created the workspace.
- Required
  You must take this step to start protection of the devices.
  
  Add users by providing their email addresses. An invitation is sent to the email address and it contains the download link to the security application. When the user clicks the link, Kaspersky Endpoint Security Cloud recognizes the device operating system, thus ensuring that the proper software is downloaded.
  
  As an alternative, you can simultaneously protect multiple devices that are running Windows. To do this, you can deploy security applications by using a Group Policy script.
- Recommended
  We recommend that you take these steps to enhance the protection of devices.
  1. Once the software has been downloaded and installed on the device of the user, assign the user as the device owner.
  2. Create an Apple Push Notification service (APNs) certificate. The APNs certificate is created in one run. You must follow the steps for its creation without interruption, because the signing process has a time stamp that will expire if the creation process takes too long.
Manage protection
After the security application is installed on a device, the device is assigned the Default security profile. This is the security profile with the default settings that are recommended by Kaspersky experts.

In the Security management → Security profiles section, you can create different security profiles. Every new security profile holds the default settings until you modify them. You can also copy existing security profiles.

Each security profile holds four tabs for the respective platforms: Windows, macOS, Android, and iOS with iPadOS.

When you assign a security profile to a user, the security profile is applied to all devices owned by the user. Only the Default security profile can be applied to devices without owners.

When creating a security profile, take into consideration the organizational structure of the company that you manage. For example, the security profile for a developer may differ from the one used for a sales representative or a human resources assistant. Name each security profile accordingly.

We recommend that you prevent users from modifying or deleting the security applications installed on their devices. Therefore, define the following settings:
- For Windows devices, do the following:
  1. On the Windows → Advanced → Interaction with end users tab, make sure that Password protection is enabled.
  2. Select the operations that a user will be allowed to perform only with the password.
- For Mac devices, do the following:
  1. On the Mac → Advanced → Interaction with end users tab, choose whether you want the Kaspersky Endpoint Security for Mac application icon visible on the menu bar or not.
  2. On each device in system preferences, use the macOS account type settings (admin or standard user) and the "lock" icon () to prevent the user from removing the software.
- For Android devices, do the following:
  1. On the Android → Security settings tab, make sure that Screen lock is enabled to protect the device from unauthorized access.
  2. On the Advanced tab, make sure that Kaspersky Endpoint Security for Android cannot be removed.
- For iOS and iPadOS devices: on the iOS → Security settings tab, make sure that Screen lock is enabled to protect the device from unauthorized access.
After defining the required settings of security profiles, you can assign security profiles to the intended users.
Specify licenses
After you have created a workspace, you are granted a 30-day trial license that is embedded in your workspace. To continue using Kaspersky Endpoint Security Cloud after the trial license expires, you must purchase a commercial license or a subscription. Click Information panel → License, and then enter the activation code.

The activation code will be distributed automatically to the security applications, which may take 15 minutes, as the applications attempt to sync with the workspace every 15 minutes.
Define other settings (optional)
You can define other optional settings.
- By default, background scan is enabled for devices running Windows. Autorun objects, system memory, and the system partition are scanned when the device is idling for five or more minutes. If you want, you can click the Settings tab and set the schedule for the malware scan. From the Devices tab, you can start the malware scan task.
  The background scan mode of Kaspersky Endpoint Security for Windows does not display notifications for the user. This scan requires less computer resources than other types of scans (such as a full scan). In this mode, Kaspersky Endpoint Security for Windows scans startup objects, the boot sector, system memory, and the system partition.
- The security applications mostly use the Kaspersky Security Network cloud service in their operation and to a lesser extent the application's anti-malware databases. If you want, you can click the Settings tab and set the schedule for the anti-malware database update. On the Devices tab, you can start the anti-malware database update task.
- On the Settings tab, you can configure which event notifications you want to view in your events overview.
  The information about events is not aggregated. Each event is sent in a separate email message. If you want to configure the delivery of event notifications, be ready to receive a large number of email messages.
- On the Distribution packages tab, you can download the software directly and prepare new software when it is available. The newly prepared software will then be distributed to newly invited users.