Deployment depends on which version of Kaspersky Endpoint Security for Windows is installed on your assets. If you have more than one version of Kaspersky Endpoint Security for Windows installed in your infrastructure, you can perform the scenarios for these versions in any order:
Kaspersky Endpoint Security for Windows 12.6 and later with only root tenant and without Kaspersky Endpoint Detection and Response Optimum
If you have only root tenant, you can skip downloading the MDR configuration file and add and deploy your license key directly in Kaspersky Security Center.
To deploy Kaspersky Managed Detection and Response on Kaspersky Endpoint Security for Windows 12.6 and later:
- Ensure all your assets belong to the root tenant.
- Check whether Kaspersky Endpoint Security for Windows on all the assets is updated to the version 12.6 or later.
- Ensure Kaspersky Managed Detection and Response component is enabled in Kaspersky Endpoint Security for Windows on all the assets.
- Add a license key to the license key repository in Kaspersky Security Center.
- Deploy the license key to the assets automatically or by using the Add license key task.
If you have only root tenant, you can skip downloading the MDR configuration file and add and deploy your license key directly in Kaspersky Security Center Cloud Console.
To deploy Kaspersky Managed Detection and Response on Kaspersky Endpoint Security for Windows 12.6 and later:
- Ensure all your assets belong to the root tenant.
- Check whether Kaspersky Endpoint Security for Windows on all the assets is updated to the version 12.6 or later.
- Ensure Kaspersky Managed Detection and Response component is enabled in Kaspersky Endpoint Security for Windows on all the assets.
- Add a license key to the license key repository in Kaspersky Security Center Cloud Console.
- Deploy the license key to the assets automatically or by using the Add license key task.
For details about simultaneous use of MDR and EDR Optimum solutions refer to Kaspersky Endpoint Security for Windows help.
Kaspersky Endpoint Security for Windows 11.6–12.5 and later with several tenants
If you are switching to the built-in MDR functionality in Kaspersky Endpoint Security for Windows after working with it by using the Kaspersky Endpoint Agent functionality, make sure to disable Kaspersky Managed Detection and Response in the Kaspersky Endpoint Agent policy after configuring the integration with Kaspersky Managed Detection and Response in the Kaspersky Endpoint Security for Windows policy for all assets with Kaspersky Endpoint Security for Windows 11.6 and later.
Note that if the same policy is also applied to assets with Kaspersky Endpoint Security for Windows 11.5 and earlier, it is necessary to create and configure a separate policy for these assets first, to maintain their integration with Kaspersky Managed Detection and Response via the Kaspersky Endpoint Agent policy.
Kaspersky Endpoint Security for Windows 11.3–11.5
- Create an Install application remotely task in Kaspersky Security Center Cloud Console. In the Select the distribution package for installation window, choose the BAT file from the MDR configuration file.
- Run the task manually or wait for it to launch according to the schedule you specified in the task settings.
Make sure that the task is performed on all of your assets.
- Configure Kaspersky Endpoint Security for Windows on your assets.
The following components must be enabled:
- Kaspersky Security Network
In the Kaspersky Security Network settings, select the Enable Extended KSN mode check box.
- Behavior Detection
Enabling these components is mandatory. Otherwise, Kaspersky Managed Detection and Response is not operable, as sending telemetry is not possible.
Additionally, Kaspersky Managed Detection and Response can use data from the following components:
- If you have enabled Firewall in Kaspersky Endpoint Security for Windows, create a Firewall rule with the following properties:
If you are using Kaspersky Endpoint Detection and Response Optimum
- Ensure that you have installed Kaspersky Endpoint Agent as part of Kaspersky Endpoint Security for Windows.
Kaspersky Endpoint Agent can be installed:
- Check whether your Kaspersky Endpoint Agent for Windows version is up to date and, if necessary, update it.
Kaspersky Endpoint Agent 3.11 is required to work with Kaspersky Security Center Cloud Console.
- Configure your Kaspersky Endpoint Detection and Response Optimum solution.
- Create a policy for Kaspersky Endpoint Agent.
- Set up integration between Kaspersky Endpoint Agent for Windows and Kaspersky Managed Detection and Response by uploading the BLOB file from the MDR configuration file to the Kaspersky Endpoint Agent policy.
- Configure Kaspersky Endpoint Security for Windows on your assets.
The following components must be enabled:
- Kaspersky Security Network
In the Kaspersky Security Network settings, the Enable Extended KSN mode check box must be selected.
- Behavior Detection
Enabling these components is mandatory. Otherwise, Kaspersky Managed Detection and Response is not operable, as sending telemetry is not possible.
Additionally, Kaspersky Managed Detection and Response can use data from the following components:
- If you have enabled Firewall in Kaspersky Endpoint Security for Windows, create a Firewall rule with the following properties:
- In the Action drop-down list, select the Allow value.
- In the Direction drop-down list, select the Inbound/Outbound value.
- In the Remote addresses and Local addresses drop-down lists, select the Any address value.
Once the rule is created, move it to the top of the rules list.
Enabling these components is optional. If they are disabled, Kaspersky Managed Detection and Response continues sending telemetry, but with limited data.