Kaspersky Security Center licensing options

Kaspersky Security Center can work in the following modes:

No license (basic functionality)
Kaspersky Security Center works in this mode before the application is activated or after the commercial license expires. Kaspersky Security Center with support of the basic functionality of Administration Console is delivered as a part of Kaspersky applications for protection of corporate networks. You can also download it from Kaspersky website.
Commercial license
If you need additional functionality which is not included in the basic functionality of Administration Console, you must purchase a commercial license.

When adding a license key in the Administration Server properties window, ensure that you add a license key that lets you use Kaspersky Security Center. You can find this information at the Kaspersky website. Each solution webpage contains the list of applications included in this solution. Administration Server may accept unsupported license keys, for example a license key for Kaspersky Endpoint Security Cloud, but such license keys provide no new features in addition to the basic functionality of Administration Console.

Feature or property	Kaspersky Security Center operation mode

	No license	Commercial license
Basic functionality of Administration Console The following functions are available: Creation of virtual Administration Servers that are used to administer a network of remote offices or client organizations. Creation of a hierarchy of administration groups to manage specific devices as a single entity. Remote installation of applications. Centralized configuration of applications installed on client devices. Control of the anti-virus security status of an organization. Management of user roles. Statistics and reports on the application's operation, as well as notifications about critical events. Centralized operations with files that were moved to Quarantine or Backup and files whose processing was postponed. Encryption and data protection management. Viewing and editing existing licensed applications groups. Viewing and manual editing of the list of hardware components detected by polling the network. Viewing the list of operating system images available for remote installation.
Vulnerability and patch management: basic functionality The following tasks do not require a commercial license: The Find vulnerabilities and required updates task Through this task, Kaspersky Security Center receives the lists of detected vulnerabilities and required updates for the third-party software installed on the managed devices. The Install Windows Update updates task This task can be used to install Windows Update updates only. To use this task, you must manually specify the required updates in the task settings. The Fix vulnerabilities task The Fix vulnerabilities task uses recommended fixes for Microsoft software and user fixes for third-party software. To use this task, you must manually specify user fixes for vulnerabilities in the task settings.
Vulnerability and patch management: advanced functionality The following functions are available: Remote installation of software updates and fixing of vulnerabilities automatically, according to the rules that you define. Usage of Administration Server as the Windows Server Update Services (WSUS) server to provide updates to Windows Update services on devices in centralized mode and with the set frequency.
Mobile Device Management feature in MMC-based Administration Console The Mobile Device Management feature is used to manage Exchange ActiveSync (EAS) and iOS MDM mobile devices. The following functions are available for Exchange ActiveSync mobile devices: Adding new devices under management of Kaspersky Security Center. Creation and editing of mobile device management profiles, assignment of profiles to users' mailboxes. Configuration of mobile devices (email synchronization, apps usage, user password, data encryption, connection of removable drives). Installation of certificates on mobile devices. The following functions are available for iOS MDM devices: Adding new devices under management of Kaspersky Security Center. Creating and editing configuration profiles, and installing configuration profiles on mobile devices. Installing applications on mobile devices through App Store® or using manifest files (.plist). Locking mobile devices, resetting the mobile device password, and deleting all data from the mobile device. The following functions are available for Android devices: Adding new devices under management of Kaspersky Security Center. Managing Kaspersky Endpoint Security for Android through policy. In addition, Mobile Devices Management allows executing commands provided by relevant protocols. The management unit for Mobile Devices Management is a mobile device. A mobile device is considered to be managed after it is connected to the Mobile Devices Server.		(A license key must be added to the Administration Server properties.)
Mobile device protection in Kaspersky Security Center Web Console Kaspersky Security Center Web Console provides you with the following features to manage Android and iOS mobile devices: Adding new devices under management of Kaspersky Security Center. Managing Kaspersky Endpoint Security for Android and Kaspersky Security for iOS through policies. Sending commands to the mobile devices through relevant protocols and executing the commands.		(A license key must be added on each mobile device.)
Systems management The following functions are available: Installation of operating systems and applications. Kaspersky Security Center allows you to create operating system images and deploy them on client devices on the network, as well as perform remote installation of applications by Kaspersky or other vendors. You can capture operating system images from devices and transfer those images to the Administration Server. Such images of operating systems are stored on the Administration Server in a dedicated folder. The operating system image of a reference device is captured and then created through an installation package creation task. You can use the images received for deployment on new networked devices on which no operating system has been installed yet. A technology named Preboot eXecution Environment (PXE) is used in this case. Licensed applications group management. Remote permission of connection to client devices through a component of Microsoft® Windows® named Remote Desktop Connection. Remote connection to client devices through Windows Desktop Sharing. Remote connection through Kaspersky Remote Desktop Session Viewer.
Integration with cloud environments Kaspersky Security Center not only works with on-premises devices, but also provides special features for working in a cloud environment, such as Cloud Environment Configuration Wizard. Kaspersky Security Center works with the following virtual machines: Amazon EC2 instances Microsoft Azure virtual machines Google Cloud virtual machines instances Yandex.Cloud virtual machines
Exporting events to SIEM systems: using the Syslog protocol Using the Syslog protocol, you can relay any events that occur on the Kaspersky Security Center Administration Server and in Kaspersky applications that are installed on managed devices. The Syslog protocol is a standard message-logging protocol. You can use it to export events to any SIEM system.