How to connect a device to Kaspersky Security Center

After Kaspersky Endpoint Security for Android is installed on a mobile device, you can connect the device to Kaspersky Security Center. The data necessary for connecting the device to Kaspersky Security Center is sent to the mobile device together with the other settings listed in the configuration file. After connecting the device to Kaspersky Security Center, you can use group policies to centrally configure the app settings. You can also receive reports and statistics on the performance of Kaspersky Endpoint Security for Android.

Prior to connecting devices to Kaspersky Security Center, make sure that the following conditions are fulfilled:

• Kaspersky Mobile Devices Protection and Management plug-in is installed on the host of the Kaspersky Security Center Web Console.
• The port for connecting mobile devices is opened in the Administration Server properties.
• A mobile certificate for identifying the mobile device user has been created in the Administration Server properties of Kaspersky Security Center.

Prior to connecting devices to Kaspersky Security Center, we recommend doing the following:

• If you want to create policies for mobile devices, create a separate administration group for mobile devices. Only the personal device operating mode is supported by third-party EMM solutions.
• If you want to automatically move mobile devices to a separate administration group, create a rule for automatically moving devices from the Unassigned devices folder.
• If you want to centrally configure Kaspersky Endpoint Security for Android, create a group policy.

To connect a device to Kaspersky Security Center:

1. In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
2. In the KscServer field, enter the DNS name or IP address of the Kaspersky Security Center Administration Server. The default port is 13292.
3. If you do not want the user to be distracted by Kaspersky Endpoint Security for Android notifications, disable app notifications. To do so, set DisableNotification = True.

   After connecting, the app shows all notifications. You can disable certain app notifications in the policy settings.

   Do not disable app notifications if you do not use Kaspersky Security Center. This could cause a user to not receive notifications about the license expiring. As a result, the app will stop performing its functions.

After the connection settings are configured, Kaspersky Endpoint Security for Android displays a notification prompting you to grant the following additional rights and permissions:

• Permission to use the camera for Anti-Theft operation (Take photos command).
• Permission to use the location for Anti-Theft operation (Locate device command).
• Device administrator rights (Android work profile owner) for operation of the following app functions:
  • Configure Wi-Fi.
  • Restrict use of the camera, Bluetooth, and Wi-Fi.

  Due to the specific characteristics of a third-party Android work profile, Anti-Theft features are unavailable in the app and the App Control cannot block apps by their category.

When the user grants the necessary rights and permissions, the device will be connected to Kaspersky Security Center. If a rule for automatically moving devices to an administration group has not been created, the device will be automatically added to the Unassigned devices folder. If a rule for automatically moving devices to an administration group has been created, the device will be automatically added to the specified group.

Kaspersky Endpoint Security provides the following device name format: Device model [device ID, email].

In SOTI MobiControl, you can use the %DEVICENAME% macro in the KscDeviceName field. This macro allows you automatically get the device name from the SOTI MobiControl console into Kaspersky Security Center.

You can also add a tag to the device name. This makes it easier to find and sort devices in Kaspersky Security Center. The tag is available only for VMware AirWatch.

To add the tag to the device name:

1. In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
2. In the KscDeviceNameTag field, select the values:
   • {DeviceSerialNumber} – Serial number of the device.
   • {DeviceUid} – Unique device identifier (UDID).
   • {DeviceAssetNumber} – Device asset number. This number is created internally from within your organization.

   We recommend using only these values. VMware AirWatch supports other values, but Kaspersky Endpoint Security cannot guarantee that these values will work.

You can add some values (for example, {DeviceSerialNumber} {DeviceUid}). The tag will be added to the device name in Kaspersky Security Center. A space separates the tag and the device name. For example, if the device name is Google Pixel 2 a10c6b75f7b31de9 22:7D:78:9E:C5:1E, then the UDID tag is 22:7D:78:9E:C5:1E. If you use Kaspersky Security Center and VMwareAirWatch, the tag lets you identify devices in both consoles. To match the device, select the same values for the device name (for example, the serial number of the device).

After the device is connected to Kaspersky Security Center, the app settings will be changed according to the group policy. Kaspersky Endpoint Security for Android ignores the app settings from the configuration file that was configured in the EMM Console. You can configure all sections of the policy except the following sections:

• Anti-Theft
• Screen unlock settings
• The App use tab of the App Control section
• Corporate container on devices
• Samsung Knox settings

Due to the method used to deploy a third-party work profile, you cannot apply group policy settings from the Corporate container on devices section. These settings can be applied only if the corporate container was created using Kaspersky Security Center.

Page top