How to connect a device to Kaspersky Security Center

After Kaspersky Endpoint Security for Android is installed on a mobile device, you can connect the device to Kaspersky Security Center. The data necessary for connecting the device to Kaspersky Security Center is transmitted to the mobile device together with the other settings listed in the configuration file. After connecting the device to Kaspersky Security Center, you can use group policies to centrally configure the app settings. You can also receive reports and statistics on the performance of Kaspersky Endpoint Security for Android.

Prior to connecting devices to Kaspersky Security Center, make sure that the following conditions are fulfilled:

• The Kaspersky Endpoint Security for Android Administration Plug-in is installed on the administrator's workstation.
• The port for connecting mobile devices is opened in the Administration Server properties.
• The display of the Mobile Device Management folder is enabled in the Administration Console.
• A general certificate for identifying the mobile device user has been created in the Kaspersky Security Center certificate storage.

Prior to connecting devices to Kaspersky Security Center, it is recommended to do the following:

• If you want to create tasks and policies for mobile devices, create a separate administration group for mobile devices.
• If you want to automatically move mobile devices to a separate administration group, create a rule for automatically moving devices from the Unassigned devices folder.
• If you want to centrally configure Kaspersky Endpoint Security for Android, create a group policy.

To connect a device to Kaspersky Security Center:

1. In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
2. In the KscServer field, enter the DNS name or IP address of the Kaspersky Security Center Administration Server. The default port is 13292.
3. If you do not want the user to be distracted by Kaspersky Endpoint Security for Android notifications, disable app notifications. To do so, set the DisableNotification = True setting.

   After connecting, the app shows all notifications. You can disable certain app notifications in the policy settings.

   Do not disable app notifications if you do not use Kaspersky Security Center. This could cause a user to not receive notifications about the license expiring. As a result, the app will stop performing its functions.

After the connection settings are configured, Kaspersky Endpoint Security for Android displays a notification prompting you to grant the following additional rights and permissions:

• Permission to use the Camera for Anti-Theft operation (Mugshot command).
• Permission to use Location for Anti-Theft operation (Locate device command).
• Device administrator rights (Android work profile owner) for operation of the following app functions:
  • Install security certificate.
  • Configure Wi-Fi.
  • Configure Exchange ActiveSync.
  • Restrict use of the camera, Bluetooth, and Wi-Fi.

  Due to the specific characteristics of an Android work profile (absence of the Accessibility service), the App Control and Anti-Theft features are unavailable in the app.

When the user grants the necessary rights and permissions, the device will be connected to Kaspersky Security Center. If a rule for automatically moving devices to an administration group has not been created, the device will be automatically added to the Unassigned devices folder. If a rule for automatically moving devices to an administration group has been created, the device will be automatically added to the defined group.

Kaspersky Endpoint Security provides the following devices name format:

• Device model [email, device ID]
• Device model [email (if any) or device ID]

A device ID is a unique ID that Kaspersky Endpoint Security for Android generates from the data received from a device. For mobile devices running Android 10 or later, Kaspersky Endpoint Security for Android uses the SSAID (Android ID) or checksum of other data received from the device. For earlier versions of Android, the app uses the IMEI. You can configure device name format in the group policy.

In SOTI MobiControl, you can use the %DEVICENAME% macro in the KscDeviceName field. This macro allows you automatically get the device name from the SOTI MobiControl console to Kaspersky Security Center.

You can also add a tag to the device name. This makes it easier to find and sort devices in Kaspersky Security Center. The tag is available only for VMware AirWatch.

To add the tag to the device name:

1. In the EMM Console, open the settings of the Kaspersky Endpoint Security for Android app.
2. In the KscDeviceNameTag field, select the values:
   • {DeviceSerialNumber} – Serial number of the device.
   • {DeviceUid} – Unique device identifier (UDID).
   • {DeviceAssetNumber} – Device asset number. This number is created internally from within your organization.

   We recommend using only these values. VMware AirWatch supports other values, but Kaspersky Endpoint Security cannot guarantee work these values.

You can add some values (for example, {DeviceSerialNumber} {DeviceUid}). The tag will be added to the device name in Kaspersky Security Center. A space separates the tag and the device name. For example, if the device name is Google Pixel 2 a10c6b75f7b31de9 22:7D:78:9E:C5:1E, then 22:7D:78:9E:C5:1E is UDID tag. If you use Kaspersky Security Center and VMwareAirWatch, the tag allows you to identify devices in both consoles. To match the device, select the same values for the device name (for example, the serial number of the device).

After the device is connected to Kaspersky Security Center, the app settings will be changed according to the group policy. Kaspersky Endpoint Security for Android ignores the app settings from the configuration file that was configured in the EMM Console. You can configure all sections of the policy except the following sections:

• Anti-Theft (Device lock)
• Containers
• Device management (Screen lock)
• App Control (Block forbidden apps)
• Android work profile
• Manage Samsung KNOX

Due to the method used to deploy a work profile, you cannot apply group policy settings from the Android work profile section. These settings can be applied only if the work profile was created using Kaspersky Security Center.