Datto EDR and Datto AV Integration

NAVIGATION   Modules > Integrations > Datto EDR/AV

SECURITY  Administrator

Configuring the integration

The VSA 10 integration with Datto EDR/AV must first be enabled from the Datto EDR portal. Refer to In Datto EDR in the Datto EDR Help system.

With the integration active, your VSA 10 organizations and sites will be automatically synchronized with Datto EDR. Any endpoints protected by the Endpoint Security agent will be synced as devices and assigned to their corresponding locations.

Following the initial sync, Datto EDR will continue to check in with VSA 10 every four hours and continue to replicate any new changes to organizations, locations, and devices it discovers. The X icon will precede the names of all entities synced from VSA 10.

Accessing the integration from VSA 10

From the left navigation menu in VSA 10, navigate to Integrations > Datto EDR/AV.

Datto EDR/AV Windows Agent deployment

  1. From the left navigation menu in VSA 10, navigate to Configuration > Organizations.
  2. Select the organization, site, or group to which you want to assign the Datto EDR/AV Deployment policy.
  3. Click the Policies tab, and then click Edit.
  4. In the Ransomware Detection\EDR Policy section, assign the Datto EDR/AV Deployment policy and save changes.
  5. Datto EDR/AV Windows agents will be deployed and registered to all targeted devices.

NOTE  You cannot assign a Ransomware Detection policy and a Datto EDR/AV policy to the same device.

NOTE  Linux and macOS agent deployment will be supported in future version of the integration.

NOTE  Only admin users will have the ability to deploy Datto EDR through VSA 10.

NOTE  Removing the Datto EDR/AV policy will not remove the Datto EDR/AV agent from the endpoints.

Monitoring the status of the Datto EDR/AV agent from the device details pane

Navigate to Devices > Device List to monitor the status of the Datto EDR/AV agent from each device.

The following statuses will appear in the device details pane in the Endpoint Protection section as Datto EDR/AV, along with a link to view the device in the Datto EDR portal.

  • EDR Agent Status
  • AV Agent Status
  • RWD Agent Status
  • Isolation

Status definitions

  • “-“: The status could not yet be collected from the agent, or the device is offline.
  • Not Installed: The agent service could not be found on the machine.
  • Not Running: The agent service is not started.
  • Running: The agent service is in a running state.
  • No Policy: No agent specific policy is applied for the type of protection.

Removing the Datto EDR/AV agent

Uninstalling the Datto EDR/AV agent is done from the Datto EDR portal.

Refer to Uninstallation in the Datto EDR Help system.

Legacy deployment instructions

If you plan on deploying Datto EDR and/or Datto AV without using the integration, you can follow the below instructions.

Using a workflow template, you can easily manage the deployment of Datto EDR and Datto AV agents on Windows machines. Complete the following steps:

  1. From the left navigation menu in VSA 10, navigate to Automation > Workflows.
  2. From the Actions drop-down menu in the upper-right corner of the Workflows page, click Create from Template.
  3. In the list of workflow templates, click Deploy Datto EDR/AV.
  4. In the Status section, turn on the Active toggle to activate the workflow.
  5. Configure the remaining settings, including specifying the devices, organizations, and scopes the agents will be deployed to. For workflow configuration instructions, refer to Creating and editing a workflow in Workflows.
  6. Click Next to proceed to the workflow canvas.
  7. Enter the URL of your Datto EDR instance as part of the first condition, and click Confirm.