-
Datto EDR and Datto AV Integration
NAVIGATION Modules > Integrations > Datto EDR/AV
SECURITY Administrator
Configuring the integration
The VSA 10 integration with Datto EDR/AV must first be enabled from the Datto EDR portal. Refer to In Datto EDR in the Datto EDR Help system.
With the integration active, your VSA 10 organizations and sites will be automatically synchronized with Datto EDR. Any endpoints protected by the Endpoint Security agent will be synced as devices and assigned to their corresponding locations.
Following the initial sync, Datto EDR will continue to check in with VSA 10 every four hours and continue to replicate any new changes to organizations, locations, and devices it discovers. The X icon will precede the names of all entities synced from VSA 10.
Accessing the integration from VSA 10
From the left navigation menu in VSA 10, navigate to Integrations > Datto EDR/AV.
Datto EDR/AV Windows Agent deployment
- From the left navigation menu in VSA 10, navigate to Configuration > Organizations.
- Select the organization, site, or group to which you want to assign the Datto EDR/AV Deployment policy.
- Click the Policies tab, and then click Edit.
- In the Ransomware Detection\EDR Policy section, assign the Datto EDR/AV Deployment policy and save changes.
- Datto EDR/AV Windows agents will be deployed and registered to all targeted devices.
Datto EDR/AV deployment will not be initiated on a system in the following cases:
- The Ransomware Detection agent is installed or was not fully uninstalled.
- The VSA 10 Agent is out of date and does not support EDR (Agent version less than 10.13).
- This endpoint already has EDR installed.
- There is no Datto EDR/AV URL configured.
NOTE You cannot assign a Ransomware Detection policy and a Datto EDR/AV policy to the same device.
NOTE Linux and macOS agent deployment will be supported in future version of the integration.
NOTE Only admin users will have the ability to deploy Datto EDR through VSA 10.
NOTE Removing the Datto EDR/AV policy will not remove the Datto EDR/AV agent from the endpoints.
Monitoring the status of the Datto EDR/AV agent from the device details pane
Navigate to Devices > Device List to monitor the status of the Datto EDR/AV agent from each device.
The following statuses will appear in the device details pane in the Endpoint Protection section as Datto EDR/AV, along with a link to view the device in the Datto EDR portal.
- EDR Agent Status
- AV Agent Status
- RWD Agent Status
- Isolation
Status definitions
- “-“: The status could not yet be collected from the agent, or the device is offline.
- Not Installed: The agent service could not be found on the machine.
- Not Running: The agent service is not started.
- Running: The agent service is in a running state.
- No Policy: No agent specific policy is applied for the type of protection.
Viewing Datto EDR/AV integration information on the Device Management page
With the integration enabled, the following columns can be added to the table on the Device Management page:
- Datto EDR Status
- Datto EDR/AV Status
- Datto EDR/RWD Status
- Datto EDR Isolation
- Datto EDR Alerts (number of Datto EDR alerts on that endpoint that were sent to VSA 10)
- Datto EDR Policies (Shows one policy and total applied)
Additionally, the following filters related to the integration can be applied to the device management table:
- Datto EDR Status
- Datto EDR/AV Status
- Datto EDR/RWD Status
- Datto EDR Isolation
Removing the Datto EDR/AV agent
Uninstalling the Datto EDR/AV agent is done from the Datto EDR portal.
Refer to Uninstallation in the Datto EDR Help system.
Legacy deployment instructions
If you plan on deploying Datto EDR and/or Datto AV without using the integration, you can follow the below instructions.
Using a workflow template, you can easily manage the deployment of Datto EDR and Datto AV agents on Windows machines. Complete the following steps:
- From the left navigation menu in VSA 10, navigate to Automation > Workflows.
- From the Actions drop-down menu in the upper-right corner of the Workflows page, click Create from Template.
- In the list of workflow templates, click Deploy Datto EDR/AV.
- In the Status section, turn on the Active toggle to activate the workflow.
- Configure the remaining settings, including specifying the devices, organizations, and scopes the agents will be deployed to. For workflow configuration instructions, refer to Creating and editing a workflow in Workflows.
- Click Next to proceed to the workflow canvas.
- Enter the URL of your Datto EDR instance as part of the first condition, and click Confirm.