Quick Start Guide

Read this Quick Start Guide to get started with Kaspersky Endpoint Security Cloud. The Guide contains tips for managing the accounts of your users and installing security applications on their devices.

Quick start scenario

After you complete the scenario, the devices in your organization will be protected. The scenario proceeds in stages:

Create an account To start using Kaspersky Endpoint Security Cloud, you need an account on Kaspersky Business Hub. To create an account:
1. Open your browser and enter the following URL: https://cloud.kaspersky.com.
2. Click the Create an account button.
3. Follow the onscreen instructions.
- Change settings for each company individually.
- Keep track of the license count, and the increase or decrease of the number of users in the company.
- Assign administrator rights to a user within the company, who can access only that company's workspace.
To create a company workspace:
1. Open your browser and enter the following URL: https://cloud.kaspersky.com.
2. Click the Sign in button.
3. Follow the onscreen instructions.
Perform initial setup of Kaspersky Endpoint Security Cloud After you create a company workspace, you must perform initial setup of Kaspersky Endpoint Security Cloud. The initial setup begins automatically when you start Kaspersky Endpoint Security Cloud Management Console for the first time. The Welcome to Kaspersky Endpoint Security Cloud window is displayed. Follow the onscreen instructions. When initial setup is complete, Kaspersky Endpoint Security Cloud Management Console is ready to use.
Deploy security applications on your users' devices When your first workspace is prepared, follow the main setup steps provided in the Information panel → Getting started section. These steps include adding user accounts, connecting devices to Kaspersky Endpoint Security Cloud, and creating a certificate for iOS and iPadOS devices. These steps are divided into three groups:
- Preconfigured You already took these steps when you created the workspace.
- Required You must take this step to start protection of the devices. Add users by providing their email addresses. An invitation is sent to the email address and it contains the download link to the security application. When the user clicks the link, Kaspersky Endpoint Security Cloud recognizes the device operating system, thus ensuring that the proper software is downloaded. As an alternative, you can simultaneously protect multiple devices that are running Windows. To do this, you can deploy security applications by using a Group Policy script.
- Recommended We recommend that you take these steps to enhance the protection of devices.
  1. Once the software has been downloaded and installed on the device of the user, assign the user as the device owner.
  2. Create an Apple Push Notification service (APNs) certificate. The APNs certificate is created in one run. You must follow the steps for its creation without interruption, because the signing process has a time stamp that will expire if the creation process takes too long.
Manage protection After the security application is installed on a device, the device is assigned the Default security profile. This is the security profile with the default settings that are recommended by Kaspersky experts. In the Security management → Security profiles section, you can create different security profiles. Every new security profile holds the default settings until you modify them. You can also copy existing security profiles. Each security profile holds four tabs for the respective platforms: Windows, macOS, Android, and iOS with iPadOS. When you assign a security profile to a user, the security profile is applied to all devices owned by the user. Only the Default security profile can be applied to devices without owners. When creating a security profile, take into consideration the organizational structure of the company that you manage. For example, the security profile for a developer may differ from the one used for a sales representative or a human resources assistant. Name each security profile accordingly. We recommend that you prevent users from modifying or deleting the security applications installed on their devices. Therefore, define the following settings:
- For Windows devices, do the following:
  1. On the Windows → Advanced → Interaction with end users tab, make sure that Password protection is enabled.
  2. Select the operations that a user will be allowed to perform only with the password.
- For Mac devices, do the following:
  1. On the Mac → Advanced → Interaction with end users tab, choose whether you want the Kaspersky Endpoint Security for Mac application icon visible on the menu bar or not.
  2. On each device in system preferences, use the macOS account type settings (admin or standard user) and the "lock" icon () to prevent the user from removing the software.
- For Android devices, do the following:
  1. On the Android → Security settings tab, make sure that Screen lock is enabled to protect the device from unauthorized access.
  2. On the Advanced tab, make sure that Kaspersky Endpoint Security for Android cannot be removed.
- For iOS and iPadOS devices: on the iOS → Security settings tab, make sure that Screen lock is enabled to protect the device from unauthorized access.
After defining the required settings of security profiles, you can assign security profiles to the intended users.
The background scan mode of Kaspersky Endpoint Security for Windows does not display notifications for the user. This scan requires less computer resources than other types of scans (such as a full scan). In this mode, Kaspersky Endpoint Security for Windows scans startup objects, the boot sector, system memory, and the system partition.