[Topic 5022]

Kaspersky Security Center Cloud Console Help

[Topic 200431]

What's new

Update April, 2025

This update of Kaspersky Security Center Cloud Console includes the following improvements:

• Kaspersky Security Center Cloud Console now supports the following Kaspersky applications:
  • Kaspersky Embedded Systems Security 3.4 for Linux
  • Kaspersky Endpoint Security 12.2 for Linux
  • Kaspersky Endpoint Security 12.8 for Windows
• Upload and run an application (or script) for diagnostics on a managed device. You can now upload either the folder or archive containing the executable file, or the executable file itself. After the application is successfully executed, you can download the execution results.
• Information about the users currently logged in to the managed device is now displayed in the General → Sessions section of the device properties window.
• New language support: Kaspersky Security Center Cloud Console infrastructure is available in the Chinese Simplified language.
• User experience improvements:
  • Available installation packages are displayed on one tab.
  • You can change the home page settings via the new Quick links section. By default, the Home page settings tab of the Quick links section is set as the home page.
  • Navigation through the administration groups is updated: you can go to the required subgroup by clicking the link with its name in the path to the administration group.
  • The Pinned section of the main menu is now called Bookmarks. You can add sections of Kaspersky Security Center Cloud Console to bookmarks, to access them quickly.

Update February, 2025

This update of Kaspersky Security Center Cloud Console improves performance when opening and navigating the Web Console.

Update October, 2024

This update of Kaspersky Security Center Cloud Console includes the following improvements:

• We have improved the integration with Microsoft Entra ID. Now, when a user signs out of the Microsoft Entra ID account that was used for authentication in Kaspersky Security Center Cloud Console, the session also ends for Kaspersky Security Center Cloud Console and the user is automatically signed out of the console.
• You can now view and download policy revisions. Kaspersky Security Center Cloud Console allows you to view a report in the HTML format or save the revision to a JSON file.
• Kaspersky Security Center Cloud Console now displays the latest task status known to the Administration Server.
• The Report on network attacks now includes the MAC address and port of the attacking machine.
• You can now close the right panel by clicking any place outside the panel. If you make any changes to the panel and then try to close it by clicking outside the panel, a confirmation window appears.
• The table header now stays pinned at the top when you scroll the table.

Update September, 2024

This update of Kaspersky Security Center Cloud Console includes the following improvements:

• Kaspersky Endpoint Agent 4.0 is supported.
• A number of old browser versions are no longer supported (Chrome earlier than version 128, Edge earlier than version 128, Firefox ESR earlier than version 115, Safari earlier than version 17.6).

Update April, 2024

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• A new Cloud Discovery feature. This feature allows you to monitor the use of cloud services on managed devices running Windows and to block access to cloud services that you consider unwanted. Cloud Discovery tracks user attempts to gain access to these services through both browsers and desktop applications.
• Integration with Microsoft Entra ID to allow the users in your organization to sign in to Kaspersky Security Center Cloud Console with their Microsoft Entra ID account credentials. Note, this feature is not available in the Russian Federation.
• You can now create connection profiles for connecting Network Agent to Administration Server. The connection profiles allow out-of-office users of laptops to change the method of connecting to an Administration Server or to switch between Administration Servers, depending on the current location of the device on the enterprise network.
• You can now open the list of your workspaces right from the main menu of the application.
• Two new localization languages were added—Traditional Chinese and Simplified Chinese.
• The default event storage setting in the task settings was changed from Save all events to Save only task execution results. This option reduces space consumption in the workspace database. The change affects only tasks created for Kaspersky Security Center. This setting remains without modification in the tasks for Kaspersky security applications.
• Kaspersky Security Center Cloud Console now additionally notifies you about the planned deletion of your workspace, 7 and 30 days after the last license key is deleted from the workspace or expires. This will give you more time to purchase another license and add its license key to the workspace.
• Kaspersky Business Hub and Kaspersky Security Center Cloud Console infrastructure now support the Kaspersky Next licenses. The application logo is changed automatically in accordance with the license that you use.
• Kaspersky Security Center Cloud Console now supports the following Kaspersky applications:
  • Kaspersky Endpoint Security for Windows version 12.4
  • Kaspersky Endpoint Security 12.0 for Mac Patch A
• When you migrate from one Kaspersky security application to another and the current application is password-protected, you can specify the uninstallation password right in the remote installation task properties.
• You can now customize the main menu of the application by pinning or unpinning your favorite menu sections. The pinned sections are added to the Pinned area for quick access.
• Optimized application interface and user experience when you select the On completing another task option while scheduling a task.
• The report on hardware now can include information about macOS devices.
• You can now select one or more client devices in the list of devices, and then launch a previously created task for them.

Update February, 2024

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• From the managed devices list, you can now select a device or several devices, and then assign an existing task to run on the selected devices. The current device scope of the task will be replaced with the devices that you selected.
• You can now assign device tags to multiple devices or remove device tags from multiple devices at once. From the managed devices list, select the devices, and then specify which tags you want to assign to or remove from the selected devices.
• Optimized appearance and user experience of the managed devices list. Added a new column Tags and the ability to filter devices by device tags.

Update January, 2024

Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 12.4 for Windows.

Update December, 2023

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• You can now check the connection to a SIEM system.
• Kaspersky Security Center Cloud Console now supports polling of a Microsoft Active Directory domain controller and a Samba domain controller through a Linux-based distribution point.
• Remote diagnostics of Linux-based managed devices.
• Kaspersky Security Center Cloud Console now supports the following Kaspersky applications:
  • Kaspersky Endpoint Security for Windows version 12.3 Patch A
  • Kaspersky Endpoint Security 12.0 for Linux
  • Kaspersky Endpoint Security 12.0 for Mac
  • Kaspersky Endpoint Agent 3.16
  • Kaspersky Embedded Systems Security 3.3 for Windows
• Two interface sections were hidden from the main menu as out of the scope of application functionality:
  • Encryption events (Operations → Data encryption and protection → Encryption events)
  • IP ranges (Discovery & deployment → Discovery → IP ranges)
• We have updated the text of the Data Processing Agreement for Kaspersky Security Center Cloud Console.
• A number of old browser versions are no longer supported (Firefox ESR earlier than version 102).

Update September, 2023

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Embedded Systems Security 3.3 for Linux.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 12.2 for Windows.
• Optimization of user interface when working with the user list in the Assets (Devices) section.

Update June, 2023

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• A new Hardening Guide was released. We highly recommend that you carefully read the guide and follow the security recommendations for configuring Kaspersky Security Center Cloud Console and your network infrastructure.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.3 for Mac.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.4 for Linux.
• You can use Kaspersky Security Center Cloud Console to export event selections to a file, and then import the event selections to Kaspersky Security Center Windows or Kaspersky Security Center Linux.
• You can now use a distribution point as a push server for the devices managed by Network Agent. This feature allows you to make sure that continuous connectivity between a managed device and the Administration Server is established.
• Reorganization of the section with settings to integrate Kaspersky Security Center Cloud Console with other Kaspersky applications.
• Reorganization of the user interface of the Remote diagnostics section.
• You can now save information about all devices included in a device selection to a CSV file at once.
• A number of improvements in the user interface and usability, including the ability to select all items in a table.

Update March, 2023

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports clusters and server arrays as managed devices. If a Kaspersky application is installed on a cluster node, Network Agent sends this information to Administration Server. In Web Console, clusters and server arrays are listed separately from other managed devices. You manage each cluster or server array as an individual, inseparable object.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 12.0 for Windows.
• The maximum number of entries that a report can include was increased up to 2500 for a report in Web Console and up to 10,000 for a report that you export to a file.
• You can now choose whether or not you want to include the managed devices with the OK status in the Protection status report.
• You can now activate Kaspersky Security Center Cloud Console by using one of the following licenses or add the license keys of the listed licenses to an existing workspace:
  • Kaspersky Symphony Security
  • Kaspersky Symphony EDR
  • Kaspersky Symphony MDR
  • Kaspersky Symphony XDR
• A special edition of Network Agent for Windows XP was released.
• The updated Network Agent for Linux supports the KSN Proxy service. Along with Windows-based distribution points, you can now use Linux-based distribution points to forward Kaspersky Security Network (KSN) requests from the managed devices. This feature allows you to redistribute and optimize traffic on the network.
• The updated Network Agent for Linux supports the Applications registry feature. Network Agent can compile a list of applications installed on a Linux-based managed device, and then transmit this list to Administration Server.
• You can use Kaspersky Security Center Cloud Console to export policies and tasks to a file, and then import the policies and tasks to Kaspersky Security Center Windows or Kaspersky Security Center Linux.

Update November, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.3 for Linux.
• Kaspersky Security Center Cloud Console now supports Kaspersky Managed Detection and Response 2.1.18.
• Kaspersky Security Center Cloud Console now supports updated versions of Kaspersky Endpoint Security for Mac 11.2 and 11.2.1, to support macOS 13.
• Videos in the Introduction & tutorials section have been updated.

Update October, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• We have updated the text of the Data Processing Agreement for Kaspersky Security Center Cloud Console.
• Kaspersky Security Center Cloud Console infrastructure now notifies you about a workspace that has no active license key and that may be deleted if you do not add a new license key.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.11.0 for Windows.
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Detection and Response Optimum 2.3.
• Kaspersky Embedded Systems Security 3.2 for Windows is supported.

Update September, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• You can now assign dedicated administrators for virtual Administration Servers. You create a user account for an administrator, and then grant the administrator the access rights to a virtual Administration Server. The assigned administrator has access only to the selected virtual Administration Server and cannot connect to the primary Administration Server or other secondary Administration Servers, physical or virtual.
• Optimized user experience when you delete a license key for Kaspersky Security Center Cloud Console. The new mechanism prevents you from deleting your last active license key by accident.
• You can now use Linux-based distribution points to download anti-virus databases for Kaspersky security applications through the Download updates to the repositories of distribution points task.
• Network Agent is now available in Japanese localization.
• In the Kaspersky Security Center Cloud Console interface, the all uppercase style of the section names has been changed to sentence-style capitalization.

Update August, 2022

New language support: Kaspersky Security Center Cloud Console is fully available in the Japanese language.

Update July, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• New versions of supported Kaspersky applications:
  • Kaspersky Endpoint Agent 3.13
  • Kaspersky Endpoint Security 11.2.1 for Mac
  • Kaspersky Security for iOS 1.0.0
  • Kaspersky Endpoint Security 11.10.0 for Windows
• We have updated the text of the Agreement and Data Processing Agreement for Kaspersky Security Center Cloud Console.
• New language support: Kaspersky Security Center Cloud Console infrastructure is now available in Japanese. The support of the Japanese language inside Kaspersky Security Center Cloud Console workspaces is coming soon.

Update April, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.9.0 for Windows.
• Kaspersky Security Center Cloud Console now supports the Japanese localization of Kaspersky Embedded Systems Security.

Update March 09, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Integration with Kaspersky Endpoint Detection and Response Expert is implemented.
• Incident Response Platform (IRP) is implemented. Now you can manage security incidents via Kaspersky Security Center Cloud Console.
• Kaspersky Security Center Cloud Console now accepts license keys for Kaspersky Endpoint Detection and Response Expert. The minimum number of devices for the license is 50.

Update February 11, 2022

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Licenses for Kaspersky Embedded Systems Security for Windows are now supported.
• Kaspersky Endpoint Security 11.8.0 for Windows is supported.
• You can install Kaspersky Endpoint Security 11.8.0 for Windows using a distribution package in Japanese.
• Kaspersky Endpoint Agent 3.12 is supported.

Update December 10, 2021

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Work with internal users is improved:
  • You can now add new internal users on the portal.
  • The application now prevents you from decreasing your own rights.

Update October 18, 2021

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Detection and Response Optimum 2.0.
• You can now manage mobile devices running Android by using Kaspersky Security Center Cloud Console.
• Kaspersky Marketplace is available as a new menu section: you can now search for a Kaspersky application by using Kaspersky Security Center Cloud Console.
• A new menu section, Kaspersky announcements, is available. Kaspersky announcements keep you informed by providing information related to the Kaspersky applications installed on the managed devices. Kaspersky Security Center Cloud Console periodically updates the information in the section.
• You can now manage secondary Administration Servers running under Linux operating systems via Kaspersky Security Center Cloud Console.

Update September 07, 2021

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• You can now use Active Directory Federation Services (ADFS) to log in to Kaspersky Security Center Cloud Console by using your Active Directory account, without creating a new user account.
• Kaspersky Security Center Cloud Console now works with the following cloud environments: Amazon Web Services, Microsoft Azure, and Google Cloud. To protect virtual machines (or instances) in a cloud environment, you need one of the Kaspersky Hybrid Cloud Security licenses. The Cloud Environment Configuration Wizard is available.
• The maximum number of devices per one workspace is now 25,000.
• Integration with SIEM systems now is available in Kaspersky Security Center Cloud Console. You can export events to SIEM systems by using the Syslog protocol.
• You can now create virtual Administration Servers. Each virtual Administration Server can have its own structure of administration groups, policies, tasks, reports, and events. You can use virtual Administration Servers for the management of client organizations with complicated workflows within your workspace. However, you cannot migrate virtual Administration Servers from Kaspersky Security Center running on-premises to Kaspersky Security Center Cloud Console.
• You can now adjust the width of columns in tables, and sort and search for data.
• We have improved the stability and availability of Kaspersky Business Hub and Kaspersky Security Center Cloud Console.

Update October 27, 2020

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Security 11.6.0 for Windows, Kaspersky Endpoint Security 11.1 for Mac Patch A, and Kaspersky Endpoint Agent 3.10 (as part of Kaspersky Endpoint Detection and Response Optimum).
• You can now use the following licenses:
  • Kaspersky Endpoint Detection and Response Optimum
  • Kaspersky Endpoint Security for Business Advanced
  • Kaspersky Total Security for Business
• The following features are implemented:
  • Vulnerability and patch management
  • Encryption management
  • Application Control
  • Adaptive Anomaly control
  • RDP sessions, including Windows Desktop Sharing
• The navigation menu is now vertical, which resembles the Microsoft Management Console-based interface of Kaspersky Security Center.
• Technical training videos are now available; they will help you to learn how the application works.

Update June 30, 2020

This update of Kaspersky Security Center Cloud Console includes the following new features and improvements:

• Kaspersky Security Center Cloud Console now supports Kaspersky Security 11 for Windows Server (starting from September, 2020).
• Kaspersky Security Center Cloud Console now supports Kaspersky Endpoint Agent 3.9 and Kaspersky Endpoint Security 11.4.0 for Windows.
• The Quick Start Wizard has been improved: some steps have been removed, the sequence of steps has been slightly changed, and some texts have been edited for usability.
• Kaspersky Security Center Cloud Console is now available in the Italian language.
• You can now revoke the End User License Agreement (EULA) for any managed Kaspersky application via the interface of Kaspersky Security Center Cloud Console. You must uninstall the selected application before revoking its EULA.
• You can now delete workspaces. If you mark a workspace for deletion, it is by default deleted automatically in seven days. However, you can force the deletion of the workspace, so that it is deleted immediately.
• Two-step verification for signing in to the console is implemented.

[Topic 166361]

Kaspersky Security Center Cloud Console

The section contains information about the purpose of Kaspersky Security Center Cloud Console and its main features and components.

Kaspersky Security Center Cloud Console is an application hosted and maintained by Kaspersky. You do not have to install Kaspersky Security Center Cloud Console on your computer or server. Kaspersky Security Center Cloud Console enables the administrator to install Kaspersky security applications on devices on a corporate network, remotely run scan and update tasks, and manage the security policies of managed applications. The administrator can use a detailed dashboard that provides a snapshot of corporate device statuses, detailed reports, and granular settings in protection policies.

[Topic 195506]

About Kaspersky Security Center Cloud Console

Kaspersky Security Center Cloud Console is an application aimed at corporate network administrators and employees responsible for protection of devices in a wide range of organizations.

Kaspersky Security Center Cloud Console enables you to do the following:

• Install Kaspersky applications on devices on your network and manage the installed applications.
• Create a hierarchy of administration groups to manage a selection of client devices as a whole.
• Create virtual Administration Servers and arrange them in a hierarchy.
• Protect your network devices, including workstations and servers:
  • Manage an antimalware protection system built on Kaspersky applications.
  • Use the detection and response (EDR and MDR) capabilities (a license for Kaspersky Endpoint Detection and Response and/or for Kaspersky Managed Detection and Response is required), including:
    • Analyzing and investigating incidents
    • Incident visualization through creating a threat development chain graph
    • Accepting or rejecting responses manually or setting up the auto-accept of all responses
• Use Kaspersky Security Center Cloud Console as a multi-tenant application.
• Remotely manage Kaspersky applications installed on client devices.
• Perform centralized deployment of license keys for Kaspersky applications to client devices.
• Create and manage security policies for devices on your network.
• Create and manage user accounts.
• Create and manage user roles (RBAC).
• Create and manage tasks for applications installed on your network devices.
• View reports on the security system status for every client organization individually.

You manage Kaspersky Security Center Cloud Console by using a cloud-based Administration Console that ensures interaction between your device and Administration Server over a browser. Administration Server is an application designed for managing Kaspersky applications installed on your network devices. When you connect to Kaspersky Security Center Cloud Console by using your browser, the browser establishes a connection with Kaspersky Security Center Cloud Console Server.

The Administration Server and connected database management system (DBMS) are deployed in a cloud environment and provided to you as a service. Maintenance of both Administration Server and the DBMS is provided as part of the service. All software components of Kaspersky Security Center Cloud Console are kept up-to-date. The Administration Server and created objects (such as policies and tasks) are backed up regularly to keep them safe.

Kaspersky Security Center Cloud Console is a multi-language application. You can change the interface language at any time, without reopening the application.

Updates functionality (including providing anti-virus signature updates and codebase updates), as well as KSN functionality may not be available in the software in the U.S.

[Topic 166364]

Hardware and software requirements for Kaspersky Security Center Cloud Console

Administration Console

For a client, the use of Kaspersky Security Center Cloud Console requires only a browser.

You can only use a single browser window or tab to work with Kaspersky Security Center Cloud Console.

The minimum screen resolution is 1366x768 pixels.

The hardware and software requirements for the device are identical to the requirements of the browser that is used with Kaspersky Security Center Cloud Console.

Browser:

• Google Chrome 133.0.6943.53 or later
• Microsoft Edge 134.0.3124.66 or later
• Safari 17.6 on macOS
• "Yandex" Browser 25.2.3.809 or later
• Mozilla Firefox Extended Support Release 128.8.0 or later

Network Agent

Minimum hardware requirements:

• CPU with operating frequency of 1 GHz or higher. For a 64-bit OS, the minimum CPU frequency is 1.4 GHz.
• RAM: 512 MB.
• Available disk space: 1 GB.

Minimum hardware requirements for Vulnerability and patch management:

• CPU with operating frequency of 1.4 GHz or higher. A 64-bit OS is required.
• RAM: 8 GB.
• Available disk space: 1 GB.

  Operating systems supported by Network Agent

For Network Agent, the Apple Silicon (M1) architecture is also supported, as well as Intel.

The following virtualization platforms are supported:

• VMware vSphere 6.7
• VMware vSphere 7.0
• Citrix XenServer 7.1 LTSR
• Citrix XenServer 8.x
• Parallels Desktop 18
• Oracle VM VirtualBox 7.x
• Microsoft Hyper-V Server 2019 64-bit
• Microsoft Hyper-V Server 2022 64-bit
• Kernel-based Virtual Machine (all Linux operating systems supported by Network Agent)

In Microsoft Windows XP, Network Agent might not perform some operations correctly.

[Topic 172903]

Compatible Kaspersky applications and solutions

Licenses for different products grant different sets of Kaspersky applications and solutions.

You can deploy and manage the following Kaspersky applications and solutions via Kaspersky Security Center Cloud Console:

• Kaspersky Security for Windows Server 11.0.1
• Kaspersky Endpoint Security 12.8 for Windows (only Lite encryption (AES56) is supported)
• Kaspersky Endpoint Security 12.2 for Linux
• Kaspersky Endpoint Security 12.1 for Mac
• Kaspersky Embedded Systems Security 3.4 for Windows
• Kaspersky Embedded Systems Security 3.4 for Linux
• Kaspersky Endpoint Agent 4.0
• Kaspersky Endpoint Security for Android
• Kaspersky Security for iOS

You can integrate the following solutions to view and process security incidents:

• Kaspersky Managed Detection and Response
• Kaspersky Endpoint Detection and Response Optimum
• Kaspersky Endpoint Detection and Response Expert

If you install a new application version on a managed device, but use an outdated policy for the new application version rather than update the policy, the application still provides data to Kaspersky Security Center Cloud Console, but Kaspersky Security Center Cloud Console cannot process this data as described in the Processed data of managed applications section of the documentation. For Kaspersky Security Center Cloud Console to process this data, you must create a new policy for the new version of the application.

[Topic 197020]

Localization of Kaspersky Security Center Cloud Console

The interface and documentation of Kaspersky Security Center Cloud Console are available in the following languages:

• English
• French
• German
• Italian
• Japanese
• Portuguese (Brazil)
• Russian
• Simplified Chinese
• Spanish
• Spanish (LATAM)
• Traditional Chinese

[Topic 187522]

Comparison of Kaspersky Security Center and Kaspersky Security Center Cloud Console

You can use Kaspersky Security Center in the following ways:

• As a cloud solution

  Kaspersky Security Center is installed for you in cloud environment and Kaspersky gives you access to the Administration Server as a service. You manage the network security system through the cloud-based Administration Console named Kaspersky Security Center Cloud Console. This console has an interface similar to the interface of Kaspersky Security Center Web Console.

• As an on-premises solution (Windows-based or Linux-based)

  You install Kaspersky Security Center on a local device and manage the network security system through the Microsoft Management Console-based Administration Console or Kaspersky Security Center Web Console.

  In addition to the Windows-based application, Kaspersky Security Center Linux is also available. Kaspersky Security Center Linux is designed to deploy and manage protection of Linux devices by using Linux-based Administration Server to meet the requirements of pure Linux environments. The Windows-based Kaspersky Security Center and Kaspersky Security Center Linux have different sets of features.

The table below lets you compare the main features of Kaspersky Security Center and Kaspersky Security Center Cloud Console.

Feature comparison of Kaspersky Security Center running on-premises and as a cloud solution

[Topic 291461]

Architecture and basic concepts

This section explains the application architecture and basic concepts related to Kaspersky Security Center Cloud Console.

[Topic 4531]

Architecture

This section provides a description of the components of Kaspersky Security Center Cloud Console and their interaction.

Kaspersky Security Center Cloud Console architecture

Kaspersky Security Center Cloud Console managed via the cloud-based console includes two main components: Kaspersky Security Center Cloud Console infrastructure and customer's infrastructure.

Kaspersky Security Center Cloud Console infrastructure consists of the following:

• Cloud-based Administration Console. Provides a web interface for creating and maintaining the protection system of a client organization's network that is managed by Kaspersky Security Center Cloud Console.
• Cloud services. Includes update servers and activation servers.
• Kaspersky Security Network (KSN). Servers that contain a Kaspersky database with continuously updated information about the reputation of files, web resources, and software. Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false positives.

Customer's infrastructure may consist of the following:

• Distribution point. Computer that has Network Agent installed and is used for update distribution, network polling, remote installation of applications, getting information about computers in an administration group, and / or broadcasting domain. The administrator selects the appropriate devices and assigns them distribution points manually.
• Managed devices. Computers of customer's network protected through Kaspersky Security Center Cloud Console. Network Agent and a Kaspersky security application must be installed on each managed device.
• Secondary Administration Server running on-premises (optional). You can use an on-premises Administration Server to create a hierarchy of Administration Servers.

[Topic 158830]

Ports used by Kaspersky Security Center Cloud Console

To use Kaspersky Security Center Cloud Console, which is part of the Kaspersky infrastructure, you must open the following ports on the client devices to allow the internet connection (see table below):

Ports that must be open on client devices to allow the internet connection

The table below lists the ports that must be open on client devices where Network Agent is installed.

Ports that must be open on client devices

Please note that the klnagent process can also request free ports from the dynamic port range of an endpoint operating system. These ports are allocated to the klnagent process automatically by the operating system, so klnagent process can use some ports that are used by another software. If the klnagent process affects that software operations, change the port settings in this software, or change the default dynamic port range in your operating system to exclude the port used by the software affected.

Also take into account that recommendations on the compatibility of Kaspersky Security Center Cloud Console with third-party software are described for reference only and may not be applicable to new versions of third-party software. The described recommendations for configuring ports are based on the experiences of Technical Support and our best practices.

The table below lists the additional ports that must be open on client devices where Network Agent is installed as a distribution point.

Ports used by Network Agent functioning as distribution point

If you have one or more Administration Servers on your network and use them as secondary Administration Servers when the primary Administration Server is located in the Kaspersky infrastructure, please refer to the list of ports that are used by Kaspersky Security Center running on-premises. Use those ports for interaction between your secondary Administration Server (or secondary Administration Servers) and client devices.

[Topic 3302]

Basic concepts

This section explains basic concepts related to Kaspersky Security Center Cloud Console.

[Topic 3305]

Network Agent

Interaction between the Administration Server and devices is performed by the Network Agent component of Kaspersky Security Center Cloud Console. Network Agent must be installed on all devices on which Kaspersky Security Center Cloud Console is used to manage Kaspersky applications.

Network Agent is installed on a device as a service with the following set of attributes:

• With the name "Kaspersky Security Center Network Agent"
• Set to automatically start when the operating system starts
• Using the LocalSystem account

A device that has Network Agent installed is called a managed device or device. You can install Network Agent on a Windows, Linux, or Mac device.

The name of the process that Network Agent starts is klnagent.exe.

Network Agent synchronizes the managed device with the Administration Server. Kaspersky Security Center Cloud Console automatically synchronizes the Administration Server with the managed devices several times per hour. The Administration Server sets the synchronization interval (also referred to as the heartbeat) depending on the number of managed devices.

[Topic 165736]

Administration groups

An administration group (hereinafter also referred to as group) is a logical set of managed devices combined on the basis of a specific trait for the purpose of managing the grouped devices as a single unit within Kaspersky Security Center Cloud Console.

All managed devices within an administration group are configured to do the following:

• Use the same application settings (which you can specify in group policies).
• Use a common operating mode for all applications through the creation of group tasks with specified settings. Examples of group tasks include creating and installing a common installation package, updating the application databases and modules, scanning the device on demand, and enabling real-time protection.

A managed device can belong to only one administration group.

You can create hierarchies that have any degree of nesting for Administration Servers and groups. A single hierarchy level can include secondary and virtual Administration Servers, groups, and managed devices. You can move devices from one group to another without physically moving them. For example, if a worker's position in the enterprise changes from that of accountant to developer, you can move this worker's computer from the Accountants administration group to the Developers administration group. Thereafter, the computer will automatically receive the application settings required for developers.

[Topic 3304]

Hierarchy of Administration Servers

Administration Servers can be arranged in a "primary/secondary" hierarchy. Each Administration Server can have several secondary Administration Servers on different nesting levels of the hierarchy. The nesting level for secondary Administration Servers is unrestricted. The administration groups of the primary Administration Server will then include the client devices of all secondary Administration Servers.

Kaspersky Security Center Cloud Console Administration Server can only act as a primary Administration Server and can have as secondary servers only Administration Servers running on-premises.

When migrating from the Administration Server that runs on-premises to the Kaspersky Security Center Cloud Console Administration Server, you can arrange the Administration Servers in a hierarchy. Then, to mitigate the migration, you can shift only part of your managed devices to the management of the Kaspersky Security Center Cloud Console Administration Server. The rest of the managed devices remain under the management of the on-premises Administration Server. This enables you to test management features of Kaspersky Security Center Cloud Console on a limited number of managed devices. At the same time, you can configure policies, tasks, reports and other objects to test management and monitoring of your entire network. This lets you switch back to the objects configured on the on-premises Administration Server if necessary.

Each device included in the hierarchy of administration groups can be connected to one Administration Server only. You must independently monitor the connection of devices to Administration Servers. Use the feature for device search in administration groups of different Administration Servers based on network attributes.

[Topic 30636]

Virtual Administration Server

Virtual Administration Server (also referred to as virtual Server) is a component of Kaspersky Security Center Cloud Console intended for managing anti-virus protection of the network of a client organization. Each virtual Administration Server can have its own structure of administration groups and its own means of management and monitoring, such as policies, tasks, reports, and events. The functional scope of virtual Administration Servers can be used by organizations with complicated workflows.

Virtual Administration Server has the following restrictions:

• Virtual Administration Servers are supported only in the commercial mode of Kaspersky Security Center Cloud Console.
• Virtual Administration Server does not support creation of secondary Administration Servers (including virtual Servers).
• You cannot migrate virtual Administration Servers from Kaspersky Security Center to Kaspersky Security Center Cloud Console.
• Virtual Administration Servers cannot be managed by dedicated administrators. By default, the administrator that manages the primary Administration Server also manages all of the virtual Administration Servers.
• Users created on a virtual Server cannot be assigned a role on the Administration Server.
• In the virtual Administration Server properties window, the number of sections is limited.

[Topic 98876]

Distribution point

A distribution point is a device with Network Agent installed that is used for update distribution, remote installation of applications, and retrieval of information about networked devices.

The features and use cases of Network Agent installed on a device used as a distribution point vary depending on the operating system.

A distribution point can perform the following functions:

• Distribute updates and installation packages to client devices within the group (including distribution through multicasting using UDP). Updates can be received from Kaspersky update servers through an update task created for the distribution point.

  Distribution point devices running macOS cannot download updates from Kaspersky update servers.

  If one or more devices running macOS are within the scope of the Download updates to the repositories of distribution points task, the task completes with the Failed status, even if it has successfully completed on all Windows devices.

• Distribute policies and group tasks through multicasting using UDP.
• Act as a gateway for connection to the Administration Server for managed devices since a direct connection cannot be established in the cloud infrastructure.
• Poll the network to detect new devices and update information about existing ones.
• Perform remote installation of third-party software and Kaspersky applications through Microsoft Windows tools, including installation on client devices without Network Agent.

  This feature enables you to remotely transfer Network Agent installation packages to client devices located on networks to which the Administration Server has no direct access.

• Act as a proxy server participating in the Kaspersky Security Network.

  This feature is not supported by distribution point devices running Linux or macOS.

  You can enable KSN proxy server on the distribution point side to make the device act as a KSN proxy server. In this case, the KSN proxy service (ksnproxy) is run on the device.

Files are transmitted from the Administration Server to a distribution point over HTTP or, if SSL connection is enabled, over HTTPS. Using HTTP or HTTPS results in a higher level of performance, compared to SOAP, through reducing traffic.

Devices with Network Agent installed must be assigned distribution points manually according to administration groups. The full list of distribution points for specified administration groups is displayed in the report about the list of distribution points.

The scope of a distribution point is the administration group to which it has been assigned by the administrator, as well as its subgroups of all levels of embedding. However, the device acting as the distribution point may not be included in the administration group to which it has been assigned. If multiple distribution points have been assigned in the hierarchy of administration groups, Network Agent on the managed device connects to the nearest distribution point in the hierarchy.

A network location can also be the scope of distribution points. The network location is used for manual creation of a set of devices to which the distribution point will distribute updates. Network location can be determined only for devices running a Windows operating system.

Kaspersky Security Center Cloud Console assigns each Network Agent a unique IP multicast address that differs from every other address. This enables you to avoid network overload that might occur due to IP overlaps.

If two or more distribution points are assigned to a single network area or to a single administration group, one of them becomes the active distribution point, and the rest become standby distribution points. The active distribution point downloads updates and installation packages directly from the Administration Server, while standby distribution points receive updates from the active distribution point only. In this case, files are downloaded once from the Administration Server and then are distributed among distribution points. If the active distribution point becomes unavailable for any reason, one of the standby distribution points becomes active. The Administration Server automatically assigns a distribution point to act as standby.

The distribution point status (Active/Standby) is displayed with a check box in the klnagchk report.

A distribution point requires at least 4 GB of free disk space. If the free disk space of the distribution point is less than 2 GB, Kaspersky Security Center Cloud Console creates a security issue with the Warning importance level. The security issue will be published in the device properties, in the Security issues section.

Running remote installation tasks on a device assigned as distribution point requires additional free disk space. The volume of free disk space must exceed the total size of all installation packages to be installed.

Running any updating (patching) tasks and vulnerability fix tasks on a device assigned as distribution point requires additional free disk space. The volume of free disk space must be at least twice the total size of all patches to be installed.

Devices functioning as distribution points must be protected, including physical protection, against any unauthorized access.

[Topic 165761]

Management web plug-in

A special component—the management web plug-in—is used for remote administration of Kaspersky software by means of Kaspersky Security Center Cloud Console. Hereinafter, a management web plug-in is also referred to as a management plug-in. A management plug-in is an interface between Kaspersky Security Center Cloud Console and a specific Kaspersky application. With a management plug-in, you can configure tasks and policies for the application.

The management plug-in provides the following:

• Interface for creating and editing application tasks and settings
• Interface for creating and editing policies and policy profiles for remote and centralized configuration of Kaspersky applications and devices
• Transmission of events generated by the application
• Kaspersky Security Center Cloud Console functions for displaying operational data and events of the application, and statistics relayed from client devices

[Topic 3313]

Policies

A policy is a set of Kaspersky application settings that are applied to an administration group and its subgroups. You can install several Kaspersky applications on the devices of an administration group. Kaspersky Security Center Cloud Console provides a single policy for each Kaspersky application in an administration group. A policy has one of the following statuses (see the table below):

The status of the policy

Policies function according to the following rules:

• Multiple policies with different values can be configured for a single application.
• Only one policy can be active for the current application.
• You can activate an inactive policy when a specific event occurs. For example, you can enforce stricter anti-virus protection settings during virus outbreaks.
• A policy can have child policies.

Generally, you can use policies as preparations for emergency situations, such as a virus attack. For example, if there is an attack via flash drives, you can activate a policy that blocks access to flash drives. In this case, the current active policy automatically becomes inactive.

In order to prevent maintaining multiple policies, for example, when different occasions assume changing of several settings only, you may use policy profiles.

A policy profile is a named subset of policy settings values that replaces the settings values of a policy. A policy profile affects the effective settings formation on a managed device. Effective settings are a set of policy settings, policy profile settings, and local application settings that are currently applied for the device.

Policy profiles function according to the following rules:

• A policy profile takes an effect when a specific activation condition occurs.
• Policy profiles contain values of settings that differ from the policy settings.
• Activation of a policy profile changes the effective settings of the managed device.
• A policy can include a maximum of 100 policy profiles.

[Topic 165778]

Policy profiles

Sometimes it may be necessary to create several instances of a single policy for different administration groups; you might also want to modify the settings of those policies centrally. These instances might differ by only one or two settings. For example, all the accountants in an enterprise work under the same policy—but senior accountants are allowed to use flash drives, while junior accountants are not. In this case, applying policies to devices only through the hierarchy of administration groups can be inconvenient.

To help you avoid creating several instances of a single policy, Kaspersky Security Center Cloud Console enables you to create policy profiles. Policy profiles are necessary if you want devices within a single administration group to run under different policy settings.

A policy profile is a named subset of policy settings. This subset is distributed on target devices together with the policy, supplementing it under a specific condition called the profile activation condition. Profiles only contain settings that differ from the "basic" policy, which is active on the managed device. Activation of a profile modifies the settings of the "basic" policy that were initially active on the device. The modified settings take values that have been specified in the profile.

[Topic 3316]

How local application settings relate to policies

You can use policies to set identical values of the application settings for all devices in a group.

The values of the settings that a policy specifies can be redefined for individual devices in a group by using local application settings. You can set only the values of settings that the policy allows to be modified, that is, the unlocked settings.

The value of a setting that the application uses on a client device is defined by the lock position () for that setting in the policy:

• If a setting modification is locked, the same value (defined in the policy) is used on all client devices.
• If a setting modification is unlocked, the application uses a local setting value on each client device instead of the value specified in the policy. The setting can then be changed in the local application settings.

This means that, when a task is run on a client device, the application applies settings that have been defined in two different ways:

• By task settings and local application settings, if the setting is not locked against changes in the policy.
• By the group policy, if the setting is locked against changes.

Local application settings are changed after the policy is first applied in accordance with the policy settings.

[Topic 195258]

Application licensing

This section provides information related to the application licensing.

[Topic 180068]

Licensing of Kaspersky Security Center Cloud Console

Following this scenario, you can start using Kaspersky Security Center Cloud Console and managed security applications under a license.

Kaspersky Security Center Cloud Console enables you to perform centralized distribution of license keys for Kaspersky applications on client devices, monitor their use, and renew licenses.

If you are already using Kaspersky Security Center Cloud Console, you can visit Kaspersky Marketplace to view the entire range of Kaspersky business solutions, select the ones you need, and proceed to the purchase at the Kaspersky website.

Checking out the features of Kaspersky Security Center Cloud Console in the trial mode before purchasing a license

You can first to try Kaspersky Security Center Cloud Console for free. To do this, create a trial workspace which will terminate in 30 days. If you want a commercial workspace that you can use as long as you want, you will have to purchase a license.

Trial mode does not allow you to subsequently switch to commercial mode. Any trial workspace will be automatically deleted with all its contents when the 30-day period expires.

Stages

The scenario proceeds in stages:

1. Getting an activation code for licensing Kaspersky Security Center Cloud Console in the commercial mode. Purchasing a license (or licenses)

   Different licenses grant the usage of different Kaspersky applications and services, so you might want to purchase more than one license.

   Find out what licenses that you can purchase and the minimum number of devices for each license.

   Kaspersky Security Center Cloud Console comes as part of several Kaspersky solutions. Choose what solution you want to use and purchase a license for it. You will need to contact Kaspersky or one of Kaspersky partners with a special request if you want to purchase a license that covers 10,000 or more devices.

   Use the table to check which Vulnerability and patch management features are available under which license.

   If you want to use Kaspersky Security Center Cloud Console in a cloud environment such as Microsoft Azure, read about the licensing options for cloud environments.

   If you are a Manage Service Provider (MSP), read about licensing of Kaspersky Security Center Cloud Console for MSPs.

2. Activation of Kaspersky Security Center Cloud Console when creating the workspace

   You specify your license key to activate Kaspersky Security Center Cloud Console when creating a workspace.

   If you have more than one license key, specify any of them, and later you must add other license keys in Kaspersky Security Center Cloud Console to activate managed Kaspersky applications.

3. Adding license keys for managed applications to the Administration Server repository

   Before deployment of the license keys, you must add these license keys to the Administration Server repository.

   The license key that you specified when creating the workspace is automatically added to the Administration Server repository.

   If you have more than one license keys, add your license keys one by one to the Kaspersky Security Center Cloud Console Administration Server repository.

4. Deploying license keys for managed applications

   Choose a method of deployment of the license key (or license keys) to all the devices you want to protect:

   • Automatic deployment

     If you use different managed applications and you have to deploy a specific activation code for applications, choose another way of deploying that activation code.

     Kaspersky Security Center enables you to automatically deploy available license keys for managed applications. For example, three license keys are stored in the Administration Server repository. You have enabled the Automatically distribute license key to managed devices option for all three license keys. A Kaspersky security application—for example, Kaspersky Endpoint Security for Windows—is installed on the organization's devices. A new managed application on a device is discovered for which a license key must be deployed. For instance, two of the license keys from the repository can be deployed for the managed application on the device: license key named Key_1 and license key named Key_2. One of these license keys is deployed for the managed application. In this case, it cannot be predicted which of the two license keys will be deployed because automatic deployment of license keys does not provide for any administrator activity.

     When a license key is deployed, the number of installations is recounted for that license key. You must make sure that the number of applications for which the license key was deployed does not exceed the license limit. If the number of installations exceeds the license limit, all devices that were not covered by the license will be assigned Critical status.

     How-to instructions:

     • Adding a license key to the Administration Server repository
     • Automatic distribution of a license key
   • Deployment through the Add license key task for a managed application

     If you opt to use the Add license key task for a managed application, you can select the license key that must be deployed to devices, and then select the devices in any convenient way—for example, by selecting an administration group or a device selection.

     How-to instructions:

     • Adding a license key to the Administration Server repository
     • Deploying a license key to client devices
   • Adding an activation code or a key file manually to the devices

     You can activate the installed Kaspersky application locally, by using the tools provided in the application interface. Please refer to the documentation of the installed application.

5. Checking on which devices the managed Kaspersky applications are activated

   To make sure that the license keys are deployed correctly, view the list of the license keys that are used for an application.

6. Configuring events related to the license expiration

   Configure events so that you will be notified when your license keys are used up or about to expire:

   • Administration Server critical events
   • Administration Server functional failure events
   • Administration Server warning events
   • Administration Server informational events

[Topic 186413]

About the trial mode of Kaspersky Security Center Cloud Console

The trial mode is a special mode of Kaspersky Security Center Cloud Console intended to acquaint the user with the features of Kaspersky Security Center Cloud Console. In this mode, you can perform activities within a workspace whose validity period is limited to 30 days. The trial mode is activated automatically as soon as you create a trial workspace. The set of features available in trial mode is identical to the scope under the standard Kaspersky Endpoint Security for Business Advanced license.

In Kaspersky Security Center Cloud Console, you do not have to license the Administration Server, because the features that require a special license are not supported. If you want to use Kaspersky Security Center Cloud Console in trial mode, you automatically get a trial license when you create your first workspace.

Trial mode does not allow you to subsequently switch to commercial mode. Any trial workspace will be automatically deleted with all its contents when the 30-day period expires.

The following restrictions are imposed on the use of the Kaspersky Security Center Cloud Console features in trial mode:

• You cannot create a hierarchy of Administration Servers. No virtual Administration Servers can be created.
• The Licensing section is available as read-only. All operations are prohibited in this section, including the addition and removal of license keys.
• You cannot create custom installation packages.
• You cannot create custom roles for users.
• The Virus outbreak feature is not available. Virus outbreak events are not stored, and no notifications are sent.
• The Deleted objects repository is not available.
• You cannot enable the addition of batched events (those published in large quantities) to the database.
• Migration of Administration Servers from on-premises mode to Cloud Console mode is not supported.
• KSN statistical information from the Administration Server components, such as Administration Server or Network Agent, is not sent to Kaspersky.

Some limits are also imposed on creation of some objects of the application (see the table below). If any of these limits are exceeded when an attempt is made to create such an object, the object creation will be blocked, and an error message about the limit will be displayed.

Limitations on creation of Kaspersky Security Center Cloud Console objects in trial mode

[Topic 221110]

Using Kaspersky Marketplace to choose Kaspersky business solutions

Marketplace is a section in the main menu that enables you to view the entire range of Kaspersky business solutions, select the ones you need, and proceed to the purchase at the Kaspersky website. You can use filters to view only those solutions that fit your organization and the requirements for your information security system. When you select a solution, Kaspersky Security Center Cloud Console redirects you to the related webpage at the Kaspersky website to learn more about that solution. Each webpage enables you to proceed to the purchase or contains instructions on the purchase process.

In the Marketplace section, you can filter Kaspersky solutions by using the following criteria:

• Number of devices (endpoints, servers, and other types of assets) that you want to protect:
  • 50–250
  • 250–1000
  • More than 1000
• Maturity level of your organization's information security team:
  • Foundations

    This level is typical for enterprises that only have an IT team. The maximum possible number of threats is blocked automatically.

  • Optimum

    This level is typical for enterprises that have a specific IT security function within the IT team. At this level, companies require solutions that enable them to counter commodity threats and threats that circumvent existing preventive mechanisms.

  • Expert

    This level is typical for enterprises with complex and distributed IT environments. The IT security team is mature or the company has an SOC (Security Operations Center) team. The required solutions enable the companies to counter complex threats and targeted attacks.

• Types of assets that you want to protect:
  • Endpoints: workstations of employees, physical and virtual machines, embedded systems
  • Servers: physical and virtual servers
  • Cloud: public, private, or hybrid cloud environments; cloud services
  • Network: local area network, IT infrastructure
  • Service: security-related services provided by Kaspersky

To find and purchase a Kaspersky business solution:

1. In the main menu, go to Marketplace.

   By default, the section displays all available Kaspersky business solutions.

2. To view only those solutions that suit your organization, select the required values in the filters.
3. Click the solution that you want to purchase or you want to learn more about.

You will be redirected to the solution webpage. You can follow the on-screen instructions to proceed to the purchase.

[Topic 195507]

Licenses and the minimum number of devices for each license

If you want to use Kaspersky Security Center Cloud Console in commercial mode, you must purchase a license before creating your first workspace. The table below shows the licenses that you can purchase and the minimum number of devices for each license (even if you want to protect fewer devices):

Licenses that grant the usage of Kaspersky Security Center Cloud Console

The maximum devices per one workspace is 25,000. If you want to protect more than 10,000 devices, you need to create a separate workspace. To do this, send a request to Kaspersky Technical Support. This request must contain the following information:

• User Email—The email address of the user registered on Kaspersky Security Center Cloud Console. This user is granted administrator rights on the created workspace.

  After you create an account on Kaspersky Security Center Cloud Console, you do not have to register a company and create a workspace for it. Specify information about the company and the workspace in the request.

• Company Name—The name of the company in which you want to use Kaspersky Security Center Cloud Console.
• Company Country—The country in which the company is located.
• Workspace Name—The name of the workspace to be created for the company.
• Estimated Endpoints Count—The total number of client devices (including mobile devices) that you want to protect in the new workspace.
• Workspace Country—The country in which you want to locate your new workspace. This parameter affects the selection of the data center to store the workspace.

  The Company Country and Workspace Country parameters may be the same.

• Activation Code—The activation code that you receive after you have purchased Kaspersky Security Center Cloud Console. Make sure that the license you want to buy covers all client devices that must be protected.

After you send the request, Kaspersky specialists register the specified company and create a workspace for it. When the workspace creation is completed, you will receive an email notification. You can log in to your account on Kaspersky Security Center Cloud Console to view the result.

[Topic 138255]

Events of the licensing limit exceeded

Kaspersky Security Center Cloud Console allows you to get information about events when some licensing limits are exceeded by Kaspersky applications installed on client devices.

The importance level of such events when a licensing limit is exceeded is defined according to the following rules:

• If the currently used units covered by a single license constitute 90% to 100% of the total number of units covered by the license, the event is published with the Info importance level.
• If the currently used units covered by a single license constitute 100% to 110% of the total number of units covered by the license, the event is published with the Warning importance level.
• If the number of currently used units covered by a single license exceeds 110% of the total number of units covered by the license, the event is published with the Critical event importance level.

[Topic 223114]

Methods of distribution of the activation codes to the managed devices

The Kaspersky applications installed on managed devices must be licensed by applying an activation code to each of the applications. You cannot use key files for licensing of managed applications; only activation codes are accepted. An activation code can be deployed in the following ways:

• Automatic deployment
• The Add license key task for a managed application
• Manual activation of a managed application

Kaspersky applications can use more than one license key at the same time. For example, Kaspersky Endpoint Security for Windows can use two license keys—one for Kaspersky Endpoint Security for Windows and one for activation of the Endpoint Detection and Response functions.

In addition, Kaspersky applications can have not only an active license key, but also a reserve license key. A Kaspersky application uses an active key at the current moment and stores a reserve key to apply after the active key expires. You can add a new active or reserve license key by any of the methods listed above. The application for which you add a license key defines whether the key is active or reserve. The key definition does not depend on the method that you use to add a new license key.

[Topic 179952]

Adding a license key to the Administration Server repository

When adding a license key using Kaspersky Security Center Cloud Console, the settings of the license key are saved on the Administration Server. Based on this information, the application generates a license key usage report and notifies the administrator of license expirations and violation of license restrictions that are set in the properties of license keys. You can configure notifications of the use of license keys within the Administration Server settings.

To add a license key to the Administration Server repository:

1. In the main menu, go to Operations → Licensing → Kaspersky licenses.
2. Click the Add button.
3. Specify the activation code in the text field and click the Send button.
4. Click the Close button.

The license key or several license keys are added to the Administration Server repository.

[Topic 179954]

Deploying a license key to client devices

Kaspersky Security Center Cloud Console allows you to distribute a license key to client devices automatically or through the Application activation task. You can use the task to distribute keys to a specific device group. During distribution of a license key via the task, the licensing limit on the number of devices is not taken into account. Use the automatic key distribution to cease distribution of a license key automatically when the licensing limit is reached.

If you enable automatic distribution of a license key, do not create an Application activation task to distribute that key to client devices. Otherwise, the load on the Administration Server will increase due to frequent synchronization.

Before deployment, add the license key to the Administration Server repository.

To distribute a license key to client devices through the Application activation task:

1. In the main menu, go to Assets (Devices) → Tasks.
2. Click Add.

   The New task wizard starts. Proceed through the wizard by using the Next button.

3. In the Application drop-down list, select the application for which you want to add a license key.
4. In the Task type list, select the Application activation task.
5. In the Task name field, specify the name of the new task.
6. Select the devices to which the task will be assigned.
7. At the Selecting a license key step of the wizard, click the Add key link to add the license key.
8. On the key adding pane, add the license key by using one of the following options:

   You need to add the license key only if you did not add it to the Administration Server repository prior to creating the Application activation task.

   • Select the Enter activation code option to enter an activation code, and then do the following:
     1. Specify the activation code, and then click the Send button.

        Information about the license key appears in the key adding pane.

     2. Click the Save button.

        If you want to distribute the license key to managed devices automatically, enable the Automatically distribute license key to managed devices option.

        The key adding pane closes.

   • Select the Add key file option to add a key file, and then do the following:
     1. Click the Select key file button.
     2. In the window that opens, select a key file, and then click the Open button.

        Information about the license key appears in the license key adding pane.

     3. Click the Save button.

        If you want to distribute the license key to managed devices automatically, enable the Automatically distribute license key to managed devices option.

        The key adding pane closes.

9. Select the license key in the table of keys.
10. At the License information step of the wizard, clear the default Use as a reserve key check box if you want to replace the active license key.

    For example, this is needed when the organization changes, and another organization's key is required on the device; or if the key was reissued, and a new license expires earlier than the current license. To avoid errors, you have to clear the Use as a reserve key check box.

    If you want to find out more information about the issues that may occur when adding a license key to Kaspersky Security Center and the ways to resolve them, refer to the Kaspersky Security Center Knowledge Base.

11. At the Finish task creation step of the wizard, enable the Open task details when creation is complete option to modify the default task settings.

    If you do not enable this option, the task will be created with the default settings. You can modify the default settings later.

12. Click the Finish button.

    The wizard creates the task. If you enabled the Open task details when creation is complete option, the task properties window automatically opens. In this window, you can specify the general task settings and, if required, change the settings specified during task creation.

    You can also open the task properties window by clicking the name of the created task in the list of tasks.

    The task is created, configured, and displayed in the list of tasks.

13. To run the task, select it in the task list, and then click the Start button.

    You can also set a task start schedule on the Schedule tab of the task properties window.

    For a detailed description of scheduled start settings, refer to the general task settings.

After the task is completed, the license key is deployed to the selected devices.

[Topic 180049]

Automatic distribution of a license key

Kaspersky Security Center Cloud Console allows automatic distribution of license keys to managed devices if they are located in the license keys repository on the Administration Server.

To distribute a license key to managed devices automatically:

1. In the main menu, go to Operations → Licensing → Kaspersky licenses.
2. Click the name of the license key that you want to distribute to devices automatically.
3. In the license key properties window that opens, switch the toggle button to Automatically distribute license key to managed devices.
4. Click the Save button.

The license key will be automatically distributed to all compatible devices.

License key distribution is performed by means of Network Agent. No license key distribution tasks are created for the application.

During automatic distribution of a license key, the licensing limit on the number of devices is taken into account. The licensing limit is set in the properties of the license key. If the licensing limit is reached, distribution of this license key on devices ceases automatically.

Note that an automatically distributed license key may not be displayed in the virtual Administration Server repository in the following cases:

• The license key is not valid for the application.
• The virtual Administration Server does not have managed devices.
• The license key has already been used for devices managed by another virtual Administration Server and the limit on the number of devices has been reached.

If you specify the Automatically distribute license key to managed devices option for a subscription license key for activating any application on a managed device, and at the same time you have an active trial license key, then your trial license key will be automatically replaced by the subscription license key eight days before the expiration date.

[Topic 180055]

Viewing information about license keys in use in the Administration Server repository

To view the list of the license keys added to the Administration Server repository,

In the main menu, go to Operations → Licensing → Kaspersky licenses.

The displayed list contains the activation codes added to the Administration Server repository.

To view detailed information about a license key:

1. In the main menu, go to Operations → Licensing → Kaspersky licenses.
2. Click the name of the required license key.

In the license key properties window that opens, you can view:

• On the General tab—The main information about the license key
• On the Devices tab—The list of client devices where the license key was used for activation of the installed Kaspersky application

[Topic 222233]

Viewing information about the license keys used for a specific Kaspersky application

To learn what license keys are in use for a Kaspersky application:

1. In the main menu, go to Assets (Devices) → Managed devices.

   If the device belongs to the Unassigned devices group, go to Discovery & deployment → Unassigned devices instead.

2. Click the name of the required device.
3. In the device properties window that opens, select the Applications section.
4. In the list of applications that opens, select the application whose license keys you want to view.
5. In the application properties window that opens, on the General tab, select the License keys section.

   The information is displayed in the workspace of this section.

[Topic 180115]

Deleting a license key from the repository

You can delete a license key from the Administration Server repository. Note that Kaspersky Security Center Cloud Console automatically deletes your workspace after 90 days in the following cases:

• You delete the last license key (active, reserve, or not in use) added manually in the repository.
• The last license key expires.

If your workspace is deleted, you cannot manage the protection of your network by means of Kaspersky Security Center Cloud Console. You also permanently lose your data from Kaspersky Security Center Cloud Console. If necessary, you can delete your workspace manually. Otherwise, we recommend that you keep at least one license key in the Administration Server repository.

If you delete a license key and you added a reserve license key earlier, the reserve license key automatically becomes the active license key after the former active key is deleted or expired.

When you delete the active license key that is deployed to a managed device, the application will continue working on the managed device.

To delete a license key from the Administration Server repository:

1. Check that Administration Server does not use a license key that you want to delete. If the Administration Server does, you cannot delete the key. To perform the check:
   1. In the main menu, click the settings icon () next to the Administration Server.

      The Administration Server properties window opens.

   2. On the General tab, select the License keys section.
   3. If the required license key is displayed in the section that opens, click the Remove active license key button, and then confirm the operation. After that, the Administration Server does not use the deleted license key, but the key remains in the Administration Server repository. If the required license key is not displayed, the Administration Server does not use it.
2. In the main menu, go to Operations → Licensing → Kaspersky licenses.
3. Select the required license key, and then click the Delete button.
4. In the window that appears, select the I understand the risk and want to remove the license key check box. This means that if you delete the last license key, you are aware of the subsequent deletion of the workspace and loss of control over the managed devices. Next, click the Remove button.

As a result, the selected license key is deleted from the repository.

You can add a deleted license key again or add a new one. If you deleted the last license key, you can also add a license key as long as your workspace is not deleted. Kaspersky Security Center Cloud Console notifies administrators of the workspace 30 days, 7 days, and 1 day prior to deletion.

[Topic 195469]

Viewing the list of devices where a Kaspersky application is not activated

You can view the list of all the devices on which a Kaspersky application is installed but not activated (for example, a license is missing or has expired).

To view the devices where a Kaspersky application is not activated:

1. In the main menu, go to Assets (Devices) → Tasks.

   The list of tasks is displayed.

2. Click the name of the Update task related to the Kaspersky application in question.

   The task properties window is displayed with several named tabs.

3. In the task properties window, select the Results section.

   In the Device or secondary Server column are displayed the devices on which the task was successful.

4. Sort the Device or secondary Server column.

   In the Device or secondary Server column are displayed the devices on which the task was successful. The devices where the task failed because of a missing license are devices where the application is not activated.

[Topic 199089]

Revoking consent with an End User License Agreement

If you decide to stop protecting some of your client devices, you can revoke the End User License Agreement (EULA) for any managed Kaspersky application. You must uninstall the selected application and its installation packages before revoking its EULA. The installation packages must be deleted from the Administration Server and its virtual Administration Servers.

The EULAs that were accepted on a virtual Administration Server can be revoked on the virtual Administration Server or on the primary Administration Server. The EULAs that were accepted on a primary Administration Server can be revoked only on the primary Administration Server.

To revoke a EULA for managed Kaspersky applications:

1. In the main menu, click the settings icon () next to the name of the required Administration Server.

   The Administration Server properties window opens.

2. On the General tab of the Administration Server properties window, select the End User License Agreements section.

   A list of EULAs—accepted upon creation of installation packages or at the seamless installation of updates—is displayed.

3. In the list, select the EULA that you want to revoke.

   You can view the following properties of the EULA:

   • Date when the EULA was accepted
   • Name of the user who accepted the EULA
   • Whether or not the EULA can be revoked
4. Click the acceptance date of any EULA to open its properties window that displays the following data:
   • Name of the user who accepted the EULA
   • Date when the EULA was accepted
   • Unique identifier (UID) of the EULA
   • Full text of the EULA
   • List of objects (installation packages, seamless updates) linked to the EULA, and their respective names and types
5. In the lower part of the EULA properties window, click the Revoke License Agreement button.

   If the selected EULA can be revoked only by uninstalling the application or if this EULA can be revoked only on the primary Administration Server, a notification about this restriction is displayed instead of the Revoke License Agreement button.

   If there exist any objects (installation packages and their respective tasks) that prevent the EULA from being revoked, the notification about it is displayed. You cannot proceed with revocation until you delete these objects.

   In the window that opens, you are informed that you must first uninstall the Kaspersky application corresponding to the EULA.

6. Click the button to confirm revocation.

The EULA is revoked. It is no longer displayed in the list of License Agreements in the End User License Agreements section. The EULA properties window closes; the application is no longer installed.

[Topic 214791]

Renewing licenses for Kaspersky applications

You can renew a Kaspersky application license that has expired or is about to expire (in less than 30 days).

If the last license key is expired, Kaspersky Security Center Cloud Console automatically deletes your workspace after 90 days. As a result, you cannot manage the protection of your network by means of Kaspersky Security Center Cloud Console. You also permanently lose your data from Kaspersky Security Center Cloud Console. We recommend that you renew outdated license keys or add new ones to the Administration Server repository to keep your workspace.

To view a notification about an expired license or a license that is about to expire:

1. Do either of the following:
   • In the main menu, go to Operations → Licensing → Kaspersky licenses.
   • In the main menu, go to Monitoring & reporting → Dashboard, and then click the View expiring licenses link next to a notification.

   The Kaspersky licenses window opens, where you can view and renew the expiring and expired licenses.

2. If you want to renew a license, click the Renew license link next to the required license.

   By clicking a license renewal link, you agree to transfer the following data to Kaspersky: software ID, software version, software localization, license ID, and an attribute that shows if the license was provided by a partner company. The data is required to determine the renewal terms of your license.

3. In the window of the license renewal service that opens follow the instructions to renew a license.

   The expiring license is renewed.

In Kaspersky Security Center Cloud Console, the notifications are displayed when a license is about to expire, according to the following schedule:

• 30 days before the expiration
• 7 days before the expiration
• 3 days before the expiration
• 24 hours before the expiration
• When a license has expired

[Topic 195207]

Use of Kaspersky Security Center Cloud Console after the license expiration

After the license expiration, Kaspersky might grant you the use of Kaspersky Security Center Cloud Console for up to 90 days without limitations. During this period, the Administration Server, Network Agent, and Kaspersky Security Center Cloud Console web interface work without limitations. Kaspersky Security Center Cloud Console also sends KSN statistics to Kaspersky in accordance with the current KSN access settings. The managed applications work with only limited functionality (for details, refer to the documentation for these applications).

When the license has been expired for 90 days, Kaspersky Security Center Cloud Console automatically deletes your workspace. If you want to keep the workspace, renew at least one expired license key or add a new one to the repository.

[Topic 200780]

Licensing definitions

This section contains definitions for concepts related to licensing of Kaspersky applications managed via Kaspersky Security Center Cloud Console.

[Topic 69240]

About the license

A license is a time-limited right to use Kaspersky Security Center Cloud Console, granted under the terms of the signed License Contract (End User License Agreement).

The scope of services and validity period depend on the license under which the application is used.

The following license types are provided:

• Trial

  A free license intended for trying out the application. A trial license usually has a short term.

  When a trial license expires, all Kaspersky Security Center Cloud Console features become disabled. To continue using the application, you need to purchase a commercial license.

  You can use the application under a trial license for only one trial period.

• Commercial

  A paid license.

  When a commercial license expires, key features of the application become disabled. To continue using Kaspersky Security Center Cloud Console, you must renew your commercial license. After a commercial license expires, you cannot continue using the application and must remove it from your device.

  We recommend renewing your license before it expires, to ensure uninterrupted protection against all security threats.

[Topic 73976]

About the license certificate

A license certificate is a document that you receive along with a key file or an activation code.

A license certificate contains the following information about the license provided:

• License key or order number
• Information about the user who has been granted the license
• Information about the application that can be activated under the license provided
• Limit of the number of licensing units (e.g., devices on which the application can be used under the license provided)
• License validity start date
• License expiration date or license term
• License type

[Topic 69295]

About the license key

A license key is a sequence of bits that you can apply to activate and then use the application in accordance with the terms of the End User License Agreement. License keys are generated by Kaspersky specialists.

You can add a license key to the application by entering an activation code. The license key is displayed in the application interface as a unique alphanumeric sequence after you add it to the application.

The license key may be blocked by Kaspersky in case the terms of the License Agreement have been violated. If the license key has been blocked, you need to add another one if you want to use the application.

A license key may be active or additional (or reserve).

An active license key is a license key that is currently used by the application. An active license key can be added for a trial or commercial license. The application cannot have more than one active license key.

An additional (or reserve) license key is a license key that entitles the user to use the application, but is not currently in use. The additional license key automatically becomes active when the license associated with the current active license key expires. An additional license key can be added only if an active license key has already been added.

A license key for a trial license can be added as an active license key. A license key for a trial license cannot be added as an additional license key.

[Topic 111091]

About the activation code

Activation code is a unique sequence of 20 alphanumeric characters. You enter an activation code to add a license key that activates Kaspersky Security Center Cloud Console. You receive the activation code through the email address that you specified after purchasing Kaspersky Security Center Cloud Console or after ordering the trial version of Kaspersky Security Center Cloud Console.

To activate the application by using the activation code, you need internet access to establish connection with Kaspersky activation servers. If access to the servers using system DNS is not possible, the application uses public DNS servers.

If the application was activated with an activation code, the application in some cases sends regular requests to Kaspersky activation servers in order to check the current status of the license key. You must provide the application internet access to make it possible to send requests.

If you have lost your activation code after installing the application, contact the Kaspersky partner from whom you purchased the license.

You cannot use key files for activating managed applications; only activation codes are accepted.

[Topic 91039]

About the subscription

Subscription to Kaspersky Security Center Cloud Console is an order for use of the application under the selected settings (subscription expiration date, number of protected devices). You can register your subscription to Kaspersky Security Center Cloud Console with your service provider (for example, your internet provider). A subscription can be renewed manually or in automatic mode; also, you can cancel it.

A subscription can be limited (for example, one-year) or unlimited (with no expiration date). To continue using Kaspersky Security Center Cloud Console after a limited subscription expires, you must renew it. An unlimited subscription is renewed automatically if it has been prepaid to the service provider in due dates.

When a limited subscription expires, you may be provided a grace period for renewal during which the application continues to function. The availability and duration of the grace period is defined by the service provider.

To use Kaspersky Security Center Cloud Console under subscription, you must apply the activation code received from the service provider.

You can apply a different activation code for Kaspersky Security Center Cloud Console only after your subscription expires or when you cancel it.

Depending on the service provider, the set of possible actions for subscription management may vary. The service provider might not provide a grace period for subscription renewal and so the application loses its functionality.

Activation codes purchased under subscription cannot be used for activating earlier versions of Kaspersky Security Center Cloud Console.

When the application is used under subscription, Kaspersky Security Center Cloud Console automatically attempts to access the activation server at specified time intervals until the subscription expires. If access to the server using system DNS is not possible, the application uses public DNS servers. You can renew your subscription on the service provider's website.

[Topic 175956]

Data provision

Kaspersky Security Center Cloud Console enables the user to identify and control devices (and the device owners) connected to Kaspersky Security Center Cloud Console, by means of the features of managed applications.

Data provision methods:

1. The User enters data in the Kaspersky Security Center Cloud Console interface.
2. Network Agent receives data from the device and transfers it to Administration Server.
3. Network Agent receives data retrieved by the Kaspersky managed application and transfers it to Administration Server. The list of data processed by Kaspersky managed applications is provided in the Help of the corresponding applications.
4. Data is transferred from secondary Administration Servers running on-premises.

Kaspersky Security Center Cloud Console automatically deletes workspaces 30 days after the trial license term expires, 90 days after the commercial license term expires.

After the license term expires, Kaspersky saves User's data related to alerts and incidents in the User's workspaces for 30 days.

Under the current license, the storage term for alerts and for incidents is 360 days. After this period, the older alerts and the older incidents are automatically deleted.

The final deletion of the data listed in this section may take up to 24 hours.

[Topic 195122]

Data sent to Kaspersky servers

Data sent during activation

When using the Activation Code to activate Software, in order to verify the legitimacy of using the software, the User agrees to periodically provide Kaspersky with the following information:

• Activation code
• Unique activation identifier for the current license

Kaspersky can also use this information to generate statistical information about the distribution and use of Kaspersky software.

Data sent during updating

Upon receipt of Updates from the Rightholder's update servers, in order to improve the quality of the update mechanism, the User agrees to periodically provide the following information to Kaspersky:

• Software ID received from the license
• Full version of the software
• Software license ID
• Software installation ID (PCID)
• ID of the software update startup

Kaspersky can also use this information to generate statistical information about the distribution and use of Kaspersky software.

Data for ensuring uninterrupted operation, efficient work, and verifying the legitimate use of Kaspersky Security Center Cloud Console

The following information can be used for the specified purpose:

• Names and versions of Kaspersky security applications connected to the workspace, as well as number of devices on which these security applications are installed.
• Number of devices with Kaspersky security applications installed that have been connected to all workspaces and distribution of these connected devices by type.
• Workspace identifier, company identifier, workspace country and region, and workspace creation date.
• Number of users in the workspace, date of the last authentication in the workspace.
• Details of the currently used license (license type, license limit on the number of devices, number of connected devices, and expiration date of the previously used license).

Data transferred when following the links in the interface of Kaspersky Security Center Cloud Console

Following the links in the Administration Console or Kaspersky Security Center Cloud Console, the User agrees to the automatic transfer of the following data:

• Kaspersky Security Center Cloud Console localization
• License ID
• Whether the license was purchased through a partner

The list of data provided via each link depends on the purpose and location of the link.

[Topic 195127]

Data necessary for the functioning of the workspace

Kaspersky Security Center Cloud Console processes the following data:

1. Details of devices detected on the organization's network

   Network Agent receives the data listed below from the networked devices and transfers it to Administration Server:

   1. Technical specifications of the detected device and its components required for device identification that have been received by means of network polling:
      • Active Directory polling:

        Active Directory devices: distinguished name of the device; Windows domain name received from the domain controller; device name in the Windows environment; NetBIOS domain name; DNS domain and DNS name of the device; Security Account Manager (SAM) account (name for logging in to the system used for support of clients and servers running earlier operating system versions, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager); distinguished name of the domain; distinguished names of the groups to which the device belongs; distinguished name of the user managing the device; and globally unique identifier (GUID) and parent GUID of the device.

        When the Active Directory network is polled, the following types of data are also processed for the purpose of displaying information about the managed infrastructure and use of this information by the user, for example, during protection deployment:

      • Active Directory organizational units: distinguished name of the organizational unit; distinguished name of the domain; GUID and parent GUID of the organizational unit.
      • Active Directory domains: Windows domain name received from the domain controller; DNS domain; GUID of the domain.
      • Active Directory users: display name of the user; distinguished name of the user; distinguished name of the domain; name of the user's organization; name of the department where the user works; distinguished name of another user acting as the user's manager; full name of the user; SAM account; Email address; alternate email address; main phone number; alternate phone number; mobile phone number; user's position name; distinguished names of the groups to which the user belongs; user globally unique identifier (GUID); user security identifier (SID) (unique binary value used to identify the user as a security principal); and user principal name (UPN)—internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, the UPN maps to the user email name.
      • Active Directory groups: distinguished name of the group; email address; distinguished name of the domain; SAM account; distinguished names of other groups to which the group belongs; SID group; group GUID.
   2. Samba domain polling:

      Samba devices: distinguished name of the device; domain name received from the domain controller; NetBIOS device name; NetBIOS domain name; DNS domain and DNS name of the device; Security Account Manager (SAM) account; distinguished name of the domain; distinguished names of the groups to which the device belongs; distinguished name of the user managing the device; globally unique identifier (GUID) and parent GUID of the device.

      • Samba organization units: distinguished name of the organizational unit; distinguished name of the domain; GUID and parent GUID of the organizational unit.
      • Samba domain: domain name received from the domain controller; DNS domain; GUID of the domain.
      • Samba users: display name of the user; distinguished name of the user; name of the user's organization; name of the department where the user works; distinguished name of another user acting as the user's manager; full name of the user; SAM account; Email address; alternate email address; main phone number; alternate phone number; mobile phone number; user's position name; distinguished names of the groups to which the user belongs; user globally unique identifier (GUID); user security identifier (SID) (unique binary value used to identify the user as a security principal); user principal name (UPN)—internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. By convention, the UPN maps to the user email name.
      • Samba groups: distinguished name of the group; email address; distinguished name of the domain; SAM account; distinguished names of other groups to which the group belongs; SID group; group GUID.
   3. Windows domain polling:
      • Name of the Windows domain or workgroup
      • Device NetBIOS name
      • DNS domain and DNS name of the device
      • Device name and description
      • Device visibility on the network
      • Device IP address
      • Device type (workstation, server, SQL Server, domain controller, etc.)
      • Type of operating system on the device
      • Version of the device operating system
      • Time the information about the device was last updated
      • Time the device was last visible on the network
   4. IP range polling:
      • Device IP address
      • Device DNS name or NetBIOS name
      • Device name and description
      • Device MAC address
      • Time the device was last visible on the network
2. Details of managed devices.

   Network Agent transfers the data listed below from the device to Administration Server. The user enters the display name and description of the device in the Kaspersky Security Center Cloud Console interface:

   1. Technical specifications of the managed device and its components required for device identification:
      • Display name (generated on the basis of the NetBIOS name, can be modified manually) and description of the device (entered manually)
      • Windows domain name and type (Windows NT domain / Windows workgroup)
      • Device name in the Windows environment
      • DNS domain and DNS name of the device
      • Device IP address
      • Device subnet mask
      • Device network location
      • Device MAC address
      • Device serial number (if available)
      • Type of operating system on the device
      • Whether the device is a virtual machine together with hypervisor type
      • Whether the device is a dynamic virtual machine as part of Virtual Desktop Infrastructure (VDI)
      • Device GUID
      • Network Agent instance ID
      • Network Agent installation ID
      • Network Agent permanent ID
   2. Other specifications of managed devices and their components required for audit of managed devices and for making decisions about whether specific patches and updates are applicable:
      • Windows Update Agent (WUA) status
      • Operating system architecture
      • Operating system vendor
      • Operating system build number
      • Operating system release ID
      • Operating system location folder
      • If the device is a virtual machine—the virtual machine type
      • Device response waiting time
      • Whether Network Agent is running in stand-alone mode
   3. Detailed information about activity on managed devices:
      • Date and time of the last update
      • Date and time the device was last visible on the network
      • Restart waiting status ("Restart is required.")
      • Time the device was turned on
   4. Details of device user accounts and their work sessions
   5. Distribution point operation statistics if the device is a distribution point:
      • Date and time the distribution point was created
      • Work folder name
      • Work folder size
      • Number of synchronizations with the Administration Server
      • Date and time the device last synchronized with the Administration Server
      • Number and total size of transferred files
      • Number and total size of files downloaded by clients
      • Volume of data downloaded by clients using Transmission Control Protocol (TCP)
      • Volume of data sent to clients using multicasting
      • Volume of data downloaded by clients using multicasting
      • Number of multicast distributions
      • Total volume of multicast distribution
      • Number of synchronizations with clients after the last synchronization with the Administration Server
   6. Name of the virtual Administration Server which manages the device
   7. Details of cloud devices:
      • Cloud Region
      • Virtual Private Cloud (VPC)
      • Cloud availability zone
      • Cloud subnet
      • Cloud placement group
   8. Details of mobile devices. The managed application transfers this data from the mobile device to Administration Server. The full list of data is available in the documentation of the managed application.
3. Details of Kaspersky applications installed on the device.

   The managed application transfers data from the device to Administration Server through Network Agent:

   1. Kaspersky managed applications and Kaspersky Security Center Cloud Console components installed on the device
   2. Settings of Kaspersky applications installed on the managed device:
      • Kaspersky application name and version
      • Status
      • Real-time protection status
      • Last device scan date and time
      • Number of threats detected
      • Number of objects that failed to be disinfected
      • Tasks for Kaspersky security application
      • Availability and status of the application components
      • Time of last update and version of anti-virus databases
      • Details of Kaspersky application settings
      • Information about the active license keys
      • Information about the reserve license keys
      • Application installation date
      • Application installation ID
   3. Application operation statistics: events related to changes in the status of Kaspersky application components on the managed device and to performance of tasks initiated by the application components
   4. Device status defined by the Kaspersky application
   5. Tags assigned by the Kaspersky application
   6. Set of installed and applicable updates for the Kaspersky application:
      • Display name, version, and language of the application
      • Internal name of the application
      • Application name and version from the registry key
      • Application installation folder
      • Patch version
      • List of installed application autopatches
      • Whether the application is supported by Kaspersky Security Center Cloud Console
      • Whether the application is installed on a cluster
   7. Details of data encryption errors on devices: error ID, time of occurrence, operation type (encryption/decryption), error description, file path, description of encryption rule, device ID, and user name
4. Events of Kaspersky Security Center Cloud Console components and Kaspersky managed applications.

   Network Agent transfers data from the device to Administration Server.

   The description of an event can contain the following data:

   1. Device name
   2. Device user name
   3. Name of the administrator who connected to the device remotely
   4. Name, version, and vendor of the application installed on the device
   5. Path to the application installation folder on the device
   6. Path to the file on the device and file name
   7. Application name and command-line parameters under which the application was run
   8. Patch name, patch file name, patch ID, level of the vulnerability fixed by the patch, description of the patch installation error
   9. Device IP address
   10. Device MAC address
   11. Device restart status
   12. Name of the task that published the event
   13. Whether the device switched to stand-alone mode and reason for switching
   14. Information about the security issue on the device: security issue type, security issue name, severity level, security issue description, security issue details transmitted by the Kaspersky application
   15. Size of free disk space on the device
   16. Whether the Kaspersky application is running in limited functionality mode, IDs of functional scopes
   17. Old and new value of the Kaspersky application setting
   18. Description of the error that occurred when the Kaspersky application or any of its components performed the operation
5. Settings of Kaspersky Security Center Cloud Console components and Kaspersky managed applications presented in policies and policy profiles.

   The user enters data in the Kaspersky Security Center Cloud Console interface.

6. Task settings of Kaspersky Security Center Cloud Console components and Kaspersky managed applications

   The user enters data in the Kaspersky Security Center Cloud Console interface.

7. Data processed by the Vulnerability and patch management feature.

   Network Agent transfers the data listed below from the device to Administration Server:

   1. Details of applications and patches installed on managed devices (Applications registry). Applications can be identified on the basis of information about executable files detected on managed devices by the Application Control feature:
      • Application/patch ID
      • Parent application ID (for a patch)
      • Application/patch name and version
      • Whether the application/patch is an .msi file of Windows Installer
      • Application/patch vendor
      • Localization language ID
      • Application/patch installation date
      • Application installation path
      • Technical Support website of application/patch vendor
      • Technical Support phone number
      • ID of the installed application instance
      • Comment
      • Uninstallation key
      • Key for installation in silent mode
      • Patch classification
      • Web address for additional information about the patch
      • Registry key of the application
      • Application build number
      • User SID
      • Operating system type (Windows, Unix)
   2. Information about the hardware detected on managed devices (Hardware registry):
      • Device ID
      • Device type (motherboard, CPU, RAM, mass storage device, video adapter, sound card, network interface controller, monitor, optical disc device)
      • Device name
      • Description
      • Vendor
      • Serial number
      • Revision
      • Information about the driver: developer, version, description, and release date
      • Information about BIOS: developer, version, serial number, and release date
      • Chipset
      • Clock rate
      • Number of CPU cores
      • Number of CPU threads
      • CPU platform
      • Storage device rotation speed
      • RAM: type, part number
      • Video memory
      • Sound card codec
   3. Details of vulnerabilities in third-party software detected on managed devices:
      • Vulnerability identifier
      • Vulnerability severity level (Warning, High, Critical)
      • Vulnerability type (Microsoft, third-party)
      • Web address of the page on which the vulnerability is described
      • Time the vulnerability entry was created
      • Vendor name
      • Localized vendor name
      • Vendor ID
      • Application name
      • Localized name of the application
      • Application installation code
      • Application version
      • Application localization language
      • List of CVE identifiers from the vulnerability description
      • Kaspersky protection technologies blocking the vulnerability (File Threat Protection, Behavior Detection, Web Threat Protection, Mail Threat Protection, Host Intrusion Prevention, ZETA Shield)
      • Path to the object file in which the vulnerability was detected
      • Vulnerability detection time
      • IDs of the Knowledge Base articles from the vulnerability description
      • IDs of the security bulletins from the vulnerability description
      • List of updates for the vulnerability
      • Whether an exploit exists for the vulnerability
      • Whether malware exists for the vulnerability
   4. Details of updates available for third-party applications installed on managed devices:
      • Application name and version
      • Vendor
      • Application localization language
      • Operating system
      • List of patches according to installation sequence
      • Original version of the application to which the patch is applied
      • Application version after patch installation
      • Patch ID
      • Build number
      • Installation flags
      • License Agreements for the patch
      • Whether the patch is a prerequisite for installation of other patches
      • List of required installed applications and their updates
      • Sources of information about the patch
      • Additional information about the patch (addresses of web pages)
      • Web address for patch download, file name, version, revision, and SHA256
   5. Details of Microsoft updates found by the WSUS feature:
      • Update revision number
      • Microsoft update type (Driver, Software, Category, Detectoid)
      • Update importance level according to the Microsoft Security Response Center (MSRC) bulletin (Low, Medium, High, Critical)
      • IDs of the MSRC bulletins related to the update
      • IDs of articles in the MSRC Knowledge Base
      • Update name (header)
      • Update description
      • Whether the update installer is interactive
      • Installation flags
      • Update classification (Critical Updates, Definition Updates, Drivers, Feature Packs, Security Updates, Service Packs, Tools, Update Rollups, Updates, Upgrade)
      • Information about the application to which the update is applied
      • End User License Agreement (EULA) ID
      • EULA text
      • Whether the EULA must be accepted for update installation
      • Information about the associated updates (ID and revision number)
      • Update ID (Global Microsoft Windows update identity)
      • IDs of the superseded updates
      • Whether the update is hidden
      • Whether the update is mandatory
      • Update installation status (Not applicable, Not assigned for installation, Assigned, Installing, Installed, Failed, Restart is required, Not assigned for installation (new version))
      • CVE IDs for the update
      • Company that released the update, or the "Company missing" value
   6. List of Microsoft updates found by the WSUS feature that must be installed on the device.
8. Information about executable files detected on managed devices by the Application Control feature (may be associated with information from the Applications registry). A full list of data is given in the section that describes data for devices managed through the corresponding application.

   The managed application transfers data from the device to Administration Server through Network Agent.

9. Information about files placed in Backup. A full list of data is given in the section that describes data for devices managed through the corresponding application.

   The managed application transfers data from the device to Administration Server through Network Agent.

10. Information about files requested by Kaspersky specialists for detailed analysis. A full list of data is given in the section that describes data for devices managed through the corresponding application.

    The managed application transfers data from the device to Administration Server through Network Agent.

11. Information about the status and triggering of Adaptive Anomaly Control rules. A full list of data is given in the section that describes data for devices managed through the corresponding application.

    The managed application transfers data from the device to Administration Server through Network Agent.

12. Information about devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Device Control feature. A full list of data is given in the section that describes data for devices managed through the corresponding application.

    The managed application transfers data from the device to Administration Server through Network Agent.

13. Data about alerts:
    • Date and time of the first telemetry event in the alert
    • Date and time of the last telemetry event in the alert
    • Name of the triggered rule (the User enters this in the Kaspersky Security Center Cloud Console interface)
    • Alert status
    • Resolution (False Positive, True Positive, Low Priority)
    • ID and name of the user who is assigned for the alert
    • Unique ID in the Kaspersky Security Center Cloud Console database and the name of the device related to the events that are alert sources
    • SID and name of the user of the device related to the events that are alert sources
    • Observables, that is, observable data related to the events that are alert sources:
      • IP address
      • MD5 hash sum of the file and file path
      • Web address
      • Domain
    • Additional details of the object related to the alert (received from the application)
    • Comments to the alert:
      • Date and time when the comment was added
      • User who added the comment
      • Text of the comment
    • Alert changelog:
      • Date and time of the change
      • User who performed the change
      • Change description
14. Data about security issues:
    • Date and time of the first event in the security issue
    • Date and time of the last event in the security issue
    • Security issue name (the user enters this in the Kaspersky Security Center Cloud Console interface)
    • Brief description of the security issue
    • Security issue priority
    • Security issue status
    • ID and name of the user assigned for the security issue
    • Resolution (False Positive, True Positive, Low Priority, Merged)
    • Comment to the security issue:
      • Date and time when the comment was added
      • User who added the comment
      • Text of the comment
    • Security issue changelog:
      • Date and time of the change
      • User who performed the change
      • Change description
15. Data processed by the data encryption feature of Kaspersky applications.

    The managed application transfers the data listed below from the device to Administration Server through Network Agent. The user enters the description of the drive in the Kaspersky Security Center Cloud Console interface:

    1. List of drives on the devices:
       • Drive name
       • Encryption status
       • Drive type (boot drive, disk drive)
       • Drive serial number
       • Description
    2. Details of data encryption errors on the devices:
       • Date and time when the error occurred
       • Operation type (encryption, decryption)
       • Error description
       • File path
       • Rule description
       • Device ID
       • User name
       • Error ID
    3. Data encryption settings of the Kaspersky application.

       A full list of data is given in the section that describes data for devices managed through the corresponding application.

16. Details of the entered activation codes.

    The User enters data in the Kaspersky Security Center Cloud Console interface.

17. User accounts.

    The User enters the data listed below in the Kaspersky Security Center Cloud Console interface:

    1. Name
    2. Description
    3. Full name
    4. Email address
    5. Main phone number
    6. Password
    7. One-time security code for two-step verification
18. Data required for user authentication using Active Directory:
    1. Active Directory Federation Services (ADFS) settings:
       • Main URL of the authentication provider
       • Trusted root certificates for ADFS
       • Client ID generated in ADFS
       • Secret key for protection of access to ADFS
       • Scope of the tokens
       • Active Directory domain with which the integration is performed
       • Name of the token field containing the user SID
       • Name of the token field containing the array of SIDs of the user's groups

       The User enters data in the Kaspersky Security Center Cloud Console interface.

19. Data required to authenticate users by using Microsoft Entra ID.
    1. Microsoft Entra ID integration settings:
       • ID of the Microsoft Entra ID tenant
       • Client ID generated in the Microsoft Entra ID tenant
       • Client secret created in the Microsoft Entra ID tenant

    The user enters data in the Kaspersky Security Center Cloud Console interface.

    1. Data about users and groups in the Microsoft Entra ID tenant, which Kaspersky Security Center Cloud Console receives as a result of the Microsoft Entra ID polling:
       • Data about users in the Microsoft Entra ID tenant: user object identifier; user security identifier; user display name; name of the user's organization; name of the department in which the user works; user position; email address; primary phone number; mobile phone number; user login; names of groups to which the user belongs.
       • Data about users created in Microsoft Entra ID as a result of synchronization with on-premises Active Directory: user security identifier in on-premises Active Directory; domain name in on-premises Active Directory; user login in on-premises Active Directory; SAM account of the user in on-premises Active Directory; distinguished user name in on-premises Active Directory.
       • Data about groups in the Microsoft Entra ID tenant: group object identifier; group security identifier; group display name; email address; names of other groups to which the group belongs.
       • Data about groups created in Microsoft Entra ID as a result of synchronization with on-premises Active Directory: the security identifier of the group in on-premises Active Directory; SAM account of the group in on-premises Active Directory.
20. Revision history of management objects: Administration Server, Administration group, Policy, Task, User / security group, Installation package.
    1. The User enters the data listed below in the Kaspersky Security Center Cloud Console interface:
       • Administration Server
       • Administration group
       • Policy
       • Task
       • User / Security group
       • Installation package
    2. IP address of the device on which the User created a revision. Administration Server detects the IP address automatically.
21. Registry of deleted management objects.

    The User enters data in the Kaspersky Security Center Cloud Console interface.

22. Installation packages created from the file, as well as installation settings.

    The User enters data in the Kaspersky Security Center Cloud Console interface.

23. Data required for the display of Kaspersky announcements in Kaspersky Security Center Cloud Console:
    1. Information about managed Kaspersky applications used by the User: application ID, full version number.
    2. The User's localization of the Kaspersky Security Center Cloud Console interface.
    3. Information about the activation of the Software on the Device: Software license ID; Software license term; Software license expiration date and time; type of Software license used; Software subscription type; Software subscription expiration date and time; current status of the Software subscription; reason of current/changing status of Software subscription; ID of the price list item through which the Software license was purchased.
    4. Information about the legal agreement accepted by the User while using the Software: type of the legal agreement; version of the legal agreement; flag indicating whether the user has accepted the terms of the legal agreement.
    5. Information about the announcements received from the Rightholder: announcement ID; time of receipt of the announcement; status of receiving the announcement.

    The User enters data in the Kaspersky Security Center Cloud Console interface.

24. Kaspersky Security Center Cloud Console user settings.

    The User enters the data listed below in the Kaspersky Security Center Cloud Console interface:

    1. User interface localization language
    2. User interface theme
    3. Display settings of the monitoring panel
    4. Information about the status of notifications: Already read / Not yet read
    5. Status of columns in spreadsheets: Show/Hide
    6. Tutorial progress
25. Data received when using the Remote diagnostics feature on a managed device: trace files, system information, details of Kaspersky applications installed on the device, dump files, log files, results of running diagnostic scripts received from Technical Support.
26. Data that the User enters in the Kaspersky Security Center Cloud Console interface:
    1. Administration group name when creating a hierarchy of administration groups
    2. Email address when configuring email notifications
    3. Tags for devices and tagging rules
    4. Tags for applications
    5. User categories of applications
    6. Role name when assigning a role to a user
    7. Information about subnets: subnet name, description, address, and mask
    8. Settings of reports and selections
    9. Any other data entered by the User
27. Data received from a secondary Administration Server deployed on-premises.

    The data processed by the Kaspersky Security Center Administration Server is described in Kaspersky Security Center Online Help.

    When connecting a Kaspersky Security Center Administration Server deployed on-premises as a secondary in relation to Kaspersky Security Center Cloud Console, Kaspersky Security Center Cloud Console processes the following types of data from the secondary Administration Server:

    1. Information about the devices on the organization's network received as a result of device discovery in the Active Directory network or Windows network, or through scanning of IP intervals
    2. Information about the Active Directory organizational units, domains, users, and groups received as a result of Active Directory network polling
    3. Information about managed devices, their technical specifications, including those required for device identification, accounts of device users and their working sessions
    4. Information about mobile devices transferred by using the Exchange ActiveSync protocol
    5. Information about mobile devices transferred by using the iOS MDM protocol
    6. Details of Kaspersky applications installed on the device: settings, operation statistics, device status defined by the application, installed and applicable updates, tags
    7. Information transferred with event settings from Kaspersky Security Center components and Kaspersky managed applications
    8. Settings of Kaspersky Security Center components and Kaspersky managed applications presented in policies and policy profiles
    9. Task settings of Kaspersky Security Center components and Kaspersky managed applications
    10. Data processed by the Vulnerability and patch management feature: details of applications and patches; information about the hardware; details of vulnerabilities in third-party software detected on managed devices; details of updates available for third-party applications; details of Microsoft updates found by the WSUS feature
    11. User categories of applications
    12. Details of executable files detected on managed devices by the Application Control feature
    13. Details of files placed in Backup
    14. Details of files placed in Quarantine
    15. Details of files requested by Kaspersky specialists for detailed analysis
    16. Information about the status and triggering of Adaptive Anomaly Control rules
    17. Details of devices (memory units, information transfer tools, information hardcopy tools, and connection buses) installed or connected to the managed device and detected by the Application Control feature
    18. Encryption settings of the Kaspersky application: repository of encryption keys, device encryption status
    19. Information about the errors of data encryption performed on devices using the Data encryption feature of Kaspersky applications
    20. List of managed programmable logic controllers (PLCs)
    21. Details of the entered activation codes
    22. User accounts
    23. Revision history of management objects
    24. Registry of deleted management objects
    25. Installation packages created from the file, as well as installation settings
    26. Kaspersky Security Center Web Console user settings
    27. Any data that the user enters in the Administration Console or Kaspersky Security Center Cloud Console interface
    28. Certificate for secure connection of managed devices to the Kaspersky Security Center components
28. Information uploaded from the managed device when using the Remote Diagnostics feature: diagnostic files (dump files, log files, trace files, etc.) and data contained in those files.
29. Data required for Kaspersky Security Center Cloud Console integration with an SIEM system for event export:
    • Data required for connection and authentication:
      • SIEM system connection address and port
      • SIEM server authentication certificate
      • Trusted certificate and private key for client authentication of Kaspersky Security Center Cloud Console in the SIEM system

      The User enters data in the Kaspersky Security Center Cloud Console interface.

    • Data that Kaspersky Security Center Cloud Console receives from the SIEM system: public key of the SIEM server certificate for the SIEM server authentication.
30. Data required for Kaspersky Security Center Cloud Console interaction with cloud environment:
    1. Amazon Web Services (AWS):
       • Access key ID of the IAM user account
       • Secret key of the IAM user account
    2. Microsoft Azure:
       • Azure Application ID
       • Azure subscription ID
       • Azure Application password
       • Account name for Azure repository
       • Account access key for Azure repository
    3. Google Cloud:
       • Google client email
       • Project ID
       • Private key

       The User enters data in the Kaspersky Security Center Cloud Console interface.

31. Data transferred by an unsupported Kaspersky application

    When you install Network Agent on a device that has a Kaspersky application installed but not supported by Kaspersky Security Center Cloud Console, this Kaspersky application will still transfer data to Kaspersky Security Center Cloud Console. (The list of data is provided in the "About data provision" section of the Help system of the application.) However, Kaspersky Security Center Cloud Console will not be able to process the data transferred by the unsupported application in the way that the process is described for the main functionality of Kaspersky Security Center Cloud Console.

    The list of supported Kaspersky applications is presented in Kaspersky Security Center Cloud Console Online Help.

32. Statistical information about user attempts to gain access to cloud services.

    A managed application transfers data from the device to Administration Server through Network Agent. For the full list of transferred data, refer to Help of the managed application.

33. Data for creating a threat development chain.

    A managed application transfers data from the device to Administration Server through Network Agent. For the full list of transferred data, refer to Help of the managed application.

34. Data required for integration of Kaspersky Security Center with the Kaspersky Managed Detection and Response service.

    Token for the integration initiation, integration token, and user session token. The User enters the token to initiate the integration in the Kaspersky Security Center Cloud Console interface. The Kaspersky Managed Detection and Response service transfers both the integration token and user session token through the MDR plug-in.

[Topic 195128]

Data necessary for the functioning of managed applications

The following managed applications transfer data from the device to Administration Server through Network Agent:

• Kaspersky Endpoint Security for Windows
• Kaspersky Endpoint Security for Linux
• Kaspersky Endpoint Security for Mac
• Kaspersky Endpoint Agent
• Kaspersky Security for Windows Server
• Kaspersky Security for Mobile
• Kaspersky Embedded Systems Security for Windows
• Kaspersky Embedded Systems Security for Linux

The list of processed data is published at https://ksc.kaspersky.com/Home/LegalDocuments, in the Kaspersky Security Center Cloud Console Data Processing Agreement. On the legal documents webpage, find the text block named Kaspersky Security Center Cloud Console Agreement, and then scroll down the text block to the Data for devices managed through the relevant managed application. You can also use your browser's standard Find function with the same purpose.

[Topic 195132]

User data processed locally

The only Kaspersky Security Center component that can be deployed locally in a Kaspersky Security Center Cloud Console is Network Agent.

User data list processed locally:

• All data listed in the User Data section processed within the framework and infrastructure of Kaspersky, except for data that the administrator enters through the Kaspersky Security Center Cloud Console interface
• Kaspersky Event Log of Network Agent
• Traces of Network Agent
• Logs, including logs created by the Network Agent installer, Kaspersky Security Center utilities

The dump, log, and trace files of Network Agent contain random data and may contain personal data. Files are stored unencrypted on the device on which Network Agent is installed. Files are not transferred to Kaspersky automatically. The user can transfer this data to Kaspersky manually at the request of the Technical Support to solve problems in the operation of Kaspersky Security Center.

[Topic 179583]

About legal documents of Kaspersky Security Center Cloud Console

To use Kaspersky Security Center Cloud Console, you must read and express your agreement with the terms and conditions of the legal documents specified on the Kaspersky Security Center Cloud Console website. You can view the terms and conditions of AO Kaspersky Lab Privacy Policy for websites when you sign in to Kaspersky Security Center Cloud Console to manage a workspace. You can read Kaspersky Security Center Cloud Console Agreement and Kaspersky Security Center Cloud Console Data Processing Agreement when you create a company workspace.

Please carefully read the texts of all the legal documents before you start using Kaspersky Security Center Cloud Console.

End User License Agreement for Kaspersky applications

The End User License Agreement (hereinafter also referred to as License Agreement or EULA) is a binding agreement between you and AO Kaspersky Lab stipulating the terms under which you may use the Kaspersky applications.

You can view the terms of the End User License Agreement by using the following methods:

• In the window which is displayed during Kaspersky application installation package creation.
• In the license.txt file, in the Kaspersky application installation folder, on the managed device.

You can revoke your acceptance of the End User License Agreement at any time.

If you do not accept the terms of the License Agreement for a Kaspersky application, you cannot use this application.

[Topic 245736]

Hardening Guide

Kaspersky Security Center Cloud Console is an application hosted and maintained by Kaspersky. You do not have to install Kaspersky Security Center Cloud Console on your computer or server. Kaspersky Security Center Cloud Console enables the administrator to install Kaspersky security applications on devices on a corporate network, remotely run scan and update tasks, and manage the security policies of managed applications.

Kaspersky Security Center Cloud Console is designed for centralized execution of basic administration and maintenance tasks on an organization's network. The application provides the administrator access to detailed information about the organization's network security level. Kaspersky Security Center Cloud Console allows you to configure all components of protection built by using Kaspersky applications.

Kaspersky Security Center Cloud Console has full access to protection management of client devices and is the most important component of the organization's security system. Therefore, increased protection methods are required for Kaspersky Security Center Cloud Console.

The Hardening Guide describes recommendations and features of configuring Kaspersky Security Center Cloud Console and its components, aimed to reduce the risks of its compromise.

The Hardening Guide contains the following information:

• Configuring accounts to access Kaspersky Security Center Cloud Console
• Managing protection of client devices
• Configuring protection for managed applications
• Transferring information to third-party applications

Before you start to work with Kaspersky Security Center Cloud Console, you will be prompted to read the brief version of the Hardening Guide.

Note that you cannot use Kaspersky Security Center Cloud Console until you confirm that you have read the Hardening Guide.

To read the Hardening Guide:

1. Open Kaspersky Security Center Cloud Console and log in to it. Kaspersky Security Center Cloud Console checks whether you have confirmed reading the current version of the Hardening Guide.

   If you have not yet read the Hardening Guide, a window opens and displays a brief version of it.

2. Do one of the following:
   • If you want to view the brief version of the Hardening Guide as a text document, click the Open in new window link.
   • If you want to view the full version of the Hardening Guide, click the Open the Hardening guide in Online Help link.
3. After you read the Hardening Guide, select the I confirm that I have fully read and understand the Hardening guide check box, and then click the Accept button.

Now, you can work with Kaspersky Security Center Cloud Console.

When a new version of the Hardening Guide appears, Kaspersky Security Center Cloud Console will prompt you to read it.

[Topic 245772]

Planning Kaspersky Security Center Cloud Console architecture

In general, the choice of a centralized management architecture depends on the location of protected devices, access from adjacent networks, delivery schemes of database updates, and so on.

At the initial stage of architecture development, we recommend getting acquainted with the Kaspersky Security Center Cloud Console components and their interaction with each other, as well as with schemas for data traffic and port usage.

Based on this information, you can form an architecture that specifies:

• Organization of the administrator's workspaces, and methods of connecting to Kaspersky Security Center Cloud Console
• Deployment methods for Network Agent and protection software
• Using distribution points
• Using virtual Administration Servers
• Using a hierarchy of Administration Servers
• Anti-virus database update scheme
• Other information flows

[Topic 245774]

Accounts and authentication

Using two-step verification with Kaspersky Security Center Cloud Console

Kaspersky Security Center Cloud Console provides two-step verification for users.

Two-step verification can help you increase the security of your account in Kaspersky Security Center Cloud Console. When this feature is enabled, every time you sign in to Kaspersky Security Center Cloud Console with your email address and password, you enter an additional one-time security code. You can receive a one-time security code by SMS or by generating this code in your authenticator app (depending on the two-step verification method that you set up).

We strongly do not recommend installing the authenticator app on the same device from which the connection to Kaspersky Security Center Cloud Console is established. You can install an authenticator app on your mobile device.

Prohibition on saving the administrator password

If you use Kaspersky Security Center Cloud Console, we strongly do not recommend saving the administrator password in the browser installed on the user device.

If the browser is compromised, an intruder can gain access to the saved passwords. Also, if a user device with saved passwords is stolen or lost, an intruder can gain access to protected data.

Restricting the Main Administrator role membership

We recommend restricting the Main Administrator role membership.

By default, after a user creates a workspace, the Main Administrator role is assigned to this user. It is useful for management, but it is critical from a security point of view, because the Main Administrator role has an extensive range of privileges. The assignment of this role to users should be strictly regulated.

You can use the predefined user roles with a preconfigured set of rights to administer Kaspersky Security Center Cloud Console.

Configuring access rights to application features

We recommend using flexible configuration of access rights to the features of Kaspersky Security Center Cloud Console for each user or group of users.

Role-based access control allows the creation of standard user roles with a predefined set of rights and the assignment of those roles to users depending on their scope of duties.

The main advantages of the role-based access control model:

• Ease of administration
• Role hierarchy
• Least privilege approach
• Segregation of duties

You can assign built-in roles to certain employees based on their positions, or create completely new roles.

While configuring roles, pay attention to the privileges associated with changing the protection state of the Administration Server device and remote installation of third-party software:

• Managing administration groups.
• Operations with Administration Server.
• Remote installation.
• Changing the parameters for storing events and sending notifications.

  This privilege allows you to set notifications that run a script or an executable module on the Administration Server device when an event occurs.

Separate account for remote installation of applications

In addition to the basic differentiation of access rights, we recommend restricting the remote installation of applications for all accounts (except for the Main Administrator or another specialized account).

We recommend using a separate account for remote installation of applications. You can assign a role or permissions to the separate account.

[Topic 245787]

Managing protection of client devices

Automatic rules for moving devices between administration groups

We recommend restricting the use of automatic rules for moving devices between administration groups.

If you use automatic rules for moving devices, this may lead to propagation of policies that provide more privileges to the moved device than the device had before relocation.

Also, moving a client device to another administration group may lead to propagation of policy settings. These policy settings may be undesirable for distribution to guest and untrusted devices.

This recommendation does not apply for one-time initial allocation of devices to administration groups.

Security requirements for distribution points and connection gateways

Devices with Network Agent installed can act as a distribution point and perform the following functions:

• Distribute updates and installation packages received from Administration Server to client devices within the group.
• Perform remote installation of third-party software and Kaspersky applications on client devices.
• Poll the network to detect new devices and update information about existing ones.
• Act as a KSN proxy server for client devices.

Taking into account the available capabilities, we recommend protecting devices that act as distribution points from any type of unauthorized access (including physical).

[Topic 246284]

Configuring protection for managed applications

Configuring network protection

Ensure that you have completed the Kaspersky Security Center Cloud Console initial configuration scenario. This scenario also includes performing the steps of the quick start wizard.

When the quick start wizard is running, policies and tasks with default parameters are created. These parameters may not be optimal or may even be prohibited in your organization. Therefore, we recommend configuring the created policies and tasks, and create additional policies and tasks if necessary for your organization network.

Specifying the password for disabling protection and uninstalling the application

To prevent intruders from disabling Kaspersky security applications, we strongly recommend enabling password protection for disabling protection and deinstallation of Kaspersky security applications. You can set the password, for example, for Kaspersky Endpoint Security for Windows, Kaspersky Security for Windows Servers, Network Agent, and other Kaspersky applications. After you enable password protection, we recommend locking these settings by closing the "lock."

Specifying the password for manual connection of a client device to the Administration Server (klmover utility)

The klmover utility allows you to manually connect a client device to the Administration Server. When Network Agent is installed on a client device, the utility is automatically copied to the Network Agent installation folder.

To prevent intruders from moving devices out of your Administration Server's control, we strongly recommend enabling password protection for running the klmover utility. To enable password protection, select the Use uninstallation password option in the Network Agent policy settings.

Enabling the Use uninstallation password option also enables password protection for the Cleaner tool (cleaner.exe).

The klmover utility is used only for moving managed devices under management of a virtual Administration Server.

Using Kaspersky Security Network

In all policies of managed applications and in the properties of Kaspersky Security Center Cloud Console, we recommend enabling the use of Kaspersky Security Network (KSN) and accepting the KSN Statement. When you update or upgrade Kaspersky Security Center Cloud Console, you can accept the updated KSN Statement.

Discovering new devices

We recommend properly configuring device discovery settings: set up integration with Active Directory and specify IP address ranges for discovering new devices.

For security purposes, you can use the default administration group that includes all new devices and the default policies affecting this group.

[Topic 245779]

Event transfer to third-party systems

Monitoring and reporting

For timely response to security issues, we recommend configuring the monitoring and reporting features.

Export of events to SIEM systems

For fast detection of security issues before significant damage occurs, we recommend using event export in a SIEM system.

Email notifications of audit events

For timely response to emergencies, we recommend configuring Kaspersky Security Center Cloud Console to send notifications about the audit events, critical events, failure events, and warnings that it publishes.

Since these events are intra-system events, a small number of them can be expected, which is quite applicable for mailing.

[Topic 249191]

Interface of Kaspersky Security Center Cloud Console

Kaspersky Security Center Cloud Console is managed through the web interface.

The application window contains the following items:

• Main menu in the left part of the window
• Work area in the right part of the window

Main menu

The main menu contains the following sections:

• Quick links. Contains the following tabs:
  • Home page settings. Displays the main menu map. By default, the Home page settings tab of the Quick links section is set as a home page. You can change these settings.
  • Introduction & tutorials. Contains videos on how to configure and use Kaspersky Security Center Cloud Console and security applications.

    In Mozilla Firefox browser, if you play a video in the Introduction & tutorials section in the pop-up window, then open the video in the picture in picture mode, and then close the video in the pop-up window, the video in the picture in picture mode is closed as well.

• Administration Server. Displays the name of the Administration Server that you are currently connected to. Click the settings icon () to open the Administration Server properties.
• Monitoring & reporting. Provides an overview of your infrastructure, protection statuses, and statistics.
• Assets (Devices). Contains tools to manage client devices, as well as tasks and Kaspersky application policies.
• Users & roles. Allows you to manage users and roles, configure user rights by assigning roles to the users, and associate policy profiles with roles.
• Operations. Contains a variety of operations, including application licensing, patch management, and third-party application management. This also provides you access to application repositories.
• Discovery & deployment. Allows you to poll the network to discover client devices, and distribute the devices to administration groups manually or automatically. This also contains the quick start wizard and Protection deployment wizard.
• Marketplace. Contains information about the entire range of Kaspersky business solutions and allows you to select the ones you need, and then proceed to purchase those solutions at the Kaspersky website.
• Settings. Contains settings to integrate Kaspersky Security Center Cloud Console with other Kaspersky applications. It also contains your personal settings related to the interface appearance, such as interface language or theme.
• Your account menu. Contains a link to Online Help and information about Kaspersky Technical Support. It also allows you to sign out of Kaspersky Security Center Cloud Console.

Work area

The work area displays the information you choose to view in the sections of the application web interface window. It also contains control elements that you can use to configure how the information is displayed.

[Topic 256056]

Changing the language of the Kaspersky Security Center Cloud Console interface

You can select the language of the Kaspersky Security Center Cloud Console interface.

To change the interface language:

1. In the main menu, go to Settings → Language.
2. Select one of the supported localization languages.

[Topic 296464]

Changing the Kaspersky Security Center Cloud Console home page

The home page is displayed after you sign in to Kaspersky Security Center Cloud Console.

By default, the Home page settings tab of the Quick links section is set as the home page. If necessary, you can change the home page.

To change the home page:

1. In the Quick links section, hover the mouse cursor over the item that you want to set as the home page.
2. After the home () icon is displayed, click the icon.

The home page is changed, an appropriate message is displayed on the screen, and the item selected as a home page is marked with the home () icon.

The Marketplace and Settings sections cannot be set as a home page.

[Topic 272710]

Adding and removing bookmarks

You can add frequently used sections of Kaspersky Security Center Cloud Console to bookmarks to access them quickly from the Bookmarks section in the main menu.

If you did not add any section to bookmarks, the Bookmarks section is not displayed in the main menu.

You can add to bookmarks only the sections that display pages. For example, if you go to Assets (Devices) → Managed devices, a page with the table of devices opens, which means you can add the Managed devices section to bookmarks. If a window or no element is displayed after you select the section in the main menu, then you cannot add such a section to bookmarks.

To add a section to bookmarks:

1. In the main menu, hover the mouse cursor over the section you want to add to bookmarks.
2. After the bookmark () icon is displayed, click the icon.

The section is displayed in the Bookmarks section.

The maximum number of sections that you can add to bookmarks is five.

To remove a section from bookmarks:

1. In the main menu, go to the Bookmarks section.
2. Hover the mouse cursor over the section you want to remove, and then click the bookmark () icon.

The section is removed from bookmarks.

You can also add and remove elements from bookmarks in the Quick links section by hovering the mouse cursor over them and clicking the bookmark () icon. The selected item will be marked with the bookmark () icon and displayed in the Bookmarks section in the main menu. If you want to remove the item from the bookmarks, click the bookmark () icon.

The Bookmarks section is displayed only in the main menu. It is never displayed on the Quick links page.

[Topic 153504]

Initial configuration of Kaspersky Security Center Cloud Console

This section outlines the main scenario for Kaspersky Security Center Cloud Console deployment starting with a workspace creation and finishing with the monitoring of the network protection status.

For information about deployment of Kaspersky Security Center running on-premises, refer to Kaspersky Security Center Online Help.

We recommend that you assign a minimum of one working day for completion of this scenario.

The scenario guides you through the following:

• Starting work with a
  workspace

  An instance of Kaspersky Security Center Cloud Console created for a specific company. When a customer creates a workspace, Kaspersky creates and configures the infrastructure and cloud-based Administration Console that are required to manage security applications installed on the devices of the company.

  An instance of Kaspersky Security Center Cloud Console created for a specific company. When a customer creates a workspace, Kaspersky creates and configures the infrastructure and cloud-based Administration Console that are required to manage security applications installed on the devices of the company.

  of your company as an administrator
• Discovering devices on your network (if necessary, you will assign distribution points and manually install distribution packages on them)
• Deploying managed Kaspersky applications on the client devices; configuring tools for network protection, monitoring, and regular updates of Kaspersky databases, software modules, and applications

When you complete this scenario, the network protection based on Kaspersky applications will be configured. You will be able to proceed to monitoring of the network protection status.

Prerequisites

Before you start:

• View the architecture of Kaspersky Security Center Cloud Console to understand interaction between the main application components.
• Read information about the licensing of Kaspersky Security Center Cloud Console and managed applications.
• Make sure that you have a valid activation code for Kaspersky Security Center Cloud Console (if you are creating a commercial workspace).

Stages

Kaspersky Security Center Cloud Console configuration proceeds in stages:

1. Configuring ports

   Make sure that all necessary ports are open for interaction between your network and the Kaspersky infrastructure. Also, if you plan to use the hierarchy of Administration Servers, make sure that all necessary ports are open for interaction involving the secondary Administration Server (or secondary Administration Servers) and client devices.

2. Creating the workspace for your company

   Create an account, and then create a workspace for your company.

3. Running quick start wizard

   Open and sign in to Kaspersky Security Center Cloud Console. When you sign in for the first time, you are automatically prompted to run the quick start wizard. You can also start the quick start wizard manually at any time.

   When the quick start wizard is complete, you will have installation packages of Network Agent and security applications. These installation packages are required for further deployment of Kaspersky Security Center Cloud Console.

4. Deployment of Kaspersky applications

   Perform the scenario of initial deployment of Kaspersky applications. One of the scenario steps refers to the network polling operation. This operation is required to discover client devices of your network. Network polling and its settings are described in the scenario of discovering networked devices.

   If you are deploying Kaspersky Security for Windows Server, make sure that the databases for this application are up to date.

5. Licensing Kaspersky security applications

   When Kaspersky security applications are deployed to the managed devices, the applications must be licensed by applying an activation code to each of the applications. Deploy your activation codes to the Kaspersky applications installed on the managed devices. You have several options to license Kaspersky security applications.

6. Configuring network protection

   Perform the network protection configuration to fine-tune the policies and tasks created through the quick start wizard.

7. Regular updating of Kaspersky databases, software modules, and applications

   To keep your network protected against viruses and other threats, you have to configure regular updates of Kaspersky databases, software modules, and applications.

8. Updating third-party software and fixing third-party software vulnerabilities (optional)

   Kaspersky Security Center Cloud Console enables you to manage updates of Microsoft applications installed on client devices. You can also fix vulnerabilities in Microsoft applications through installation of required updates.

9. Configuring tools for monitoring the network protection status

   Select and configure widgets, reports and other tools that allow you to monitor the network protection status.

When Kaspersky Security Center Cloud Console is deployed and configured, you can proceed to monitoring the network protection status.

[Topic 227700]

Workspace management

This section describes how you can use accounts and workspaces in Kaspersky Security Center Cloud Console.

[Topic 143156]

About workspace management in Kaspersky Security Center Cloud Console

Using Kaspersky Security Center Cloud Console, you can do the following:

• Create an account.
• Edit an account.
• Register a company and create a workspace.
• Edit information about the company and workspaces.
• Delete a workspace and a company.
• Delete an account.

[Topic 143188]

Getting started with Kaspersky Security Center Cloud Console

This section describes how to sign up for and start using Kaspersky Security Center Cloud Console.

Signing up for Kaspersky Security Center Cloud Console consists of the following steps:

1. Creating and confirming an account.
2. Registering a company and creating a workspace.

[Topic 239398]

Creating an account

This article describes how to create an

As an alternative, you can create an account on My Kaspersky, and then use it to sign in to Kaspersky Security Center Cloud Console and create your workspace.

Your My Kaspersky account must be created directly on the website and not by using an external authentication provider (like Google). Otherwise, you will not be able to use Kaspersky Security Center Cloud Console.

To create an account in Kaspersky Security Center Cloud Console:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Click the Create an account button on the start page of Kaspersky Security Center Cloud Console.

   The Kaspersky Account portal opens.

3. On the Sign up to enter Kaspersky Security Center Cloud Console page, enter the email address and password for your account (see the figure below).

   

   Creating an account in Kaspersky Security Center Cloud Console

4. Click the Privacy Policy link and carefully read the Privacy Policy text.
5. If you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy and you confirm that you have fully read and understand the Privacy Policy, select the check box next to the text of consent to data processing in accordance with the Privacy Policy, and then click the Create button.

   If you do not accept the Privacy Policy, do not use Kaspersky Security Center Cloud Console.

6. A message from Kaspersky is sent to the email address that you specified. The message contains a one-time security code.

   Open the email message, and then copy the one-time security code that it contains.

7. Return to Kaspersky Account, and then paste the code to the entry field.

Creation of the account in Kaspersky Security Center Cloud Console is complete.

[Topic 143266]

Registering a company and creating a workspace

Immediately after the account is created, you can register a company and create a workspace for it.

If you want to protect more than 10,000 devices, you do not have to register a company and create a workspace on Kaspersky Security Center Cloud Console as described below. Instead, send a request to Kaspersky Technical Support. In the request, specify information about your company and the workspace that you want to create.

Before you start, make sure that you know the following:

• The name of the company in which you intend to use the software solution.
• The country in which the company is located. If the company is located in Canada, you must also know the province.
• The total number of company computers and mobile devices that you want to protect.

To register a company and create a workspace in Kaspersky Security Center Cloud Console:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Click the Sign in button on the start page of Kaspersky Security Center Cloud Console.
3. Enter the email address and password that you specified when you created the account, and then click the Sign in button.

   The Create a workspace wizard starts. Proceed through the wizard by using the Next button.

4. On the Step 01: Terms of Use of Kaspersky Security Center Cloud Console page of the wizard, do the following:
   1. Carefully read the Agreement, the Privacy Policy, and the Data Processing Agreement for the software solution.
   2. If you agree to the terms and conditions of the Agreement and the Data Processing Agreement and if you are aware and agree that your data will be handled and transmitted (including to third countries) as described in the Privacy Policy, and you confirm that you have fully read and understand the Privacy Policy, select the check boxes next to the three listed documents and click the Accept button.

      If you do not agree to the terms and conditions, do not use Kaspersky Security Center Cloud Console.

      If you click the Decline button, the workspace creation process will be terminated.

5. On the Step 02: Company information page of the wizard, specify the main details of your company.

   Fill in the following fields:

   • Name of your company (required)

     Specify the name of the company in which you intend to use the software solution. You can enter a string up to 255 characters long. The string can contain upper- and lowercase characters, numerals, whitespaces, dots, commas, minuses, dashes, and underscores. The specified company name will be displayed in Kaspersky Security Center Cloud Console.

   • Additional company description field (optional)

     You may specify additional information about the company that you register. You can enter a string up to 255 characters long. The string can contain upper- and lowercase characters, numerals, whitespaces, dots, commas, minuses, dashes, and underscores.

6. On the Step 03: Workspace information page of the wizard, specify the information about the workspace that you want to create for your company.

   Fill in the following required fields:

   • Workspace name. Specify the name of the workspace in which you intend to use the software solution. You can enter a string up to 255 characters long. The string can contain upper- and lowercase characters, numerals, whitespaces, dots, commas, minuses, dashes, and underscores. The specified workspace name will be displayed in Kaspersky Security Center Cloud Console.
   • Country. In the drop-down list, select the country in which your workspace is located. If you select Canada, also specify the province in the State drop-down list that appears below this field.
   • Number of devices. Enter the total number of computers and mobile devices that you want to protect in this workspace.

     In the entry field, you can enter a number from 300 to 10,000.

7. On the Step 04: License for new workspace page of the wizard, do either of the following:
   • If you want to try Kaspersky Security Center Cloud Console, click the I want to request a trial workspace link.

     We recommend that you connect your own devices to your trial workspace and test any modifications to the settings, noting the results.

     You will not be able to switch a trial workspace to commercial mode by entering an activation code. To switch to commercial mode, you must delete the workspace and create it again.

   • If you want to use Kaspersky Security Center Cloud Console in the commercial mode, enter the activation code and click the Verify button.

Registration of a company and creation of a workspace in Kaspersky Security Center Cloud Console is complete.

After the workspace is prepared, you receive an email message with the link to access the workspace.

[Topic 134563]

Opening your Kaspersky Security Center Cloud Console workspace

Right after you create a workspace for Kaspersky Security Center Cloud Console, the workspace opens automatically. Later, you can open your workspace, as described in this section.

If you are an administrator of a virtual Administration Server, you have access only to the virtual Administration Server. After you sign in and open the workspace, Kaspersky Security Center Cloud Console provides you the interface of the virtual Administration Server. You cannot switch to the primary Administration Server or other secondary Administration Servers.

An administrator of a virtual Administration Server must have access to a single virtual Administration Server. If you do not have access rights on the primary Server and have access rights on multiple virtual Servers, you cannot sign in to Kaspersky Security Center Cloud Console.

To open your Kaspersky Security Center Cloud Console workspace:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and the list of its workspaces.

4. Click the name of the required workspace or the Go to workspace link to proceed to the workspace.

   Occasionally, a workspace may be unavailable due to maintenance. If this is the case, you will not be able to proceed to your Kaspersky Security Center Cloud Console workspace.

   You cannot open a workspace that is marked for deletion.

5. If any of the Kaspersky Security Center Cloud Console legal documents have been changed since you accepted their terms and conditions, the portal page displays the changed documents.

   Do the following:

   1. Carefully read the displayed documents.
   2. If you agree to the terms and conditions of the displayed documents, select the check boxes next to the listed documents, and then click the I accept the terms button.

      If you do not agree to the terms and conditions, stop using the selected Kaspersky software solution.

      If you click the I decline button, the operation will be terminated.

Your Kaspersky Security Center Cloud Console workspace opens.

[Topic 271824]

Returning to the list of workspaces

After you open your workspace, you can go back to the portal page that has the list of workspaces registered under your account in Kaspersky Security Center Cloud Console.

To return to the list of workspaces,

In the main menu, go to your account settings, and then select Manage workspaces.

The portal page displays the company for which you are an administrator and the list of its workspaces. If you have Kaspersky Security Center Cloud Console open on several tabs, you are signed out on all tabs.

[Topic 177033]

Signing out of Kaspersky Security Center Cloud Console

When you have finished your work, you should securely close your current session by signing out of Kaspersky Security Center Cloud Console.

To sign out of Kaspersky Security Center Cloud Console,

In the main menu, go to your account settings, and then select Sign out.

Kaspersky Security Center Cloud Console is closed, and the account page is displayed. You can close this browser page, if necessary. All data from your workspace will be saved.

[Topic 143157]

Managing the company and the list of workspaces

This section describes how to view the company information and the list of workspaces registered under your account in Kaspersky Security Center Cloud Console, change information about the company and workspaces, and delete a workspace and a company.

At present, you can register only one company and create one workspace. In future releases of Kaspersky Security Center Cloud Console, you will be able to create additional workspaces for your company. This will help you map your company structure to workspaces, by creating a separate workspace for each company branch.

[Topic 150560]

Editing information about a company and a workspace

You can modify the information about a company and a workspace that you specified when you added the company to Kaspersky Security Center Cloud Console.

To modify information about a company and/or a workspace:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. If you want to edit the company name and description, do the following:
   1. Click the Edit () icon in the area with the company information.
   2. Modify the company name and/or description as you want.
   3. Click the Save button.

      To cancel the changes, click the Cancel button.

5. If you want to edit the workspace name, do the following:
   1. Click the Edit () icon in the area with the workspace information.
   2. Modify the workspace name as you want.
   3. Click the Save button.

      To cancel the changes, click the Cancel button.

The modified information is displayed in Kaspersky Security Center Cloud Console.

[Topic 143435]

Deleting a workspace and a company

A workspace of a company can be deleted either manually or automatically. After the last workspace is deleted, the company information is also deleted automatically.

Manual deletion

You can delete a workspace of a company if that company has decided to stop using the workspace.

After the workspace is deleted, all security applications will remain on the managed devices. Therefore, we recommend that before deleting the workspace you either disable password protection of all security applications or uninstall security applications from the managed devices.

To delete a workspace and a company:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. Select the workspace that you want to delete.
5. On the right, in the section containing the selected workspace, click the Delete () icon.

   The Delete workspace window opens.

6. In the Delete workspace window, confirm that you want to delete the workspace.

The workspace is marked for deletion. The information block for the workspace is highlighted with a red border.

The information block for the workspace is duplicated at the bottom of the page, in the Marked for deletion section.

You cannot go to a workspace that is marked for deletion and manage it.

If you have not been able to mark a workspace for deletion, contact Kaspersky Technical Support. After a Technical Support engineer at Kaspersky receives your request, the workspace and the company will be deleted.

Workspaces that are marked for deletion may remain in that status for a period of seven days after being marked. After seven days, they are automatically deleted.

During that period, you can forcibly delete a workspace that is marked for deletion or cancel deletion of a workspace.

To forcibly delete a workspace:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. In the Marked for deletion section, in the information block for the workspace marked for deletion, click the Force deletion option.

   The Delete workspace window opens.

5. In the Delete workspace window, enter the ID of the workspace that you want to delete.

   You are prompted to confirm the ID of the workspace to make sure that you are not mistakenly deleting the workspace. After a workspace is deleted, it cannot be restored.

   The workspace ID is displayed in the workspace information section under its name.

6. In the Delete workspace window, click OK.

The workspace is deleted. All data about users,

Automatic deletion

Kaspersky Security Center Cloud Console automatically deletes a workspace:

• 30 days after the trial license expires.
• 90 days after all commercial or subscription licenses in the Administration Server repository expire.
• 90 days after you delete the last license key (active, reserve, or not in use) added manually in the repository.

Kaspersky Security Center Cloud Console notifies administrators of the workspace 30 days, 7 days, and 1 day prior to deletion.

[Topic 150561]

Canceling deletion of a workspace

You can cancel the deletion of a workspace that has been marked for deletion.

You cannot cancel the deletion of a workspace that already has been deleted.

To cancel the deletion of a workspace:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. In the Marked for deletion section, in the information block for the workspace marked for deletion, click the Cancel deletion link.

Workspace deletion is canceled. You can now go to the workspace and continue working with it.

[Topic 224445]

Managing access to the company and its workspaces

This section contains information about granting and revoking access to your company and its workspaces.

Kaspersky Security Center Cloud Console provides you with two access levels:

• Administrator

  A user with this access level can fully manage the company and its workspaces.

• User

  A user with this access level can view the list of available workspaces and enter these workspaces.

[Topic 224447]

Granting access to your company and its workspaces

You can grant access to your company and its workspaces if you want another user to be able to log in to your company and manage it according to the selected access level.

Before you can grant access to a user, the user must create an account in Kaspersky Security Center Cloud Console.

To grant access to your company and its workspaces:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. Click the Show access control link.

   The list of accounts with access to the company expands.

5. Click the Grant access link.
6. In the Email address field, specify the email address of the account to which you want to grant access.
7. In the Access level list, select the access level that you want to assign to the entered account:
   • Administrator

     A user with this access level can fully manage the company and its workspaces.

   • User

     A user with this access level can view the list of available workspaces and enter these workspaces.

   You cannot grant several access levels to the same account within the same company.

8. Click the Grant button.

The specified account is granted access to your company and its workspaces. The user can log in to the company and manage it according to the selected access level.

If you have granted the User access level to the account, you must assign a role to the added user. Otherwise, the user will not be able to enter the workspace.

[Topic 224448]

Revoking access to your company and its workspaces

You can revoke access to your company and its workspaces if you no longer want a user to be able to log in to your company and manage it (for example, after the user quits the company).

You cannot revoke your own access to the company.

To revoke access to your company and its workspaces:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Sign in to your account on Kaspersky Security Center Cloud Console by specifying the user name and the password.
3. If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

   The portal page displays the company for which you are an administrator and a list of its workspaces.

4. Click the Show access control link.

   The list of accounts with access to the company expands.

5. Click the Revoke () icon next to the account whose access you want to revoke.
6. In the Revoke access to company window that opens, click OK to confirm the operation.

The access of the selected account to your company and its workspaces is revoked. The user cannot log in to the company and manage it any more.

[Topic 135429]

Resetting your password

If you forget your password for your Kaspersky Security Center Cloud Console account, you can restore access to your account by resetting your password.

To reset the account password:

1. In your browser, go to Kaspersky Security Center Cloud Console.
2. Click the Sign in button.
3. In the Sign in to Kaspersky Security Center Cloud Console window of the Kaspersky Account portal that appears, click the Forgot your password? link.
4. Enter the email address that you specified when creating your account.
5. Click Next.
6. A message from Kaspersky is sent to the email address that you specified. The message contains a one-time security code.

   Open the email message, and then copy the one-time security code that it contains.

7. Return to Kaspersky Account, and then paste the code to the entry field.
8. If you configured a secret question, answer this question.

   If you set up two-step verification, enter the one-time security code that is either sent to you by SMS or generated in your authenticator app (depending on the two-step verification method that you set up).

9. In the window that opens, type a new password.
10. Click Save.

    The new password for signing in to Kaspersky Security Center Cloud Console is saved.

If you did not receive an email message, check the email address that you entered, your spam folder, and then try again. If you do not receive a message when you try again, the email address you specified is probably not registered on the website. Please contact Kaspersky Technical Support.

[Topic 123598]

Editing the settings of an account in Kaspersky Security Center Cloud Console

This section provides instructions on how to edit and delete an account in Kaspersky Security Center Cloud Console.

[Topic 126916]

Changing an email address

To change your email address in the settings of your account in Kaspersky Security Center Cloud Console:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. Click the Change your email address link (see the figure below).

   

   Changing the email address in the settings of an account in Kaspersky Security Center Cloud Console

3. In the New email address entry field, enter your new email.

   Please enter the address carefully. If you enter an invalid address, you will not be able to proceed to your account and use Kaspersky Security Center Cloud Console.

4. Click the Next button.
5. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.
6. A message from Kaspersky is sent to the email address that you specified. The message contains a one-time security code.

   Open the email message, and then copy the one-time security code that it contains.

7. Return to Kaspersky Account, and then paste the code to the entry field.
8. Go back to Kaspersky Security Center Cloud Console by clicking the Go back to Kaspersky Security Center Cloud Console link or exit the portal by clicking the Account → Sign out link.

Your email address is now changed in the Kaspersky Security Center Cloud Console account settings and in the My Kaspersky account settings. A message is sent to your new email address to notify you that your email address for gaining access to the account has been changed. The next time you sign in to Kaspersky Security Center Cloud Console, you will have to specify your new email address.

[Topic 126917]

Changing a password

To change your password in the settings of your account in Kaspersky Security Center Cloud Console:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. Click the Change password link (see the figure below).

   

   Changing the account password in Kaspersky Security Center Cloud Console

3. In the Password entry field, enter your new password.

   Under the entry field, the requirements for the password are shown. You cannot save the new password until you comply with the requirements.

4. Click the Save button.
5. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.
6. Select or clear the Automatically request password change every 180 days check box.

   By default, this check box is selected.

7. Go back to Kaspersky Security Center Cloud Console by clicking the Go back to Kaspersky Security Center Cloud Console link or exit the portal by clicking the Account → Sign out link.

Your password is now changed. You will have to enter the new password when signing in to Kaspersky Security Center Cloud Console and when signing in to My Kaspersky.

[Topic 126918]

Using two-step verification

This section describes two-step verification, which can help you increase the security of your account in Kaspersky Security Center Cloud Console.

[Topic 116212]

About two-step verification

Two-step verification can help you increase the security of your account in Kaspersky Security Center Cloud Console. When this feature is enabled, every time you sign in to Kaspersky Security Center Cloud Console with your email address and password, you enter an additional one-time security code. With two-step verification, criminals cannot sign in to your account if they steal or guess your password, they must have access to your mobile phone as well. Also, when two-step verification is enabled, you must enter an additional one-time security code if you forget your password.

After you set up two-step verification, you are responsible for keeping your mobile phone physically secure and for maintaining access to your phone number.

You can get a one-time security code in either of the following ways:

• A security code is sent by SMS to your mobile phone number.

  In this case, if you lose access to your mobile phone, you are not able to sign in to your account in Kaspersky Security Center Cloud Console until you restore access to your phone number.

• A security code is generated in an authenticator app that is installed on your mobile phone.

  We strongly recommend that you set up two-step verification by using an authenticator app. In this case, you can sign in to your account even if your mobile phone is not connected to the internet or a mobile network.

  We have tested only Google Authenticator and Microsoft Authenticator for compatibility with Kaspersky Security Center Cloud Console, and these applications were free to use at that time. The interfaces of these applications may be unavailable in your preferred language. Please also check the GDPR compliance and privacy policies of the applications before using them. Kaspersky is in no way sponsored, endorsed by, or otherwise affiliated with any of the owners of these applications.

  Microsoft Authenticator can be installed on mobile devices only.

  We also recommend that you install an authenticator app on a device other than your mobile phone. This will allow you to sign in to your account if your mobile phone is ever lost or stolen.

  In this case, if you lose access to your mobile phone and you do not have an authenticator app on another device, you are not able to sign in to your account in Kaspersky Security Center Cloud Console until you restore access to your phone number. After that, use the security code that is sent by SMS.

If you previously configured a secret question to restore your password if it is lost, the security question feature will be permanently disabled after you set up two-step verification.

[Topic 123558]

Scenario: Setting up two-step verification

Two-step verification can help you increase the security of your account in Kaspersky Security Center Cloud Console. After you complete the scenario in this section, two-step verification of your account will be set up.

The scenario proceeds in stages:

1. Adding your phone number

   At this stage, you set up two-step verification by SMS.

2. Installing and configuring an authenticator app

   Install and configure an authenticator app.

   We strongly recommend that you set up two-step verification by using an authenticator app. In this case, you can sign in to your account even if your mobile phone is not connected to the internet or a mobile network.

   We also recommend that you install an authenticator app on a device other than your mobile phone. This will allow you to sign in to your account if your mobile phone is ever lost or stolen.

3. Changing your phone number

   If necessary, you can change the phone number that you use for two-step verification.

[Topic 99990]

Setting up two-step verification by SMS

To set up two-step verification by SMS:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. If two-step verification is disabled, enable the Two-step verification is disabled toggle switch.
3. In the No phone number provided window that appears, click the Confirm button.
4. Under Enter your phone number, specify the mobile phone number that you want to use in two-step verification, and then click the Provide phone number button.

   You can use the same phone number for up to five accounts.

   A 6-digit security code is sent to the specified phone number.

5. Under Enter the verification code that was sent to <phone number>, enter the received security code.
6. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.

Two-step verification is set up. Now, every time you sign in with your email address and password, or if you forget your password, you will need to enter a one-time security code that you get by SMS to the specified phone number.

You can now install and configure an authenticator app, change your phone number, or disable two-step verification.

[Topic 134652]

Setting up two-step verification by using an authenticator app

Authenticator apps cannot be used in Kaspersky Security Center Cloud Console as a standalone verification method. You must first set up two-step verification by SMS. If you disable two-step verification via your mobile phone number, verification via an authenticator app is turned off automatically. After you have set up both verification via SMS and via an app, you will be able to select a verification method on the sign-in page or if you forget your password.

To set up two-step verification by an authenticator app:

1. Set up two-step verification by SMS.
2. Download, install, and run the authenticator app that you want to use.

   We have tested only Google Authenticator and Microsoft Authenticator for compatibility with Kaspersky Security Center Cloud Console, and these applications were free to use at that time. The interfaces of these applications may be unavailable in your preferred language. Please also check the GDPR compliance and privacy policies of the applications before using them. Kaspersky is in no way sponsored, endorsed by, or otherwise affiliated with any of the owners of these applications.

   Microsoft Authenticator can be installed on mobile devices only.

   If you want, you can use other apps at your own risk. The app that you use must support 6-digit security codes.

   We also recommend that you install an authenticator app on a device other than your mobile phone. This will allow you to sign in to your account if your mobile phone is ever lost or stolen.

3. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

4. If two-step verification is disabled, enable the Two-step verification is disabled toggle switch.
5. Enable the Authenticator app is disabled toggle switch.

   The portal page displays a QR code.

   If you want to set up the authenticator app on a device that cannot scan QR codes, click the I can't scan it link. A 16-character secret key is displayed.

6. In the authenticator app on each device, scan the QR code to create an account. Please refer to your app's documentation for more information.

   If you want to set up the authenticator app on a device that cannot scan QR codes, create an account in the authenticator app, and then enter the displayed secret key.

   A 6-digit security code is generated in your authenticator apps.

7. Verify that the security codes generated in your apps are the same on each device.
8. Return to the Kaspersky Account portal, and then click the Next button.
9. Enter the generated security code.
10. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.

Two-step verification by an authenticator app is set up. Now, every time you sign in with your email address and password, or if you forget your password, you will need to enter a one-time security code that is generated in your authenticator app.

You can now disable the use of an authenticator app or completely disable two-step verification.

[Topic 134658]

Changing your mobile phone number

To change the mobile phone number that is used in two-step verification by SMS:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. If two-step verification is disabled, enable the Two-step verification is disabled toggle switch.
3. Under Phone number, click the Change phone number link.
4. Under Enter your phone number, specify the new mobile phone number that you want to use in two-step verification, and then click the Provide phone number button.

   A 6-digit security code is sent to the specified phone number.

5. Under Enter the verification code that was sent to <phone number>, enter the received security code.

Your mobile phone number is changed. Now, one-time security codes will be sent to the new phone number.

[Topic 134659]

Disabling two-step verification

If you no longer want to use two-step verification, you can disable it, as described in this section.

Disabling two-step verification will decrease the security of your account. We strongly recommend that you continue using two-step verification.

If you set up two-step verification by SMS, you can disable two-step verification. If you set up two-step verification by an authenticator app, you can disable the use of the app or completely disable two-step verification.

To disable the use of an authenticator app:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. Disable the Authenticator app is enabled toggle switch.
3. In the confirmation window that opens, click the Confirm button.
4. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.

The use of an authenticator app is disabled. The settings of two-step verification by an authenticator app are deleted. You can now delete accounts in your authenticator apps.

Later, you can set up two-step verification by an authenticator app again.

To completely disable two-step verification:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. Disable the Two-step verification is enabled toggle switch.
3. In the confirmation window that opens, click the Confirm button.
4. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.

Two-step verification is disabled. If you used two-step verification by an authenticator app, the settings of two-step verification are deleted. You can now delete accounts in your authenticator apps.

Later, you can set up two-step verification again.

[Topic 101543]

Deleting an account in Kaspersky Security Center Cloud Console

If you want to stop using Kaspersky Security Center Cloud Console, you can delete your account.

When deleting an account, all data associated with that account is lost.

After you delete your account, you can no longer gain access to your workspaces in Kaspersky Endpoint Security Cloud, Kaspersky Security for Microsoft Office 365, and Kaspersky Security Center Cloud Console. If you were the only administrator in a workspace, the workspace will be duly deleted. Additionally, you lose access to your My Kaspersky account.

To delete an account in Kaspersky Security Center Cloud Console:

1. In Kaspersky Security Center Cloud Console, click the link containing your account name, and then select Manage user account.

   The My Profile window of the Kaspersky Account portal opens.

2. Click the Account → Delete link.
3. In the Delete your account window that opens, read the information about the consequences of account deletion, and then click the Delete button to confirm the account deletion.
4. In the Enter your current password window that opens, specify the password of your account in Kaspersky Security Center Cloud Console, and then click the Next button.

Your account is deleted.

[Topic 138096]

Selecting the data centers used to store Kaspersky Security Center Cloud Console information

A workspace for Kaspersky Security Center Cloud Console is created by using servers from a network of global data centers based on a cloud platform. The selection of data centers to host a workspace depends on the country that you specified when you registered the workspace in Kaspersky Security Center Cloud Console (see the table below). The distribution packages of security applications are hosted on the same servers as workspaces.

Matching the company location with a data center region