Multi-Tenant Management of Settings Profiles

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

To open the multi-tenant management UI for endpoint security, your Service Provider account must have an active WatchGuard Endpoint Security product license in its inventory.

Settings vary for WatchGuard Advanced EPDR, EPDR, EDR, EDR Core, and EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all products. If you do not have a setting in the Endpoint Security management UI, it is not supported by your product.

On the Settings page, Service Providers can create and edit security settings profiles, and then assign them to managed accounts (Subscriber or Service Provider) or a group of accounts, similar to a template. Settings profiles can help reduce administration time and settings inheritance enables quicker assignment of settings to account groups and sub-groups and the computer and devices in these groups.

Service Providers cannot manage the security settings of delegated accounts in the multi-tenant management UI.

For information on how to centrally assign a security settings profile, go to Multi-Tenant Management — Assign Endpoint Security Settings to Managed Accounts.

To open a multi-tenant endpoint security settings profile from WatchGuard Cloud:

1. From Account Manager, select a Service Provider account.
   To select your own Service Provider account, select Overview. Or, select a tier-n Service Provider account.
2. Select Configure > Endpoints.
3. On the Settings page, select the type of settings you want to see.

For more information on how to create, copy, edit, and delete security settings profiles, go to Manage Settings Profiles.

Multi-tenant settings profiles that you create can include these settings:

Per-Computer Settings

Use these settings to configure features of the endpoint security product installed on user computers, such as agent visibility, software updates, anti-tamper protection, two-factor authentication (2FA), and shadow copies. For information on the available settings, go to Configure Per-Computer Settings.

Remote Control (Advanced EPDR only)

Use these settings to configure remote access to user computers. For more information on the available settings, go to Configure Remote Control Settings.

Workstations and Servers

Use these settings to specify how the endpoint security product reacts to threats, including Advanced Protection features such as Audit mode, decoy files, AMSI scanning, Advanced Security Policies, anti-exploit protection, vulnerable driver detection, and network attack protection. You can also set administrator rules for access to network resources to minimize the attack surface. For information on the available settings, go to Configure Workstations and Servers Security Settings.

Indicators of Attack

Use these settings to enable or disable the Indicators of Attack you want to detect. In Advanced EPDR, you can also enable or disable Advanced IOA. For more information on the available settings, go to Configure Indicators of Attack Settings.

Risks

Use these settings to configure the risks you want to detect on your devices and to set the risk level. The risks available depend on your WatchGuard Endpoint Security product. For information on the available settings, go to Configure Risks Settings.

Program Blocking

Use these settings to specify which programs to block when they try to run. For information on the available settings, go to Configure Program Blocking Security Settings (Windows Computers).

Authorized Software

Use these settings to specify programs that you do not want WatchGuard Endpoint Security to block during classification. For information on the available settings, go to Configure Authorized Software Settings (Windows Computers).

Mobile Devices

Use these settings to specify how the endpoint security product reacts to threats on iOS and Android phones and tablets. For information on the available settings, go to Configure Mobile Device Security Settings.

Patch Management

Use these settings to specify how the Patch Management module discovers new security patches published by vendors for the Windows operating systems and third-party software installed across the network. For information on the available settings, go to Configure Patch Management Settings. You can export a list of patch installation options by computer for all of your managed accounts.

Endpoint Access Enforcement

Use these settings to specify the conditions for inbound connections from a computer at risk. By default, Endpoint Access Enforcement monitors inbound connections for SMB and RDP traffic. You can specify the protocols you want to monitor for inbound connections. For endpoints with Advanced EPDR, you can also block connections from computers at risk. For information on the settings available, go to Configure Endpoint Access Enforcement Settings (Windows Computers).

Data Control

Use these settings to specify how the Data Control module monitors personal data on your network. For information on the available settings, go to Data Control Settings.

Encryption

Use these settings to specify how the Full Encryption module monitors the encryption status of network computers and centrally manages the corresponding recovery keys. For information on the available settings, go to Encryption Settings.

Related Topics

Multi-Tenant Management — Assign Endpoint Security Settings to Managed Accounts

Multi-Tenant Management — Settings Inheritance for Subscriber Accounts

Multi-Tenant Management — Settings Inheritance for Service Provider Accounts