Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Setting up
CylanceGATEWAY

CylanceGATEWAY

is not enabled for your tenant the menu options to configure it are not displayed in the management console. If a user with insufficient permissions logs in to the management console a no permissions error message is displayed when selecting a menu option. For more information about the error message, see support.blackberry.com/ community to read article 98223.

DNS resolution of IPv6 addresses is not supported. IPv6 addresses will not be returned to the

CylanceGATEWAY

agent.

Step	Action
	Install and set up the BlackBerry Connectivity Node and at least one CylanceGATEWAY Connector .
	Specify the addresses that are part of your private network.
	Specify your private DNS settings and suffixes.
	Review the existing CylanceGATEWAY network services or define your own to make creating access control list (ACL) rules on tenants easier (optional).
	Configure ACL rules on tenants to manage which Internet and private network destinations CylanceGATEWAY allows and blocks access to.
	Configuring network protection to specify the threats that CylanceGATEWAY detects and how it responds.
	Add users for CylanceGATEWAY .
	Configure Gateway service options to specify OS-specific options.
	Configure enrollment policies to allow users to activate the CylancePROTECT Mobile app or CylanceGATEWAY agent on their devices.
	Assign policies to administrators, users, and groups. Users must be assigned an enrollment policy and Gateway Service policy before they can activate the CylanceGATEWAY agent.
	Device users install and activate the CylancePROTECT Mobile app on iOS , Android , and Chromebook devices and the CylanceGATEWAY agent on Windows and macOS devices. Optionally, you can perform a silent installation or upgrade of the CylanceGATEWAY agent. You can download the agents from the BlackBerry web site. For more information on the CylancePROTECT Mobile app and CylanceGATEWAY agent, see the Cylance Endpoint Security User Guide. Optionally, you can integrate Cylance Endpoint Security with BlackBerry UEM or Microsoft Intune to verify whether iOS and Android devices are managed by UEM or Intune before they can use CylanceGATEWAY . For more information, see Connecting Cylance Endpoint Security to MDM solutions to verify whether devices are managed.
	Bring your own IP addresses (BYOIP) to provide larger dedicated IP addresses to control traffic in ways, such as using your organization's own IP address for sourcing IP pinning and allowing a single IP address range or CIDR address instead of several non-continuous IP addresses. (Optional)