Skip Navigation

Setting up zones to manage
CylancePROTECT Desktop
and
CylanceOPTICS

You can use zones to group and manage
CylancePROTECT Desktop
and
CylanceOPTICS
devices. You can group devices based on geography (for example, Asia and Europe), function (for example, Sales and IT staff), or by any criteria that your organization requires.
You can assign a device policy to a zone and apply that device policy to the
CylancePROTECT Desktop
and
CylanceOPTICS
devices that belong to that zone. You can also add a zone rule to add devices to a zone based on criteria specified in a saved query, like domain name, IP address range, or operating system. New devices will be automatically added to a zone if they match the zone rules criteria.
By default, devices that are added automatically to the zone will follow the zone rules. If the automatic device removal option is selected in the zone rules, devices that follow the zone rules will be automatically removed from the zone when they don't meet the zone rules criteria. You can also manually add devices that ignore the zone rules so they aren't automatically removed from the zone. When managing a zone, you can change whether a device follows or ignores the zone rules.
Note that administrator users with the Zone Manager role can install agents on devices, but they do not have access to the default zone (Unzoned), so they cannot assign devices to zones.
When you create a new
Cylance Endpoint Security
tenant, or when you reset a tenant to the recommended default state,
BlackBerry
provides preconfigured zones and preconfigured device policies that are designed to help you tune your environment to the desired security posture. For more information, see Configuring a new Cylance Endpoint Security tenant.