Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

Cylance Endpoint Security
network requirements

Cylance Endpoint Security
agents

Port 443 (HTTPS) must be open for the

Cylance Endpoint Security

desktop agents to communicate with the management console.

The agents communicate over secure websockets (WSS) and must be able to establish this connection directly. Configure your organization's network to allow connections to the following domains.

The management console is hosted by AWS and does not have fixed IP addresses. You can allow HTTPS traffic to *.cylance.com. For the cylance-optics-files-use1.s3.amazonaws.com host (and similar hosts for other regions), it is recommended to allow that specific host. It is not recommended to allow *.amazonaws.com because it can open your network to other hosts.

Please note that the domain api2.cylance.com is deprecated, but is kept open to support older

CylancePROTECT Desktop

agents. api2.cylance.com directs to the same destination as api.cylance.com for the purpose of threat analysis and risk scoring.

Item	Description
North America	Required for logging in to the Cylance console: login.cylance.com idp.blackberry.com cdn.cylance.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data.cylance.com protect.cylance.com update.cylance.com api.cylance.com download.cylance.com venueapi.cylance.com
	Required for CylanceOPTICS : cylance-optics-files-use1.s3.amazonaws.com opticspolicy.cylance.com content.cylance.com rrws-use1.cylance.com collector.cylance.com scalar-api-use1.cylance.com cement.cylance.com
	Required for the CylanceGATEWAY agent: idp.blackberry.com quip.webapps.blackberry.com us1.cs.blackberry.com Required for the CylanceGATEWAY Connector : deb.nodesource.com Required for the CylanceGATEWAY agent and the CylanceGATEWAY Connector : us1.bg.blackberry.com For more information, see KB79017.
Asia-Pacific Northeast	Required for logging in to the Cylance console: login-apne1.cylance.com idp.blackberry.com cdn.cylance.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data-apne1.cylance.com protect-apne1.cylance.com update-apne1.cylance.com api.cylance.com download.cylance.com venueapi-apne1.cylance.com
	Required for CylanceOPTICS : cylance-optics-files-apne1.s3.amazonaws.com opticspolicy-apne1.cylance.com content-apne1.cylance.com rrws-apne1.cylance.com collector-apne1.cylance.com scalar-api-apne1.cylance.com cement-apne1.cylance.com
	Required for the CylanceGATEWAY agent: idp.blackberry.com quip.webapps.blackberry.com jp1.cs.blackberry.com Required for the CylanceGATEWAY Connector : deb.nodesource.com Required for the CylanceGATEWAY agent and the CylanceGATEWAY Connector : jp1.bg.blackberry.com For more information, see KB79017.
Asia-Pacific Southeast	Required for logging in to the Cylance console: login-au.cylance.com idp.blackberry.com cdn.cylance.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data-au.cylance.com protect-au.cylance.com update-au.cylance.com api.cylance.com download.cylance.com venueapi-au.cylance.com
	Required for CylanceOPTICS : cylance-optics-files-apse2.s3.amazonaws.com opticspolicy-au.cylance.com content-apse2.cylance.com rrws-apse2.cylance.com collector-apse2.cylance.com scalar-api-apse2.cylance.com cement-au.cylance.com cement-apse2.cylance.com
	Required for the CylanceGATEWAY agent: idp.blackberry.com quip.webapps.blackberry.com au1.cs.blackberry.com Required for the CylanceGATEWAY Connector : deb.nodesource.com Required for the CylanceGATEWAY agent and the CylanceGATEWAY Connector : au1.bg.blackberry.com For more information, see KB79017.
Europe Central	Required for logging in to the Cylance console: login-euc1.cylance.com idp.blackberry.com cdn.cylance.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data-euc1.cylance.com protect-euc1.cylance.com update-euc1.cylance.com api.cylance.com download.cylance.com venueapi-euc1.cylance.com
	Required for CylanceOPTICS : cylance-optics-files-euc1.s3.amazonaws.com opticspolicy-euc1.cylance.com content-euc1.cylance.com rrws-euc1.cylance.com collector-euc1.cylance.com scalar-api-euc1.cylance.com cement-euc1.cylance.com
	Required for the CylanceGATEWAY agent: idp.blackberry.com quip.webapps.blackberry.com eu1.cs.blackberry.com Required for the CylanceGATEWAY Connector : deb.nodesource.com Required for the CylanceGATEWAY agent and the CylanceGATEWAY Connector : eu1.bg.blackberry.com For more information, see KB79017.
South America	Required for logging in to the Cylance console: login-sae1.cylance.com idp.blackberry.com cdn.cylance.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data-sae1.cylance.com protect-sae1.cylance.com update-sae1.cylance.com api.cylance.com download.cylance.com venueapi-sae1.cylance.com
	Required for CylanceOPTICS : cylance-optics-files-sae1.s3.amazonaws.com opticspolicy-sae1.cylance.com content-sae1.cylance.com rrws-sae1.cylance.com collector-sae1.cylance.com scalar-api-sae1.cylance.com cement-sae1.cylance.com
	Required for the CylanceGATEWAY agent: idp.blackberry.com quip.webapps.blackberry.com br1.cs.blackberry.com Required for the CylanceGATEWAY Connector : deb.nodesource.com Required for the CylanceGATEWAY agent and the CylanceGATEWAY Connector : br1.bg.blackberry.com For more information, see KB79017.
GovCloud	Required for logging in to the Cylance console: login.us.cylance.com idp.blackberry.com idp.cs.cylance.com
	Required for CylancePROTECT Desktop : data.us.cylance.com protect.us.cylance.com update.us.cylance.com api.us.cylance.com download.cylance.com download.us.cylance.com venueapi.us.cylance.com
	Required for CylanceOPTICS : cylance-optics-files.us.s3.amazonaws.com opticspolicy.us.cylance.com rrws.us.cylance.com collector.us.cylance.com scalar-api.us.cylance.com cement.us.cylance.com

CylancePROTECT Mobile
app

The

CylancePROTECT Mobile

app requires a secure, direct connection to the following URLs to communicate with the

CylancePROTECT Mobile

cloud services. If devices are connected to your organization's

Wi-Fi

network, your network configuration must allow connections to:

CylancePROTECT Mobile

cloud service:

US: https://us1.mtd.blackberry.com

JP: https://jp1.mtd.blackberry.com

EU: https://eu1.mtd.blackberry.com

AU: https://au1.mtd.blackberry.com

SP: https://br1.mtd.blackberry.com

Common services gateway:

US: https://us1.cs.blackberry.com

JP: https://jp1.cs.blackberry.com

EU: https://eu1.cs.blackberry.com

AU: https://au1.cs.blackberry.com

SP: https://br1.cs.blackberry.com

https://score.cylance.com

https://idp.blackberry.com

https://mobile.ues.blackberry.com

Section:

Cylance Endpoint Security requirements

Cylance Endpoint Security network requirements

Cylance Endpoint Security agents

CylancePROTECT Mobile app

Cylance Endpoint Security
network requirements

Cylance Endpoint Security
agents

CylancePROTECT Mobile
app