Deploying the Secure Access Module to legacy Endpoint Inventory agents

Procedure

1. In the Trend Vision One console, go to Zero Trust Secure Access → Secure Access Configuration → Secure Access Module.
2. Decide the way you want to use to deploy the Secure Access Module.
   • To deploy to individual endpoints, go to step 3.
   • To deploy to entire endpoint groups, go to step 4.
3. Deploy the Secure Access Module to individual endpoints by performing the following steps.
   1. Click Endpoints → Endpoint List.

      Note The Endpoint List screen only displays endpoints that have the agent program installed. You can download and install the agent program on additional endpoints by clicking Download the Agent Installer. For more information, see deploying the agent and Secure Access Module system requirements.

   2. Filter out the desired endpoints by selecting Endpoints with no module deployed or using the search text box.
   3. Select one or more endpoints that you want the Secure Access Module deployed to and click Deploy Module.
   4. On the Deploy Secure Access Module dialog that appears, confirm the selected endpoints and click Deploy.
4. Deploy the Secure Access Module to endpoint groups by performing the following steps.
   1. Click Endpoints → Endpoint Groups.

      Note The Endpoint Groups screen displays all the endpoint groups created in the Endpoint Inventory app. You can manage endpoint groups and reassign endpoints by clicking Create Endpoint Group to open Endpoint Inventory.

   2. Filter out the desired endpoint groups by selecting Endpoint groups with no module deployed or using the search text box.
   3. Deploy the Secure Access Module to all displayed endpoint groups by selecting Deploy/Remove Module → Deploy to All Groups, or deploy to one or several endpoint groups by selecting the desired groups and clicking Deploy Module.
   4. If you have previously removed the Secure Access Module from some endpoints of the selected endpoint groups individually on the Endpoint List screen, a confirmation dialog appears. Decide whether to exclude certain endpoints from the deployment by clicking Skip or Skip All, and then click Deploy.
   5. On the Deploy Secure Access Module dialog that appears, confirm the selected endpoint groups and click Deploy.
5. Monitor the deployment status on the Endpoint List or Endpoint Groups screen. If an error occurs during deployment, click the Action required tab for detailed information.
6. Instruct your end users to sign in to the Secure Access Module app to transfer connection attempts to configured Private Access Connectors or Internet Access Gateways that enforce Private Access and Internet Access rules.

   Note For Windows endpoints: The Secure Access Module enforces user authentication before the user can connect to the internet. Uninstallation of the Secure Access Module can only be performed by an administrator. For macOS endpoints: End users must set up required permissions before a deployed Secure Access Module can be installed. For more information, see Setting up permissions for the Secure Access Module on macOS endpoints. The Secure Access Module does not block access to the internet before enforcing user authentication.

7. Configure the module update settings by performing the following steps.
   1. Click Module Update Settings.
   2. Select the Windows or macOS version you want to update the module to. To automatically update the module when a new version is available, select Latest Version.
   3. To change the active hours of automatic updates, select Change active hours: and specify the times for active hours. Trend Vision One will not automatically update the module during active hours.
   4. To update only specific endpoints to the latest version for testing purposes, select Update specific endpoints to the latest version. Click Add endpoints, select endpoints from the Available endpoints list, and then click Add.
   5. Click Save.