Deploying the Secure Access Module to Endpoints

Select available endpoints to deploy the Secure Access Module to or remove it from the en dpoints through the Agent.

  1. On the Trend Micro Vision One console, go to Zero Trust Secure Access > Private Access Configuration, and then click the Endpoints with Secure Access Module in the upper-right corner.

    The Available Endpoints tab appears, displaying the endpoints in your environment that have already been deployed with the Agent Installer.

    Important:

    The Secure Access Module can be deployed to endpoints only through the Agent. Ensure that you install the Agent to all required endpoints first.

    Because the Secure Access Module is supported only on Windows 10 (32-bit, 64-bit) Version 1607 and later, and macOS High Sierra (10.14) and later, make sure that the endpoints that you install the Agent on are running on the supported operating systems.

  2. If there are endpoints not yet installed with the Agent, click Download the Agent Installer to download and install the Agent to the required endpoints.

    For more information about the Agent and how to deploy it to endpoints in your environment, see Endpoint Inventory.

    After these endpoints are successfully installed with the Agent, they appear on the Available Endpoints tab.

  3. Select Endpoints with no module deployed, Endpoints with the module deployed, or All endpoints from the drop-down list to view the endpoints deployed with the Module or not.
  4. Deploy the Secure Access Module to endpoints.
    1. Select one or several endpoints not yet deployed with the Module and click Deploy Module.
    2. On the Deploy Secure Access Module screen that appears, confirm the selected endpoints and click Deploy.

      The Available Endpoints tab appears, showing Deploying in the Module deployment status column of the corresponding endpoints.

    3. Wait for a while.

      If the deployment succeeds, a confirmation message appears in the lower-right corner. If the deployment fails for some endpoints, an error message appears in the same place, providing an Action Required button for further processing. For more information, see step 6.

  5. (Optional) Remove the Secure Access Module from endpoints.
    1. Select one or several endpoints deployed with the Module and click Remove Module.
    2. On the Remove Secure Access Module screen that appears, confirm the selected endpoints and click Remove.

      The Available Endpoints tab appears, showing Removing module in the Module deployment status column of the corresponding endpoints.

    3. Wait for a while.

      If the deployment succeeds, a confirmation message appears in the lower-right corner. If the deployment fails for some endpoints, an error message appears in the same place, providing an Action Required button for further processing. For more information, see step 6.

  6. Resolve Secure Access Module deployment and removal issues.
    1. Click the Action Required tab.

      The endpoints that failed in module deployment or removal appear, with errors displayed under the Module deployment status column for each individual endpoint.

    2. Select one or several endpoints to deploy or remove the Module again.

      For operating system issues, upgrade the endpoints to the supported operating systems and try again. For other issues, contact your support provider.

Instruct end users to find the Trend Micro Zero Trust Secure Access app on their endpoints and sign in with their company account credentials when they need to visit internal apps of your organization.

Note:

For endpoints running macOS, instruct end users to allow Trend Micro Zero Trust Secure Access notifications on the first launch, so that they can be notified when their access to an app is blocked.

For endpoints running Windows, instruct end users to allow Trend Micro Zero Trust Secure Access to communicate through Windows Defender Firewall if prompted.

After an end user signs in to the app, the end user can click View accessible corporate applications to check a list of internal apps allowed to access. The list may change based on the secure access rules applied to that end user.