Summary
Trend Micro™ XDR collects and correlates deep activity data across multiple vectors - email, endpoints, servers, cloud workloads, and networks. This enables a level of detection and investigation that is difficult or impossible to achieve with SIEM or individual point solutions. With XDR Complimentary Access, you can now add XDR capabilities to 10% of your licensed seats for the length of your contract (e.g. 5,000 Apex One users = 500 free XDR licenses).
This article provides the processes for on-boarding and migration to paid license.
Details
Basic Rules
- Complimentary XDR for on-premise only can be initiated from Apex One On-Premise Server.
- Apex Central On-Premise Server (which needs to be Patch 1+) may display XDR open console if its managed Apex One On-Premise successfully onboarded the Complimentary XDR.
Prerequisite for XDR Complimentary access
- Have a valid Apex One License that is not expired or still in its grace period
- No active XDR or Apex One EDR Full license
- No active XDR or Apex One EDR trial license
- XDR not previously activated & on-boarded
- Americas/Europe customers whose Apex One License seat count >= 100 or AMEA/Japan customers whose Apex One License seat count >=250
Standalone TMES license is considered as on-premise EDR license, but customers may opt to try flywheel if they removed the TMES agent.
How to enable Complimentary XDR on Apex One On-Premise?
- Apply Apex One Patch 3 B8358.
- Accept "Enhanced Support Service" here or accept it in a later step.
- The blue bar will appear (controlled by backend)
- BB -> Promotion Window
- XDR Console -> APT -29 Demo (tutorial)
- BB -> XDR Console
- 10% recommended list
- If "Enhanced Support Service" was not accepted in the previous step, the GUID will be shown first, but this will still need to be accepted to move on.
- select by hostname
- If not fully using 10%, a popup will recommend 25 clients every time
- 10% recommended list
- iES deployment: XBC Agent <=> Endpoint Inventory Service (XBC Backend)
- BB -> Promotion Window
How to migrate if you would like to use XDR on more agents and get access to Response features?
- You need to purchase an XDR Add-on license (SaaS).
- Once this license is active from CLP, you can migrate Apex One On-Premise to Apex One as a Service and enable XDR.
- Use the server migration tool to migrate settings from on-premise to SaaS.
- Move agents from on-premise to SaaS.
- Deploy Apex One policy to target endpoints.
- In the above step, it is also possible to enable Endpoint Sensor from the chosen policy to the agents selected. Free EDR on these agents will be disabled automatically when Apex One enables full mode EDR.
Endpoint Sensor enabled on XDR Inventory App won't be passed to Apex One SaaS (limitation in June release).
- A cross-check on Apex Central console can also be done by using the filters below to know which endpoints have enabled Endpoint Sensor.
