How to Set Up a Cylance Account for a Client
Jones IT partners with Cylance’s MSP program, which allows us access to Cylance’s Multi-Tenant Portal, where you can add/remove customers as tenants.
-We can add/remove licenses on our own at any time. You don’t need to request anything from Cylance. Just go to the MultiTenant portal, create a tenant (if there isn’t already one for the client) and then you can start deploying.
-Each time you install Cylance on a client device, you’ll have to add the client’s token, which can be found under their tenant account. By using the client’s token, the device is added to the right tenant and a license is added.
-We currently deploy licenses for CylanceProtect and CylanceOptics. CylanceProtect is the regular antivirus that we’ll use in most cases. CylanceOptics is the same as CylanceProtect, but it adds extra functionality for identifying the precise source of an attack. CylanceOptics is a good choice for our more security-focused clients.
-Cylance invoices Jones IT monthly based on the number of devices in the tenant.
-Jones IT will bill the client monthly for each device in the client’s tenant.
-Jones IT charges $5/mo for CylanceProtect and $6/mo for CylanceOptics.
How to add a client tenant:
- Log onto the Cylance Multi-Tenant Portal at https://pioneer.cylance.com/#/auth/login (credentials are in lastpass and in JIT masterdoc)
- If the client doesn’t already have a tenant account, click on Add New Tenant.
- Fill out the form, add our firstname.lastname@example.org email account in the optional field, turn on all features, put 1 for the license counts (we can add more whenever we want). Click Save & Finish
- From the Tenant list, click on the eyeball icon to manage the client.
- Set up the default policy. When we deploy Cylance to a device, the default policy will be applied by default. This policy should be a Monitor Only policy, meaning that it will report any suspected threats, but it won’t block them. This is important because initially, there may be a bunch of false positives and we don’t want to block things for the client that they actually use. For example, when deploying at Jones IT, Cylance was suspicious of ClipMenu, which a lot of us use. Instead of blocking it right away, Cylance reported it and we were able to whitelist ClipMenu in our entire organization so that it knows not to block that specific app.
- Go to the settings menu and click on Device Policy.
- Click on the Default Policy.
- Apply only the settings indicated below:
- Note: You can always refer to Jones IT’s tenant and look at our Default Policy and make your client’s tenant look the same. Jones IT’s tenant is located in a different place. You can access it at: https://login.cylance.com/Login and login with the LastPass entry labeled “Cylance NFR Account for Internal Use”
- Now you are ready to start deploying at the client. To deploy, you’ll need the installer package and the client token. Both are found under Settings, Application.
- Depending on the client, we can automate deployment with Fleetsmith (Mac) or Group Policy (Windows), or manually.