Agent deployment improvements
under review
A
Advanced IT
Currently the deployment of windows event ingest agents feels clunky and slow unless an entire organization is targeted, we'd like the ability to easily add agents in bulk without having to mass select an organization. The current override onboarding achieves this albeit slowly and individually, the primary reason is device role targeting, e.g. servers vs desktops.
We'd also like a means to onboard the agent via CLI so we can automate its onboard process, we are restricted to the override function and it must be manually maintained currently which is prone to human error.
Nate O'Brien
marked this post as
under review
We're currently in the process of revamping our windows logging enrollment user experience, which should streamline this process to a large degree. However - it does not fundamentally change how we do the organization enablement and overrides. Creating a bulk select is something that we were interested in doing, however we have very large organizations with thousands of agents, which can slow down the page significantly when trying to operate on thousands of entries in a single frame.
It's a great suggestion to both have that functionality, and have the ability to differentiate between OS types (workstation / server) in the enablement page. We'll keep this in mind for future improvements.
I would suggest creating a separate feature request under Managed EDR for the CLI installation, though I've flagged this request for their attention as well!
Thanks for the great feedback!