Onboarding a new customer in Kaseya MDR

This article is intended for MSPs and partners onboarding customers into an existing Kaseya MDR environment. It provides a recommended order of operations for repeatable customer onboarding, followed by optional post‑onboarding checks.

This checklist assumes platform access and any cross‑product account associations have already been explicitly completed. It does not assume inheritance from other tenants or products.

This article is intentionally concise and task‑based, and acts as a checklist and navigation aid. Each step links to more detailed documentation with configuration guidance based on your environment, enabled integrations, and security stack.

Some setup steps may also be guided in‑product. This checklist consolidates required and optional activities for onboarding that may not all appear in in‑app guidance.

The order prioritizes organizational context, signal quality, and endpoint visibility before tuning alerts and response workflows.

Initial setup

Initial Power Filter configuration establishes a baseline. Post‑onboarding review focuses on adjusting filters and suppressions based on observed alert behavior.

Complete the following steps for each new customer you onboard.

  1. Create the organization: Create an organization manually or import it from a supported PSA. See Managing organizations.

  2. Configure Power Filters: Configure Power Filters early to reduce noise and help ensure alerts are relevant as telemetry begins ingesting. See Power Filters and allowlisting logic.

  3. Connect identity providers: Connect Microsoft 365 and/or Google Workspace to ingest identity, authentication, and activity telemetry used by MDR detections and investigations. See Connecting data sources and integrations.

  4. Connect and map endpoint security: Ensure the organization is connected and mapped to existing endpoint security platforms used in their environment. This allows Kaseya MDR to correlate detections, investigations, and response actions with endpoint telemetry. See Connecting data sources and integrations.

  5. Deploy Kaseya MDR agents: Deploy agents to organization endpoints using your preferred deployment method (for example, RMM, GPO, macOS, or Linux). See Deploying agents.

  6. Integrate network or firewall telemetry (optional): If applicable, configure supported firewall or network telemetry sources to provide additional network‑level visibility. See Network and syslog ingestion.

  7. Configure alert delivery and ticketing: Configure PSA ticketing integrations or email notifications to ensure alerts are routed to the appropriate operational channels. See Notifications, PSA, and external communications.

Post‑onboarding checks

After initial setup is complete, review and tune the environment.

  1. Review alerts and tune filtering: Review early alerts for the organization and adjust Power Filters or suppressions as needed. See Working with alerts, Managing noise and signal, and Alert suppression.

  2. Review IOC and response workflows (if used): Build or refine indicators of compromise (IOCs), response actions, or notifications for recurring or high‑risk activity. See Indicators of compromise (IOCs) and Respond actions.

  3. Review SOC Settings: Review SOC authorization settings to ensure response permissions align with organizational expectations. See Configuring SOC settings.

  4. Validate organizational context and mappings: Confirm that endpoints are correctly associated with the intended organizational context and that these associations are visible during investigation. See Unify configuration and context association.

  5. Review accounts and access: Audit user accounts to ensure access is appropriate and understand how monitoring and billing classifications are represented. See How billing and monitoring apply to accounts.

  6. Review application‑level response behavior (optional): Review detection‑specific behavior that may perform automatic actions (for example, ransomware isolation). See Application Configurations.

Ongoing operational hygiene

Perform the following activities on an ongoing basis:

  • Continue reviewing alerts and refining Power Filters as organization environments change.

  • Adjust suppressions and response workflows based on operational feedback.

  • Review reports to identify coverage gaps or opportunities.