Connecting Datto RMM to Kaseya MDR

This article explains how to connect Datto RMM with Kaseya MDR so endpoint and operational telemetry from Datto RMM can be ingested, associated with the correct organizations, and used by the MDR service to support detection, investigation, and response.

Use this article to:

  • Prepare Datto RMM for API access

  • Connect Datto RMM to Kaseya MDR

  • Map Datto RMM organizations to MDR organizations

  • Decide whether to enable optional Microsoft Entra Device ID mapping

  • Verify that Datto RMM devices contribute context to MDR analysis

This article covers integration setup and telemetry association only. It does not cover Datto RMM agent deployment, automation, scripting, alert tuning, or response logic. Detection and response behavior is managed by the Kaseya MDR service and SOC workflows.

How the Datto RMM integration works in Kaseya MDR

Datto RMM is an MSP‑managed remote monitoring and management platform. When connected to Kaseya MDR, Datto RMM provides endpoint and operational activity that supplements MDR detection and investigation with additional device context.

Datto RMM is connected once at the partner (MSP) level to authorize API access. It is not connected separately for each customer organization.

Instead:

  • A Single Datto RMM integration is established.

  • Customer onboarding is handled through organization mapping.

  • Mapping determines how Datto RMM telemetry is scoped and associated within Kaseya MDR.

  • Mapping does not create additional integrations or API connections. It controls how data from the single Datto RMM connection is presented to the MDR service.

Kaseya MDR observes Datto RMM‑generated activity. It does not manage Datto RMM agents, policies, scripts, jobs, or enforcement settings.

What this integration does and does not do

This integration does:

  • Establish API access between Datto RMM and Kaseya MDR

  • Associate Datto RMM telemetry with MDR organizations

  • Make Datto RMM device and operational activity available to the MDR service for investigation and response context

This integration does not:

  • Deploy or manage endpoint agents

  • Configure Datto RMM automation, monitoring policies, or scripts

  • Replace Datto RMM administrative workflows

  • Allow customers to control detection logic, alert thresholds, or response actions

Agent deployment and endpoint management are handled in separate articles.

Requirements and permissions (Datto RMM)

Before connecting Datto RMM to Kaseya MDR, complete the following steps in Datto RMM.

Step 1: Enable global API access

  1. Sign in to Datto RMM as an Administrator.

  2. From the side navigation menu, go to Setup > Global Settings.

  3. Turn on Enable API Access.

  4. Click Save and confirm.

IMPORTANT  API keys cannot be generated until global API access is enabled. Make sure you click Save and confirm.

Step 2: Create or select an API user

  1. Go to Setup > Users and select an existing user, or click Create user.

  2. Configure the user with the following details:

    • Component Level: Super (5)

    • Security Levels: Administrator

Step 3: Generate API keys

  1. Open the selected user.

  2. Scroll to the API section.

  3. Click Generate API Keys.

Immediately copy:

  1. API URL

  2. API Key

  3. API Secret Key

IMPORTANT  The API Secret Key is displayed only once and cannot be recovered later. All API access configuration is completed in Datto RMM.

Connecting Datto RMM to Kaseya MDR

  1. In Kaseya MDR, go to Settings > Integrations.

  2. Click + New Integration.

  3. When prompted, select an organization for this integration.

    • Choose an internal or MSP‑level organization (for example, an admin or operations organization).

    • This organization is used as the default location for Datto RMM user activity until organization mapping is completed.

  4. Select Datto RMM to continue with the connection wizard.

    NOTE  If a message indicates a Datto RMM integration already exists, cancel unless you are intentionally connecting a separate Datto RMM instance. Creating duplicates can result in duplicate data.

  5. In Set Credentials:

    • Select your Datto RMM region (for example: Vidal, Merlot, Zinfandel).

    • Paste the API Key and API Secret Key.

    • Select Next.

If credentials are valid, the wizard proceeds to Organization Mapping.

Connection status

During initial connection, Kaseya MDR validates access and retrieves Datto RMM metadata. You may see status messages such as:

  • Initializing connection

  • Checking permissions

  • Downloading users

  • Retrieving security data

  • Refreshing token

These messages indicate that the integration is successfully establishing authorization and retrieving baseline data.

Organization Mapping

Organization mapping determines how Datto RMM telemetry is associated within Kaseya MDR.

Kaseya MDR processes two types of Datto RMM data:

  • User activity (Datto RMM users and the actions they perform)

  • Device activity (devices and their alerts/alarms)

These are handled differently.

User Activity Organization

All Datto RMM user actions are logged against a single MDR organization selected in User Activity Organization.

  • This value cannot be changed after the integration is created.

  • It is typically an internal or MSP‑level organization.

Best practice: Select an internal or administrative MDR organization, not a customer organization.

Device Organization Mapping

Devices and their alerts are ingested only for mapped organizations.

  • Datto RMM organizations that are not mapped will not have devices discovered.

  • Device context will not contribute to MDR analysis for unmapped organizations.

Each customer Datto RMM organization should be mapped to one MDR organization.

Automatic mapping (optional)

Automatically map organizations with 100% match maps organizations whose names exactly match between Datto RMM and SIEM (including case and spacing).

Use this option only if:

  • Organization names are identical across systems, and

  • Each Datto RMM organization represents a single customer.

If naming differs or one Datto RMM organization contains multiple customers, leave this option disabled and map organizations manually.

Selecting Datto RMM organization types

When mapping devices, select organization types that represent active devices:

  • Managed: Typical customer devices (recommended)

  • OnDemand: If applicable to your environment

  • Deleted Devices: Not recommended

After mapping

After saving organization mapping:

  • Allow up to 10–30 minutes for devices to appear.

  • Datto RMM device context becomes available in the MDR Analysis experience and contributes to SOC‑led detection and investigation.

Synchronization is not immediate. Allow several minutes after mapping changes.

Parameters: Microsoft Entra Device ID mapping

In the final step of the Datto RMM connection wizard, you may see an option to map a Microsoft Entra Device ID custom field from your RMM.

Microsoft Entra Device ID is not required for Unify to function, but it is one of the strongest correlation signals available. When present, it improves confidence when associating Microsoft Entra or Microsoft 365 activity with a known, managed device.

  • Technically: Optional. Unify can correlate using other signals (IP address, user activity, device metadata).

  • Practically: Strongly recommended in environments that rely on Microsoft identity signals or automated investigation decisions.

You can complete onboarding without this mapping and add it later if higher‑confidence device association becomes necessary.

Verifying the integration

After completing organization mapping:

  1. Go to Settings > Integrations > Datto RMM and confirm the status is Connected.

  2. Confirm that Datto RMM devices appear within relevant MDR organizations.

  3. Confirm that Datto RMM telemetry contributes endpoint context to alerts and investigations handled by the MDR service.

Synchronization is not immediate. Allow several minutes after mapping changes.

Disconnecting the Datto RMM integration

From Settings > Integrations > Datto RMM, you can select Disconnect Application to remove the Datto RMM integration.

When you disconnect the integration:

  • Historical Datto RMM data already ingested into Kaseya MDR remains available for investigation and reporting.

  • New data ingestion stops from the time of disconnection.

  • Datto RMM data is no longer applied toward billing from the point of disconnection forward.

Disconnecting the integration does not remove MDR organizations, mappings, or previously collected investigation context. To resume ingestion, the Datto RMM integration must be reconnected.

NOTE  Disconnecting the integration is different from organization mapping. If your goal is to adjust where data is associated, update organization mapping rather than disconnecting the integration.

Avoiding duplicate data

Only one Datto RMM integration should exist per Datto RMM instance.

If Datto RMM is connected more than once:

  1. Remove duplicate integrations.

  2. Retain a single connection.

  3. Re‑apply organization mapping as needed.

Related articles