Administration and configuration

The Administration and configuration section explains how Kaseya SIEM is governed and controlled at an administrative level. The articles in this section focus on structure, access, scope, defaults, and data governance, not on investigation workflows or day‑to‑day security operations.

Use this section when you need to understand how configuration choices affect platform behavior across organizations, how access is controlled, and how governance decisions influence visibility, retention, and SOC interaction.

The articles in this section explain:

How organizations define security, data, and configuration boundaries
How user access and permissions are managed and scoped
How global defaults and organization overrides affect platform behavior
How application behavior, visibility, and alert escalation are governed
How agent behavior and SOC authorization are controlled administratively
How data retention supports audits, reviews, and compliance requirements

These topics describe governance controls and configuration models, not how to investigate alerts or perform response actions.

Intended audience

This section is intended for users responsible for configuring and governing Kaseya SIEM at different levels, including:

MSP Admins, who manage global configuration, access boundaries, and governance
MSP Users with delegated or scoped administrative responsibilities
Security administrators and platform owners responsible for oversight, consistency, and compliance

Some articles describe settings that only MSP Admins can modify, while others apply to administrators who manage individual organizations or scoped configuration.

Articles in this section

The articles in this section are ordered to reflect a typical administrative and governance flow, from platform structure through compliance‑related controls:

Governance and access control

Managing organizations: Explains how organizations are created and managed, and how they define security, data, and configuration boundaries in Kaseya SIEM
User roles and permission boundaries: Describes how access is controlled, including organization visibility, role-based privileges, and delegated administrative capabilities
Setting up automatic user creation: Explains how user accounts are provisioned automatically through KaseyaOne authentication, and what this feature does—and does not—control

Scope, inheritance, and behavior model

Global defaults and organization‑level behavior: Covers how configuration scope works across Kaseya SIEM, including inheritance, global defaults, and organization‑specific overrides

Detection and visibility tuning

Application configurations: Describes how application‑level settings influence telemetry ingestion, detection context, and tuning, without replacing SOC‑managed logic
- Datto Ransomware Detection: Describes how Kaseya SIEM applies automated response actions following ransomware detections and how those actions fit into investigation and escalation workflows
- Defender Manager: Describes how Microsoft Defender endpoint protection behavior is configured in Kaseya SIEM and what those settings influence during investigation

Power Filters and allowlisting logic: Explains how visibility controls are used to reduce noise and focus investigations without stopping ingestion or disabling detection

Delivery, integrations, and automations

Application licensing requirements: Lists the external licensing prerequisites required for applications and integrations to function with Kaseya SIEM

Notification, PSA, and external communications: Describes how Kaseya SIEM routes alerts to PSAs and email recipients after alerts are generated.
- Integrating Autotask with Kaseya SIEM: Explains how to configure Autotask as a PSA integration so alerts generated in Kaseya SIEM are delivered as tickets. This article focuses on ticket routing, organization mapping, and ticket parameters, clarifying that the Autotask integration controls alert delivery only and does not affect detection logic, severity, investigations, or SOC response behavior.

Configuring SOC settings: Describes how SOC communication preferences, organization‑specific context, maintenance windows, and authorization boundaries are defined.

API access and webhook governance: Explains how Kaseya SIEM controls and governs API access and outbound webhook communication through policy acceptance, credential management, and approved destination domains.

Unify configuration and context association: Explains how Unify correlates cloud activity with managed endpoints in Kaseya SIEM by associating user, device, and identity context from connected platforms

Setting up and using Fortify: Explains how Fortify is enabled and used in Kaseya SIEM to assess and improve Microsoft tenant security posture using Secure Score–driven recommendations.

Operations, agents, billing, and compliance

Agent deployment and behavior

Deploying agents: Explains how agents are deployed to endpoints, including supported deployment methods, prerequisites, and platform consistency
Deployment the agent using Datto RMM: Explains how to deploy the agent to Windows endpoints using Datto RMM, including component‑based and PowerShell‑based deployment options

Advanced agent settings and organization overrides: Explains how agent behavior is governed through global defaults and organization‑specific overrides, including resource usage limits and logging behavior

Billing and data governance

How billing and monitoring apply to accounts: Explains how billing classification and monitoring behavior are represented in Kaseya SIEM, including the difference between billable and monitored accounts, how usage appears at the organization and account levels, and how billing classification does not affect detection, investigation, or response behavior. This article helps administrators interpret account‑level context and usage discrepancies for governance, review, and compliance purposes.

Understanding license type selection and product association: Explains how license type selection at the organization level determines which products an organization is associated with and how billing context is applied. This article helps partners understand when and why organizations may appear in multiple products and how to avoid unintended multi‑product billing.

Data retention and governance: Explains how Kaseya SIEM retains and manages data from a governance and compliance perspective, including retention periods and searchable data availability

Relationship to the rest of the documentation

The Administration and configuration section provides the governance layer for all other workflows:

Using Kaseya SIEM explains how to investigate and analyze activity.

Detection, IOCs, and Respond rules explains how detection logic and automation are defined.

Investigation and response explains actions taken after alerts occur.

Reporting, compliance, and evidence focuses on audits, outcomes, and regulatory needs.

Configuration and governance choices made in this section directly influence how those workflows behave, even though they are documented elsewhere.

Intended use cases

Use the Administration and configuration section:

During initial platform setup

When reviewing or changing access and permission boundaries

When defining or reviewing defaults, overrides, and visibility controls

When troubleshooting behavior differences between organizations

When preparing for audits, reviews, or compliance discussions

As a reference when coordinating with Support, Product Management, or internal security teams

These articles are designed to support deliberate, informed configuration, not rapid operational decision‑making.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.