search cancel

Activating the DLP Cloud Service via the Cloud Management Portal (CMP)

book

Article ID: 184719

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Package Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention

Issue/Introduction

You have purchased the Cloud Service for DLP and want to activate it. You have been sent a link to the Data Loss Prevention (DLP) Cloud Management Portal (CMP).

Cause

You have purchased the Cloud Service, but do not have a bundle that will let you enroll with the service.

Environment

  • Data Loss Prevention Cloud Detection Service - whether for the CloudSOC, for WSS, or for a Custom REST Detector
  • Data Loss Prevention Cloud Service for Email

Resolution

For clarification, all customers of the DLP Cloud Service need to login to the CMP in order to gain access to the Cloud Service: https://cmp.protect.broadcom.com/

Below are the steps you will need to follow in order to get your Cloud Service "provisioned" - and to receive your enrollment bundle:

  1. Purchase the Cloud Service.
  2. Confirm receipt of a "Welcome email" directing you to login to the Cloud Management Portal.
    • FYI: The CMP account as setup uses the same SSO method to sign in as the account you would use to access your Support cases on the Broadcom portal (e.g., you need an account in Okta).
    • Once successfully logged in to the CMP, your account will appear as "Enabled" to the Technical Support teams. Otherwise it shows up as "New" and we will advise you to complete this step.
  3. Next you need to verify the setup of the Cloud Detection Service needed.
    The details submitted will vary somewhat with each type of Cloud Detector:
    • For ALL Detector types: The email address of a DLP "Admin". The Cloud Operations team may use this info to contact you and your team directly, as in the event of an issue with your Cloud Service. Thus, this should be not be an individual email address - we suggest you use a Distribution List.
    • For ALL Detector types: The region where you need your Detector to be "housed" - either EMEA or US. At this time, APJ customers should choose the US region.
    • For Cloud Service for Email entitlements, you need to verify your email setup or mailflow - designating the MTA you will be using with the Cloud Service. It needs to be one of the following supported configurations:
      • Forwarding mode - the "next hop" after DLP is Email Security.cloud - aka "MessageLabs". Note: Customers need to provide their Email Security.cloud user name as part of this configuration. This is also known as the "Clientnet" ID [Detector MIN CREF], and is always 3 letters followed by 4 numerals, e.g., ABC1234:
        • G-Suite/Google for Work gmail => DLP Cloud Service for Email => Email Security.cloud
        • O365 => DLP Cloud Service for Email => Email Security.cloud
      • "Hybrid" mode - actually also a "Forwarding mode" option: a Hybrid mode Detector will accept messages from your on-prem Exchange or from your O365 tenant:
        • Exchange / O365 => DLP Cloud Service for Email => Email Security.cloud
      • Reflecting mode - only available for customers of O365/M365: no Email Security.cloud integration is needed, instead, messages go back to O365 for final transport and delivery:
        • O365 => DLP Cloud Service for Email => O365
      • NOTE: there are no other supported configurations for the Cloud Service for Email at this time. 
  4. Until you actually submit its configuration, the status of your entitlements will have a wrench icon:
    • When you've successfully submitted your configuration its status will change to this icon:

      At this point, your new Cloud Detector should be provisioned within 1-2 business days.

When provisioning is complete, the Cloud Operations team will send a second Welcome Email to the DLP Admin as submitted above - including the Enrollment Bundle and configuration details.

The bundle email will be sent from "[email protected]".

*Until the configuration has been submitted as above, no provisioning will have occurred, and no bundle can be issued.*

Additional Information

If you've already completed the steps above, and for any reason need a new enrollment bundle, please contact Technical support. As per this article, the bundle generation feature is not currently working in the CMP.

Attachments