ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Activating the DLP Cloud Service via the Cloud Management Portal (CMP)
Article ID: 184719
Data Loss Prevention Cloud Service for EmailData Loss Prevention Cloud Detection ServiceData Loss Prevention Cloud PackageData Loss Prevention Cloud Detection Service for ICAPData Loss Prevention Cloud Detection Service for RESTData Loss Prevention
You have purchased the Cloud Service for DLP and want to activate it. You have been sent a link to the Data Loss Prevention (DLP) Cloud Management Portal (CMP).
You have purchased the Cloud Service, but do not have a bundle that will let you enroll with the service.
Data Loss Prevention Cloud Detection Service - whether for the CloudSOC, for WSS, or for a Custom REST Detector
FYI: The CMP account as setup uses the same SSO method to sign in as the account you would use to access your Support cases on the Broadcom portal (e.g., you need an account in Okta).
Once successfully logged in to the CMP, your account will appear as "Enabled" to the Technical Support teams. Otherwise it shows up as "New" and we will advise you to complete this step.
Next you need to verify the setup of the Cloud Detection Service needed. The details submitted will vary somewhat with each type of Cloud Detector:
For ALL Detector types: The email address of a DLP "Admin". The Cloud Operations team may use this info to contact you and your team directly, as in the event of an issue with your Cloud Service. Thus, this should be not be an individual email address - we suggest you use a Distribution List.
For ALL Detector types: The region where you need your Detector to be "housed" - either EMEA or US. At this time, APJ customers should choose the US region.
Forwarding mode - the "next hop" after DLP is Email Security.cloud - aka "MessageLabs". Note: Customers need to provide their Email Security.cloud user name as part of this configuration. This is also known as the "Clientnet" ID, and is always 3 letters followed by 4 numerals, e.g., ABC1234:
G-Suite/Google for Work gmail => DLP Cloud Service for Email => Email Security.cloud
O365 => DLP Cloud Service for Email => Email Security.cloud
"Hybrid" mode - actually also a "Forwarding mode" option: a Hybrid mode Detector will accept messages from your on-prem Exchange or from your O365 tenant:
Exchange / O365 => DLP Cloud Service for Email => Email Security.cloud
Reflecting mode - only available for customers of O365/M365: no Email Security.cloud integration is needed, instead, messages go back to O365 for final transport and delivery:
O365 => DLP Cloud Service for Email => O365
NOTE: there are no other supported configurations for the Cloud Service for Email at this time.
Until you actually submit its configuration, the status of your entitlements will have a wrench icon:
When you've successfully submitted your configuration its status will change to this icon:
At this point, your new Cloud Detector should be provisioned within 1-2 business days.
When provisioning is complete, the Cloud Operations team will send a second Welcome Email to the DLP Admin as submitted above - including the Enrollment Bundle and configuration details.
*Until the configuration has been submitted as above, no provisioning will have occurred, and no bundle can be issued.*
If you've already completed the steps above, and for any reason need a new enrollment bundle, please contact Technical support. As per this article, the bundle generation feature is not currently working in the CMP.