• Cloud Detection Servers are bound with a specific Enforce, this is why there is no procedure for such action. 
• If there is a need to move one server to another, open a case with support. 

Cloud Detection Servers are bound with a specific Enforce, this is why there is no procedure for such action. 
However, if there is a need to move one server to another please follow the steps below: 

1. Because incidents created for one Enforce cannot be shipped to a different Enforce Server, before migrating you should first stop all traffic from being sent to the Detector.
2. Depending on the type of Cloud Detector, do one of the following:
   • CloudSOC
     • De-activate the Enforce Managed DLP instance in the CloudSOC (note: do not Remove, just De-Activate) Portal+
     • Document/Backup (screenshot, or print to pdf) Existing Cloud applications from Enforce associated with the cloud detector under Manage > Application Detection > Configuration. Please ensure you open each individual application and take a screenshot, or print to pdf of each one not just the list. 
     • Document/Backup (screenshot, or print to pdf) Advanced detector settings for the Cloud detector server under System > Servers and Detectors > Overview - click on your Cloud detector server then click on the Server Settings button to access the Advanced Server settings page. You can use this information later to modify any settings required on the new Enforce server for the Cloud detector (e.g. ContentExtraction.EnableMetaData = off/on) that had been modified in the old Enforce server. For more detail see Advanced detector settings (16.0.2 - techdocs.broadcom.com)
     • Delete the cloud applications under Manage > Application Detection > Configuration. This is a necessary step to delete the detector from the Enforce.
   • WSS
     • Disable the Scanning of All Traffic in WSS
   • O365
     • Disable DLP transport rule in O365 / Gmail to stop sending messages through the service
3. Remove the CDS from old Enforce server by deleting it on System > Servers and Detectors > Overview.
4. Open a case with Support to unbind specific Detector ID from original Enforce Server. 
5. The Cloud Support team will:
   • unbind specific detector ID from Enforce
   • generate and provide new Enrollment Bundle which can be used to connect to the new Enforce Server
6. After the detector has been rebound.
   • Ensure the newly re-added detector shows as 'Connected' in the Enforce Console 
   • CloudSOC
     
     • Re-create applications removed in step 2 under Manage > Application Detection > Configuration.
     • Re-activate the Enforce Managed DLP instance in the CloudSOC Portal 
     • Re-sync cloud applications from Enforce under Manage > Application Detection > Configuration.
   • WSS
     • Re-Enable the Scanning of All Traffic in WSS
   • O365
     • Re-Enable the DLP Transport rule in O365 / Gmail to resume sending messages through the service. 

For more detailed steps on migration, please see You need to migrate your Cloud Service Detector to a new Enforce Server (broadcom.com).