DLP Agent behavior is determined through what Agent Configuration it has, and which Policies it has received. This article is a high-level overview of the design whereby the agents are assigned configurations and policies.

The following graphic demonstrates these relationships visually:

Key Principles:

• Agents must be assigned to an Endpoint Server in order to receive Policies and Configurations.
  • Endpoint Server Assignment Methods:
    • Using the ENDPOINTSERVER parameter at installation time.
    • By selecting agents from the Agent List page in the Enforce server Console and using the "Change Server" feature.

• All Endpoint Servers receive all active Configurations.
• Each Endpoint Server receives only those policies contained within Policy Groups that have been assigned to it.

• Agent Configuration objects must be assigned to an Agent Group and will be applied to the agents within that group.
• Agents must be added to an Agent Group which has an Agent configuration assigned, in order to receive a Configuration
  • Agent Group Assignment Methods:
    • Dynamically by agent/user attribute
    • Manual assignment:
      • Statically entered in the "Always include these agents" field of the Agent Group page.
      • By selecting agents from the Agent List page in the Enforce Server Console and using the "Change Group" feature.
        Note: Using the "Change Group" feature of the Enforce Server Console puts the agent in the "Always include these agents" list of the selected Agent Group.

• Policies must be assigned to Policy Groups.
  • Policy Groups must be assigned to Endpoint Servers in order for the Policies to then be associated with the Agents that have been assigned to that particular Endpoint Server.