When creating a new Data Loss Prevention (DLP) Cloud Detection Service entry in the CloudSOC, the following occurs:
There is more than one option for adding an "appliance" in the CloudSOC UI. In this case, you may have selected the wrong option. For example, "Symantec" is not a valid vendor.
During the next steps, as per the Using CloudSOC CASB with Symantec DLP Cloud guide, you need to "Activate" and "Connect" the DLP appliance.
However, when trying to "activate" it after previously using only Content IQ (CIQ) in the CloudSOC, you may be presented with a new notification:
Clicking 'Confirm' indicates you are converting your tenant to Enforce Managed DLP. There is no way to undo this action.
This is what integrating with the "Enforce Managed DLP" looks like in the CloudSOC if you converted from CIQ to the Global Detector, if you never had a DLP "External Appliance" integrated with your CloudSOC.
In some instances, it may make sense to cancel the "Activate" option. The CDS will still be listed, but not activated.
Note: If the entry is removed from the CloudSOC UI, a new token for registering is required (available from Support).
Thus, this install would be running with the previously configured CIQ policies, except that these are now limited to what remains of the CloudSOC CIQ, post-transition.
For reference, see the advisory ContentIQ Deprecation, and Changes to CloudSOC Content Inspection. At the bottom of this advisory, note how previously configured CIQ content needs to be modified for anyone who is using the "Global Detector" option, instead of moving to "Enforce Managed DLP":