Domains missing after saving the configuration for a new Cloud Detector in CMP

book

Article ID: 223584

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package

Issue/Introduction

You've added a list of emails domains as requested part of configuring a new Cloud Detection Server (CDS), in the Cloud Management Portal (CMP).

Cause

Email domains were previously required in order to set the configuration of "accepted sender domains" for the Cloud Service for Email.

Environment

Release : 15.7+

Component :

Resolution

When customers login to CMP to configure a Cloud Detector - they have to provide several details,depending on what kind of CDS is being configured.

For Email Detectors, the list includes: 

  • Which region for your Cloud Service (US or EU)
  • Which type of Email your company is using (Gmail, O365, Exchange)
  • Which mode of Email Service (Reflecting, Forwarding)
  • Which sending domains are expected for emails being accepted for the service?

As it turns out, the "domains" are no longer an essential detail - because that list is actually obtained AFTER the provisioning of a new Cloud Service for Email Detector:

  1. For a Cloud Email Detector in Forwarding mode - the list of email domains actually comes via a script FROM Email Security.cloud (the downstream MTA for all customers in Forwarding mode)
  2. For a Cloud Email Detector in Reflecting mode (O365 only) - the list of email domains actually comes FROM the Enforce Server, as configured by customers*.

*The reason we used to require email domains was that prior to DLP 15.1 MP1, customers in Reflecting mode couldn't manage domains via the Enforce Server, so the DLP Cloud Operations team entered all domains for Reflecting mode customers at the time of provisioning.

Additional Information

This detail is a legacy setting that will likely be removed in a future update to the CMP.