You added new policies and they appear assigned to your Detectors in the Cloud Service, but your Cloud Service Detector is not showing any incidents and the message count on the Enforce Server for this Detector is also at "0".

If you send out a test email, for example, it is delivered, but policy detection does not appear to be working.

If you either suspend the policies in question, or assign them to a Policy Group that is not associated with the Cloud Services, detection resumes and message counts are incremented as normal.

Release : 16.0, 15.8

If reverting corrected the issue, look for rules or conditions in your policies that are not technically logical - not relevant - for the Cloud Services.

E.g., Endpoint conditions like Device ID are not expected to work with Cloud Detectors.

It has also been confirmed that DLP has behavioral changes in 16.0, compared with prior versions:

Previously, in most 15.8 environments, policies having such conditions are delivered successfully (Event Code 2705 is shown, "Configuration file [Policy] delivery complete"), but policy conditions having no relevance for the Cloud Service will not be loaded. The remainder of those policies continue to function normally.

In 16.0, however, when a policy containing non-supported conditions is assigned to a Policy Group allocated to a Cloud Detector, it prevents all policies from loading.

Previously, the recommendation from DLP Support was to segregate Endpoint and Cloud policies into separate Policy Groups.

Currently, the Engineering teams have released a permanent fix to the Cloud Detection Service, as per this Advisory:

Some policies fail to trigger with Cloud Detection Service (CDS) after upgrading to DLP 16.0

A permanent fix has been applied as of May 29th 2023.

Note: You do not need to take any action. The permanent fix has been applied on the Cloud Detection Service. 

As per the advisory, the resolution means that policies can be configured for use in both Endpoint and Cloud Service Detection Servers.