You added new policies and they appear assigned to your Detectors in the Cloud Service, but your Cloud Service Detector is not showing any incidents and the message count on the Enforce Server for this Detector is also at "0".

If you send out a test email, for example, it is delivered, but policy detection does not appear to be working.

If you either suspend the policies in question, or assign them to a Policy Group that is not associated with the Cloud Services, detection resumes and message counts are incremented as normal.

Release : 16.0, 15.8

If reverting corrected the issue, look for rules or conditions in your policies that are not technically logical - not relevant - for the Cloud Services.

E.g., Endpoint conditions like Device ID are not expected to work in Cloud Detectors.

In some cases, when a policy containing conditions that do not apply to the Cloud Services is assigned to a Policy Group allocated to a Cloud Detection Service, it breaks the profile (the sum total of all Detector configuraitons like indexes, policies and settings) and policies fail to load on the Detector.

In other cases, although the policies appear to have loaded successfully (Event Code 2705 is shown: "Configuration file [Policy] delivery complete"), the DLP Engineering teams have confirmed that the conditions which have no relevance for the Cloud Service themselves will not be loaded on the Detector.

The recommendation from DLP Support is to segregate Endpoint and Cloud policies into separate Policy Groups.

You do not want Endpoint conditions to be assigned to the Cloud Detection Service (and vice versa, as Cloud Services conditions like Contextual Attributes are inappropriate for Endpoint Agent policies).

Update: The Engineering teams will be releasing an update to the Cloud Services that is expected to change this behavior. This article will be updated when that occurs (expected in the current quarter).

Similar issues are documented in the following KBs:

• • Some Response Rule conditions are not working for Cloud incidents (broadcom.com)
  • Issue with detection on Cloud Detection Service for Rest (broadcom.com)