When securing your DLP servers you may have the requirement to pass the connection from the Enforce or Detection servers to the Internet. You'd like to understand which external URLs need to be allowed to keep full functionality of the product.

The connections from the Enforce or Detection servers to the Internet are situational and depend on integrated products or components. Most common integrations/components that require an external Internet connection from the Enforce or Detection servers are:

1. Cloud Detection Servers (CDS) used to detect e-mail content flowing from O365, G Suite, network traffic from Cloud SWG (WSS) or others. This connection is required to synchronize policies from the Enforce, or pull the incidents from the Cloud servers. Applies to the Enforce server only.
2. Email security.cloud (ESS) integration used to release e-mails from quarantine directly from the Enforce Console. Enforce server only.
3. In DLP 16.0 and later a new feature called DLP News was introduced which pulls Broadcom DLP related news and alerts from the Internet to be displayed directly in the Enforce Console. Enforce server only.
4. Microsoft Information Protection (MIP) used to allow to synchronize labels from M365 (Enforce) and/or decrypt MIP encrypted content on the on-premises Detection servers. Enforce and Detection servers.

For all first 3 points (Broadcom products integration and DLP Alerts) allow the below URLs:

• *.symantec.com
• *.broadcom.com

For MIP integration the below URLs should be allowed:

• *.login.microsoftonline.com
• *.dataservice.protection.outlook.com
• *.api.aadrm.com
• substrate.office.com