ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Understanding how DLP Agents receive Configurations and Policies
Article ID: 198168
Data Loss Prevention
You want to understand how DLP Agents receive Configurations and Policies.
DLP Agent behavior is determined through what Agent Configuration it has, and which Policies it has received. This article is a high-level overview of the design whereby the agents are assigned configurations and policies.
The following graphic demonstrates these relationships visually:
Agents must be assigned to an Endpoint Server in order to receive Policies and Configurations.
Endpoint Server Assignment Methods:
Using the ENDPOINTSERVER parameter at installation time.
By selecting agents from the Agent List page in the Enforce server Console and using the "Change Server" feature.
All Endpoint Servers receive all active Configurations.
Each Endpoint Server receives only those policies contained within Policy Groups that have been assigned to it.
Agent Configuration objects must be assigned to an Agent Group and will be applied to the agents within that group.
Agents must be added to an Agent Group which has an Agent configuration assigned, in order to receive a Configuration
Agent Group Assignment Methods:
Dynamically by agent/user attribute
Statically entered in the "Always include these agents" field of the Agent Group page.
By selecting agents from the Agent List page in the Enforce Server Console and using the "Change Group" feature.
Policies must be assigned to Policy Groups.
Policy Groups must be assigned to Endpoint Servers in order for the Policies to then be associated with the Agents that have been assigned to that particular Endpoint Server.