The McAfee Enterprise DLP/McAfee Enterprise MVISION Cloud integration has two parts. McAfee Enterprise DLP synchronizes classification definitions with McAfee Enterprise MVISION Cloud. This operation takes place automatically when a McAfee Enterprise DLP classification definition is added or changed if synchronization is enabled in the DLP Settings. Users working in the cloud can use the McAfee Enterprise DLP classifications to manually classify Microsoft Office 365 documents.
Cloud-based files with classifications that trigger incidents due to McAfee Enterprise MVISION Cloud protection rules are pulled into the McAfee Enterprise ePO database with a regularly scheduled server task and appear in DLP Incident Manager.
The incidents can be used for analysis and reporting in DLP Incident Manager and can be assigned to cases. However, they can only be resolved or updated in McAfee Enterprise MVISION Cloud.
1. Customers A and B create classification definitions and synchronize them with the McAfee Enterprise MVISION Cloud server.
2. McAfee Enterprise MVISION Cloud applies the classifications to protection rules and applies them to content for users working in the cloud.
3. Incidents are synchronized with McAfee ePO and displayed in DLP Incident Manager.
Configure MVISION Cloud
Before you begin: Enable the McAfee Enterprise™ MVISION Cloud integration feature by configuring the MVISION Cloud Server page in DLP Settings and enabling the Connect to MVISION Cloud service handler.
To configure MVISION Cloud in ePO:
McAfee Enterprise DLP can synchronize Classification definitions with McAfee Enterprise MVISION Cloud and incidents from the cloud with DLP Incident Manager. The two functions can be enabled separately.
- From the McAfee Enterprise ePO menu, select Data Protection > DLP Settings.
- On the MVISION Cloud Server tab, do the following:
- Select the Connect to MVISION Cloud service checkbox.
- Enter the server path, user name, and password. Click Test Connectivity. The Connection status indicator displays success or failure.
- To synchronize McAfee DLP classifications and policy, activate Push DLP policy to the MVISION Cloud and select the DLP policy name.
- To enable reporting McAfee Enterprise MVISION Cloud incidents in DLP Incident Manager, select the Pull incidents from MVISION Cloud checkbox. Incidents are only pulled when the server task is enabled (steps 3 and 4).
- Click Save.
- From the McAfee Enterprise ePO menu, select Automation | Server Tasks.
- Locate the task DLP Import MVISION Cloud Events and click Edit.
- On the Description page, in the Schedule status section, select Enabled.
- On the Actions page, verify that the checkbox is selected.
- On the Schedule page, accept the default settings or edit as needed.
- On the Summary page, verify the settings, then click Save.
- Go to Data Protection > DLP policy manager > Policy Assignment. Click Actions > Apply Selected Policies, and select the DLP policy Name.
- Go to Data Protection > DLP settings.
- On the MVISION Cloud Server tab, the Status section displays information on the synchronization. The synchronization time and number of classifications are updated.
Create a Policy in MVISION Cloud
Once you've enabled ePO-MVISION Cloud integration within ePO, and allowed classifications to be synced with the cloud, a new option called McAfee Enterprise Classification appears under Classification selection in the Rules section. You can select an option from the list of Classifications when creating or updating a DLP policy.
To create a Classifications DLP Policy in MVISION Cloud:
- Choose Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy.
- Enter a name for the policy, and an optional description.
- Select the 'Content Type' as 'Unified Cloud Edge'
- Under Rules, click Classification, and then Service > McAfee Classification.
- For Classification, choose the Classification you'd like to include in the policy.
- Choose the rest of the settings in the policy, and then click Save.