Enterprise DLP
Single Tenant
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Single Tenant
Activate Endpoint DLP to prevent exfiltration of sensitive data over peripheral
devices for a single tenant Customer Support Portal account.
- Log in to Strata Cloud Manager.Enable Enterprise Data Loss Prevention (E-DLP) for Strata Cloud Manager if not already enabled.Enterprise DLP must be active on your tenant to enable and use Endpoint DLP.Install the following Microsoft Redistributable libraries on all endpoints where you installed the Prisma Access Agent.Install the latest versions for the Microsoft Windows version running on the endpoint. This is required enable the Prisma Access Agent to inspect file movement between the endpoint and a peripheral device to prevent exfiltration of sensitive data.Install the Prisma Access Agent on all endpoints you want to protect.Contact your Palo Alto Networks representative to purchase the Endpoint DLP subscription.Click the magic link provided to you by Palo Alto Networks when you purchased the Endpoint DLP subscription.Activate Subscription to begin activating Endpoint DLP.Enter your Email Address and click Next to continue.This email address must match the email that received the magic link to activate Endpoint DLP and must have a valid Palo Alto Networks Customer Support Portal account.Click Create a New Account if you're a security administrator who does not yet have a valid Palo Alto Networks Customer Support Portal account for your organization. This is required before you can continue activating Endpoint DLP.Verify the tenant details for which you're activating Endpoint DLP.This information is populated by default when the magic link is generated. Palo Alto Networks recommends verifying the following tenant details before activation to resolve any issues before activation.
- Customer Support Account—Endpoint DLP must be activate on the same Customer Support Portal account as Enterprise DLP.
- Region—Region is populated by default and is based on the region configured for the Customer Support Portal tenant. This cannot be changed.
- Endpoint DLP Licenses—Endpoint DLP license must be Fully Assigned and display the total number of supported users.
Agree to the Terms and Conditions.Activate Now.Log in to Strata Cloud Manager and set up Endpoint DLP.- Edit the Endpoint DLP data filtering settings and snippet settings to define the operational parameters.Enable Optical Character Recognition on Strata Cloud Manager to scan files with images containing sensitive information.(Optional) Save evidence for investigative analysis with Enterprise DLP to connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store evidence of traffic scanned by the DLP cloud service(Optional) Create a User Coaching Notification Template for Endpoint DLP.The End User Coaching Notification Template allows you to configure the notification displayed to your users in the Access Experience User Interface (UI) when they generate a DLP incident.For the Product Name, select Endpoint Data Loss Prevention. Configure the Applied Rules and Notification Message as needed.Add peripheral devices to Endpoint DLP.Create a peripheral group to group similar types of peripheral devices together for easier application of Endpoint DLP policy rules.Create an Endpoint DLP policy rule to control access to peripheral devices and prevent exfiltration of sensitive data.