Multitenant

1. Log in to Strata Cloud Manager.
2. Enable Enterprise Data Loss Prevention (E-DLP) for Strata Cloud Manager if not already enabled.

   Enterprise DLP must be active on your tenant to enable and use Endpoint DLP.
3. Install the following Microsoft Redistributable libraries on all endpoints where you installed the Prisma Access Agent.

   Install the latest versions for the Microsoft Windows version running on the endpoint. This is required enable the Prisma Access Agent to inspect file movement between the endpoint and a peripheral device to prevent exfiltration of sensitive data.

   • Microsoft x64 Visual C++ Redistributable
   • Microsoft x86 Visual C++ Redistributable
4. Install the Prisma Access Agent on all endpoints you want to protect.
5. Contact your Palo Alto Networks representative to purchase the Endpoint DLP subscription.
6. Click the magic link provided to you by Palo Alto Networks when you purchased the Endpoint DLP subscription.
7. Activate Subscription to begin activating Endpoint DLP.

8. Enter your Email Address and click Next to continue.

   This email address must match the email that received the magic link to activate Endpoint DLP and must have a valid Palo Alto Networks Customer Support Portal account.

   Click Create a New Account if you're a security administrator who does not yet have a valid Palo Alto Networks Customer Support Portal account for your organization. This is required before you can continue activating Endpoint DLP.
9. Verify you are activating Endpoint DLP for the correct Customer Support Portal account.
10. In Specify the Tenant, select the child tenant for which you want to activate Endpoint DLP.

    Enterprise DLP must be active on the tenant for which you activating Endpoint DLP.

    Click Done to continue.
11. Verify the tenant details for which you're activating Endpoint DLP.

    • Region—Region is populated by default and is based on the child tenant you selected in the previous step. This cannot be changed.
    • Endpoint DLP Licenses—Endpoint DLP license must be Fully Assigned and display the total number of supported users.
12. For the Cloud Identity Engine, select the CIE instance associated with your Customer Support Portal account and click Done.
13. Agree to the Terms and Conditions.
14. Activate Now.

15. Log in to Strata Cloud Manager and set up Endpoint DLP.

    1. Edit the Endpoint DLP data filtering settings to define the operational parameters.
    2. Add peripheral devices to Endpoint DLP.
    3. Create a Peripheral Group to group similar types of peripheral devices together for easier application of Endpoint DLP policy rules.
    4. Create an Endpoint DLP Policy Rule to control access to peripheral devices and prevent exfiltration of sensitive data.
    5. (Optional) Create a User Coaching Notification Template for Endpoint DLP.

       The End User Coaching Notification Template allows you to configure the notification displayed to your users in the Access Experience User Interface (UI) when they generate a DLP incident.

       For the Product Name, select Endpoint Data Loss Prevention. Configure the Applied Rules and Notification Message as needed.