Enrolling a Symantec Endpoint Protection Manager domain into the cloud console

You must first enroll a
Symantec Endpoint Protection Manager
domain before you can view or manage it in the cloud console.
You can enroll a maximum of 50  Symantec Endpoint Protection Manager domains.
Before you start enrollment
Enrollment with the cloud console installs the
Symantec Endpoint Protection Manager
bridge service, or connector, using an .MSI file.
Your environment must meet the following requirements to support the enrollment of a domain into the ICDm cloud console:
  • Paid subscription to Symantec Endpoint Security
  • Symantec Security Cloud account
    You can set up this login account when you initiate domain enrollment from
    Symantec Endpoint Protection Manager
    . Or you might have an existing account to use for login.
  • Administrator access to the
    Symantec Endpoint Protection Manager
  • Symantec Endpoint Protection Manager
    14.0.1 or later clients
    You can enroll a
    Symantec Endpoint Protection Manager
    domain into the cloud console with earlier clients, but these earlier clients cannot take advantage of the cloud-only Intensive Protection policy.
  • Put the Application and Device Control into Test (log only) mode and System Lockdown into log-only mode. This situation applies only if such policies apply to the server on which
    Symantec Endpoint Protection Manager
    runs, and the policies block .MSI installation.
Step 1: Start the enrollment
To start the enrollment from Symantec Endpoint Protection Manager 14.3, select the
Cloud
tab.
To start the enrollment from Symantec Endpoint Protection Manager 14.2 or earlier:
In
Symantec Endpoint Protection Manager
,  on the
Home
page select
Enroll Now
or go to the
Cloud
tab. The
Get Started
button takes you to the cloud console sign in page. If you do not have sign in credentials, contact your account team manager.
You can also start the enrollment process from the cloud console on the
Enrollment
page.
Step 2: Get an enrollment token from the cloud console
In the cloud console, go to
Endpoint > Integration > Enrollment
. You can generate and copy an enrollment token from this page.
Step 3: Complete the enrollment
  1. In
    Symantec Endpoint Protection Manager
    , paste the enrollment token into the specified area in the
    Cloud
    page.
  2. Select
    Enroll Symantec Endpoint Protection Manager
    .
    You get a confirmation message.
  3. You can press
    Launch
    in the
    Symantec Endpoint Protection Manager
    Home
    page banner to log on to the cloud console.
  4. After enrollment, all of your devices appear in the cloud console. Devices are the client computers that your clients run on. By default, the
    Symantec Endpoint Protection Manager
    manages the topology.
  5. To manage groups and devices from the cloud console, turn on
    Manage Devices from the Cloud
    only for the logged-on domain. To manage cloud-based policies, turn on
    Manage Policies from the Cloud
    . You enable these options in the cloud console in
    Endpoint > Integration > Enrollment
    .
    You should keep
    Manage Devices from the Cloud
    disabled if you use Active Directory or third-party APIs to manage your devices.
    Whenever you make a change to the device group structure, there is a 10-minute delay before the change appears in
    Symantec Endpoint Protection Manager
    . The reverse is also true. The behavior is similar to how
    Symantec Endpoint Protection Manager
    replication functions. During the delay, you should not try to make additional topology changes. The changes might not take effect.