What happens after you enroll a
Symantec Endpoint Protection Manager
domain into the cloud console?

After Symantec Endpoint Protection Manager (SEPM) domain enrollment,
Symantec Endpoint Protection Manager
data gets synched to the cloud console. The data includes the client hierarchy and the policies that the cloud console supports. The sync time is not immediate. You might have to wait a period of time before you see devices in the cloud console.
Once the devices and policies are synched, you can manage them from either the Symantec Endpoint Protection Manager or the Integrated Cyber Defense Manager cloud console. This is called hybrid management.
Symantec Endpoint Protection Manager
client computers and client groups appear on the cloud console automatically as devices on the
Devices
page. By default, the devices appear in a flat list and not in groups on the
Devices
page.
Symantec Endpoint Protection Manager
clients are called Symantec Agents in the cloud console.
Step 1: View the devices that the Symantec Endpoint Protection Manager manages
  1. In the cloud console, go to
    Devices
    .
  2. On the
    Devices
    tab, in the
    Managed by
    drop-down menu, select
    Endpoint Protection Manager
By default, you manage the organization of your devices in the
Symantec Endpoint Protection Manager
. You can manage devices in the cloud console only or in
Symantec Endpoint Protection Manager
only but not both at the same time.
Step 2: Choose whether to manage devices and groups from the cloud console
  1. In the cloud console, go to
    Integration
    >
    Enrollment
    , and make sure that
    Manage Devices from the Cloud
    is turned on.
If you want Active Directory or some other third-party directory tool to manage your device organization, keep this setting turned off.
Whenever you make a change to the device group structure, there is a 10-minute delay before the change appears in
Symantec Endpoint Protection Manager
. The reverse is also true. The behavior is similar to how
Symantec Endpoint Protection Manager
replication functions. During the delay, you should not try to make additional topology changes. The changes might not take effect.
Step 3: Choose whether to manage policies in the cloud only or
Symantec Endpoint Protection Manager
only
Policies appear in the cloud console automatically on the
Policies
page. You do not need to export your policies from Symantec Endpoint Protection Manager and import them in the cloud, unless you are going to manage your environment completely from ICDm.
This setting applies to the following bridged policies that are normally present on a
Symantec Endpoint Protection Manager
normally: the Exceptions policy and the Memory Exploit Mitigation (MEM) policy. This setting keeps SEPM from downsynching these policies and creating new ones in the SEPM.
After domain enrollment, the cloud console always controls the supported policies, which you manage from ICDm.
You continue to use
Symantec Endpoint Protection Manager
to manage other policies, such as the Host Integrity policies. Policies are pushed down to
Symantec Endpoint Protection Manager
, which distributes them to the clients.
To manage policies from the cloud console
  1. In the cloud console, go to the
    Integration
    >
    Enrollment
    , and turn on
    Manage Policies from the Cloud
    .
Step 4: Look for threats that the cloud console detected
The cloud console's
Dashboard
and the
Discovered Items
lists provide more comprehensive information about the detections in your environment. Use the dashboard to check the results of the policy settings and tune the policy settings if necessary.
  1. In the cloud console, go to
    Dashboard
    >
    SEP 14.2
    .
More information