What happens after you enroll a Symantec Endpoint Protection Manager domain into the cloud console?
Symantec Endpoint Protection Managerdomain into the cloud console?
After Symantec Endpoint Protection Manager (SEPM) domain enrollment,
Symantec Endpoint Protection Managerdata gets synched to the cloud console. The data includes the client hierarchy and the policies that the cloud console supports. The sync time is not immediate. You might have to wait a period of time before you see devices in the cloud console.
Once the devices and policies are synched, you can manage them from either the Symantec Endpoint Protection Manager or the Integrated Cyber Defense Manager cloud console. This is called hybrid management.
Symantec Endpoint Protection Managerclient computers and client groups appear on the cloud console automatically as devices on the
Devicespage. By default, the devices appear in a flat list and not in groups on the
Symantec Endpoint Protection Managerclients are called Symantec Agents in the cloud console.
Step 1: View the devices that the Symantec Endpoint Protection Manager manages
- In the cloud console, go toDevices.
- On theDevicestab, in theManaged bydrop-down menu, selectEndpoint Protection Manager
By default, you manage the organization of your devices in the
Symantec Endpoint Protection Manager. You can manage devices in the cloud console only or in
Symantec Endpoint Protection Manageronly but not both at the same time.
Step 2: Choose whether to manage devices and groups from the cloud console
- In the cloud console, go toIntegration>Enrollment, and make sure thatManage Devices from the Cloudis turned on.
If you want Active Directory or some other third-party directory tool to manage your device organization, keep this setting turned off.
Whenever you make a change to the device group structure, there is a 10-minute delay before the change appears in
Symantec Endpoint Protection Manager. The reverse is also true. The behavior is similar to how
Symantec Endpoint Protection Managerreplication functions. During the delay, you should not try to make additional topology changes. The changes might not take effect.
Step 3: Choose whether to manage policies in the cloud only or
Symantec Endpoint Protection Manageronly
Policies appear in the cloud console automatically on the
Policiespage. You do not need to export your policies from Symantec Endpoint Protection Manager and import them in the cloud, unless you are going to manage your environment completely from ICDm.
This setting applies to the following bridged policies that are normally present on a
Symantec Endpoint Protection Managernormally: the Exceptions policy and the Memory Exploit Mitigation (MEM) policy. This setting keeps SEPM from downsynching these policies and creating new ones in the SEPM.
After domain enrollment, the cloud console always controls the supported policies, which you manage from ICDm.
You continue to use
Symantec Endpoint Protection Managerto manage other policies, such as the Host Integrity policies. Policies are pushed down to
Symantec Endpoint Protection Manager, which distributes them to the clients.
To manage policies from the cloud console
- In the cloud console, go to theIntegration>Enrollment, and turn onManage Policies from the Cloud.
Step 4: Look for threats that the cloud console detected
The cloud console's
Discovered Itemslists provide more comprehensive information about the detections in your environment. Use the dashboard to check the results of the policy settings and tune the policy settings if necessary.
- In the cloud console, go toDashboard>SEP 14.2.