>> From the Agent Configuration menu, select Edit Global Agent Configuration.
>> In the File Tracking tab, verify the required Operation Mode.
>> In order to use device control and protection rules, I would suggest you to enable this option "Device control and full content protection is the default when you upgrade the license".
>> In the Miscellaneous tab, select the modules you require.
For example: To use email protection and web post protection rule, you can enable the outlook handler (for outlook client) and for web post, enable firefox handler and internet explorer plugin.
>> Once it is done, Click apply to apply the dlp policies.
>> If you have domain users to apply those policies then no need to do anything with dlp policy present in policy catalog.
>> Assign the default dlp policy and check the status.
Both the Agent Configuration within DLP and the Agent Confuration within Assigned Policies from System Tree seem to have the same options - which one should I be using and what is the difference?
In policy catalog, if you use default policy then the changes made on the dlp policy console will be reflected. If you duplicate it, then changes will not be reflected on the duplicated policy.
If you have user assigned in dlp policy manager console then assign the default policy on the client machine. If you want to use computer based policy then do not assign any users on the dlp policy manager console. Go to system tree, duplicate the dlp computer assignment policy and click on the policy and enable the protection rules and save. Once it is done, Goto system tree and assign the duplicated to the client machine.
Thanks for your advice - I now understand how the polices apply.
I now have a seperate issue where DLP is working with gmail but not hotmail. Will post as a new question to avoid confusion.