Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

Dell Security Center v10.2.7

AdminHelp

Summary of content (133 pages)

PAGE 1
Dell Security Center v10.2.
PAGE 2
PAGE 3
Table of Contents Welcome ............................................................................................................................................................... 1 About Online Help ............................................................................................................................................. 1 Attributions & Copyrights ..................................................................................................................................
PAGE 4
Table of Contents Users ......................................................................................................................................................... 31 Add Azure AD Users .............................................................................................................................. 31 User Groups .............................................................................................................................................. 31 Add a User Group .......
PAGE 5
Dell Security Center v10.2.7 AdminHelp Modify an Endpoint Group .................................................................................................................... 41 Endpoint Groups Specification ................................................................................................................. 41 Endpoint Group Specification ............................................................................................................... 41 Operators and Expressions............
PAGE 6
Table of Contents Manage Reports ............................................................................................................................................ 55 Manage Reports ........................................................................................................................................ 55 View or Modify an Existing Report........................................................................................................ 56 Create a New Report ...................
PAGE 7
Dell Security Center v10.2.7 AdminHelp Notification Management............................................................................................................................. 73 Notification Management ......................................................................................................................... 73 Product Notifications ...............................................................................................................................
PAGE 8
Table of Contents Configure policy to exclude folders for Basic File Protection (Windows and Mac) ................................. 99 Unsupported applications and file types ............................................................................................... 100 Remove a file type ................................................................................................................................. 100 Use the Recovery Tool ..............................................................
PAGE 9
Dell Security Center v10.2.7 AdminHelp Rules ................................................................................................................................................... 113 Elements ............................................................................................................................................. 113 Add an Enterprise-Specific Rule Name or Tag Element ......................................................................... 114 Create a Rule Name ...........
PAGE 10
PAGE 11
Welcome About Online Help Version: 10.1.1906 Attributions & Copyrights Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118. The software described is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Third Party Software I.
PAGE 12
Welcome FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PAGE 13
Dell Security Center v10.2.7 AdminHelp III. Portions of this product use OrientDB. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. IV. Portions of this product use Apache Wink. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. V. Portions of this product use Jackson JSON. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VI. Portions of this product use Jetty.
PAGE 14
Welcome XIX. Portions of this product make use of Struts Digester, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/), Apache License, Version 2.
PAGE 15
Dell Security Center v10.2.7 AdminHelp C. Neither the names of the copyright holders nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
PAGE 16
Welcome The Licensee may distribute original or modified STLport sources, provided that: o The conditions indicated in the above permission notice are met; o The following copyright notices are retained when present, and conditions provided in accompanying permission notices are met : Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice app
PAGE 17
Dell Security Center v10.2.7 AdminHelp XL. Portions of this product make use of ResizableLib. You may obtain a copy of the license at http://opensource.org/licenses/artistic-license-1.0. XLI. Portions of this product make use of Spring Framework. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. XLII. Portions of this product use $File: A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995.
PAGE 18
Welcome Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 1. Additional Definitions.
PAGE 19
Dell Security Center v10.2.7 AdminHelp You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
PAGE 20
Welcome If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. XLVIII. Portions of this product use DropNet. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. Portions of this product use Hardcodet WPF NotifyIcon 1.0.8.
PAGE 21
Dell Security Center v10.2.7 AdminHelp THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. LIX.
PAGE 22
Welcome LXXVII. Portions of this product use Jackson Annotations 2.4.4. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXVIII. Portions of this product use Apache Maven Wagon 2.2. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXIX. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXX.
PAGE 23
Dell Security Center v10.2.7 AdminHelp XCVIII. Portions of this product use Azure Active Directory Authentication Library 1.2.9. You may obtain a copy of the license at http://opensource.org/licenses/MIT. Portions of this product use AF Networking 2.6.3. You may obtain a copy of the license at XCIX. http://opensource.org/licenses/MIT. C. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. CI.
PAGE 24
Welcome CXIX. Portions of this product make use of the Mono and the Mono runtime, under MIT, BSD, and Apache licenses. You may obtain a copy of the licenses at http://www.monoproject.com/docs/faq/licensing/.
PAGE 25
Dell Security Center v10.2.7 AdminHelp Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Portions of this product make use of the Mono .NET assemblies under MIT and BSD licenses. CXX. You may obtain a copy of the licenses at https://mit-license.
PAGE 26
Welcome NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions of this product make use of mkbundle in Mono under GNU LESSER GENERAL CXXI. PUBLIC LICENSE v3. You may obtain a copy of the license at https://www.gnu.org/licenses/lgpl.txt. GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc.
PAGE 27
Dell Security Center v10.2.7 AdminHelp 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a.
PAGE 28
Welcome b. 6. Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
PAGE 29
Dell Security Center v10.2.7 AdminHelp License Information: Copyright (c) 1999 - 2017 Dell Inc. All rights reserved. This software and associated documentation (if any) is furnished under a license and may only be used or copied in accordance with the terms of the license. Dell elects to use only the Apache license for any software where a choice of Apache v2, and Mozilla Public License 1.1 license versions are made available with the language indicating that Apache v2, and Mozilla Public License 1.
PAGE 30
Welcome 3. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a.
PAGE 31
Dell Security Center v10.2.7 AdminHelp 6. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a.
PAGE 32
Welcome Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
PAGE 33
Get Started Get Started with Dell Data Security • Once your environment has been configured in the Server Configuration Tool, ensure that Dell services are . • Log in to the Management Console. • Manage Subscriptions • Add Azure AD Users • If you require that users receive non-default policies upon activation, modify policies at the appropriate level. • Add groups and users, as necessary. • Assign administrators, as necessary. • Deploy Data Guardian.
PAGE 34
Get Started The images below reflect what may be seen in the dashboard, depending on widgets enabled. Click an area below to view a description of the detail accessible by clicking the same area in the dashboard.
PAGE 35
Navigate Dell Security Center Management Console The Management Console is the central control center that allows administrators to monitor the state of endpoints, policy enforcement, and protection across the enterprise. The Management Console features security and configuration settings that are applied through policy to groups called Populations. For increased security, administrator duties are separated into administrator roles.
PAGE 36
Navigate Dell Security Center (1) Logged in user - The user icon and name of the user that is currently logged on. (2) Gear icon - View information about Dell Security Center, get Dell ProSupport contact information, and log out. (3) Question mark icon - Open a help topic that explains the current screen in the Management Console. Dashboard Dashboard The dashboard displays an overview of status information for the organization.
PAGE 37
Dell Security Center v10.2.7 AdminHelp Notifications List The notifications list provides a configurable summary of news, alerts, and events to display on the dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and Notification Management. Notification Types Select the notification types to include in the list. Notifications of the remaining types are hidden. Types include: Update - News of upcoming product updates.
PAGE 38
Navigate Dell Security Center After selecting one or more types, click in the neutral space above the list to apply the selections. Select Clear selected items to reset the selections in this list. Priority Levels Notification priority levels are not related to priority levels displayed on the dashboard other than in the notifications area. Priorities are Critical, High, Medium, and Low. These priority levels are only relative to one another within a type of notification.
PAGE 39
Dell Security Center v10.2.7 AdminHelp  Endpoints  Protected  Not protected  Managers  Modified policies Summary Statistics provides a breakdown of endpoints by platform, with a link to a detailed report for the selected platform:  Windows  Mac  All Endpoint OS Report To access this page, click a platform link on the dashboard's Summary Statistics. If you click All and the Platform Report page opens, click view in the OS Report column.
PAGE 40
Navigate Dell Security Center Tabs available on each Populations page provide information, allow you to edit details of the Population, and provide configuration options for that Population. The table lists the tabs available for each Population.
PAGE 41
Dell Security Center v10.2.7 AdminHelp • Domain Name • Tenant Name • Tenant Proper Name • Setup Admin Users Users are added through reconciliation. Reconciliation is the automated process used to compare user data in the Dell Security Center with Azure. When a user attempts to log in or activate on an endpoint, the user credentials are verified with Azure and then added to their designated group. In the left pane, click Populations > Users and then click a user name, to view details about the user.
PAGE 42
Navigate Dell Security Center b. Click Search. Depending on the size, this may take a few minutes to populate. c. Select a group from the list to add to the domain. The group name is added to the field below the list. Click the X in the group name to remove the group name. d. 6. Click Add. For ADMIN-DEFINED User Groups, follow these steps: a. Enter the exact text for the group name or use the wildcard character (*). b. Enter a description for the group. c. Click Add Group.
PAGE 43
Dell Security Center v10.2.7 AdminHelp Notes: Universal security groups are only supported for domains that connect through the Global Catalog port. Nested groups are not supported. Remove User Groups 1. In the left pane, click Populations > User Groups. 2. Click a group name link or enter a filter to search for available groups. The wildcard character (*) is supported. 3. Select a row to highlight it. 4. At the top, click Delete.
PAGE 44
Navigate Dell Security Center Admin - To view, assign, or modify administrator roles assigned to the group, click Admin. Select or deselect administrator roles to modify administrator roles assigned to the Group. For more information about privileges available to each administrator role, refer to Administrator Roles. 4. If modified, click Save. User Group Details & Actions The User Group Details & Actions tab lists the properties of a selected user group. 1.
PAGE 45
Dell Security Center v10.2.7 AdminHelp 1. In User Group Detail, search or select a user, then select the check box to the left of the user name. 2. Click Remove Users from Group. 3. Click OK. Users can also be removed from the ADMIN DEFINED Groups. User Group Admin Assign, modify, or view Administrator roles for a group. 1. In the left pane, click Populations > User Groups. 2. Search or select a Group Name, then the Admin tab.
PAGE 46
Navigate Dell Security Center The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the Persistent VDI Endpoint Group. Order of priority: 1. Non-Persistent VDI Endpoint Group 2. Persistent VDI Endpoint Group 3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group 4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Groups 5. Opt-in Endpoint Group 6.
PAGE 47
Dell Security Center v10.2.7 AdminHelp Assign or Modify Administrator Roles View or modify existing administrator privileges. 1. In the left pane, click Populations > Administrators. 2. Search or select the row that displays the user name of the appropriate administrator to display User Detail. 3. View or modify administrator roles in the pane at the right. 4. Click Save. Dell recommends assigning administrator roles at the Group level rather than at the User level. 1.
PAGE 48
Navigate Dell Security Center 3. • Enter Common Name, Universal Principal Name, or sAMAccountName. The wildcard character is supported. • Scroll through the user name list. Click a link in the user name column. The User Detail page opens, displaying the Security Policies tab. View or Modify User Policies and Information 1. In the left pane, click Populations > Users. 2. Click a user name or enter a filter to search for available users. The wildcard character (*) is supported.
PAGE 49
Dell Security Center v10.2.7 AdminHelp Distinguished Name - CN=User Name, OU=Dallas, DC=Organization, DC=com Common Name - User Name Universal Principal Name - username@organization.com sAMAccountName - username Email - User email address User Type - possible values are AD or local Last Modified - Date/time stamp Last Reconciled - Date/time stamp User Endpoints This page displays information about a user's endpoints, listed by platform type. Endpoint categories include Shield, Mobile Device, and Cloud. 1.
PAGE 50
Navigate Dell Security Center Delegated Roles - Delegate administrator rights to a user. Related topics: Administrator Roles Assign or Modify Administrator Roles Delegate Administrator Roles View Reconciliation Date To view the date and time a user group's or user's information was last reconciled with Active Directory, click the Details & Actions tab for the group or user, and refer to last reconciled.
PAGE 51
Dell Security Center v10.2.7 AdminHelp (For Active Directory Groups only) In Choose AD Group, enter the beginning characters of an Active Directory group name (Example: Accounting), and select the desired group. 7. (For Rule-Defined and Active Directory Groups only) Click Preview to view the endpoints to be included in the group. 8. Click Add Group to save the group definition. 9. After the group is added, modify the group priority if necessary. Remove an Endpoint Group 1.
PAGE 52
Navigate Dell Security Center The endpoint group specification is a domain specific language that allows you to define groups. The endpoint group specification consists of a set of operators and a set of data fields that these operators can be applied to. A group specification is a Boolean expression that is evaluated per endpoint to determine whether or not a endpoint is a member of a group.
PAGE 53
Dell Security Center v10.2.
PAGE 54
Navigate Dell Security Center For instructions about how to add an endpoint, see Add Endpoint Groups. Edit Group Priority The Group priority feature is used to determine policy precedence for effective policies that affect multiple groups. Group priority creates a weight associated with the specific group it is assigned to, and that weight is used to determine which policy setting is applied to an endpoint that is a member of more than one Endpoint Group when policy settings differ between those groups.
PAGE 55
Dell Security Center v10.2.7 AdminHelp Edit User Group Priority The user group at the top of the list has highest priority. The user group at the bottom of the list has lowest priority. To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save.
PAGE 56
Navigate Dell Security Center Security Policies - To view or modify policies of the Group, click Security Policies. Details & Actions - To view properties of the Group, click Details & Actions. Viewable information includes: Group Name Description: The description provided when the Group was added. (For Rule-Defined groups) Specification: The endpoint group specification that defines endpoints as members of the group. Members - To view or modify the information of an endpoint in the group, click Members.
PAGE 57
Dell Security Center v10.2.7 AdminHelp 4. Select Add Endpoints to Group, then search for specific endpoints or select endpoints in the list, and click Add Selected Endpoints to Group. OR Select Upload Multiple Endpoints from File, then click Browse to select a CSV file and click Upload. Valid CSV requirements: • The file must be in valid CSV format and contain a maximum of 999 endpoints. • The first column must contain valid fully qualified hostnames. All columns except the first column are ignored.
PAGE 58
Navigate Dell Security Center To add an endpoint to an Endpoint Group: 1. In the left pane, click Populations > Endpoints. 2. Select the check box next to a hostname in the list or enter a filter to search for available endpoints. The wildcard character (*) is supported. For Windows and Mac, if you know the endpoint hostname, enter it in Search. Leave the field blank to display all Windows and Mac endpoints. For Mobile devices, optionally enter the model name or user's email address. 3.
PAGE 59
Dell Security Center v10.2.7 AdminHelp Plugins - Click Plugins view a list of plugins and agents to which this endpoint are plugged into. Viewable information includes status, state, version, and vendor version. Users - Click Users to view a list of users who store and access data on the endpoint. These statistics of users may be available on the Endpoint Detail page: login, last Gatekeeper sync, effective policies, and states. You can also recover data from this page.
PAGE 60
Navigate Dell Security Center Plugins & Agents Agent - SED, FDE, Authentication Proxy, Preboot Authentication, Windows Authentication, BitLocker, TPM Plugin Functional Status (green check mark or red "x") - This indicates whether the Agent has been enabled via policy. To get more detail on whether each plugin is working as expected, look at Plugin State column. Plugin State: • BitLocker Plugin: Starting - Encryption Management Agent/Manager is starting up.
PAGE 61
Dell Security Center v10.2.7 AdminHelp Starting - Encryption Management Agent/Manager is starting up. Because this is a fairly quick process, it is unlikely an inventory update would capture this so you would probably never see this state in the Management Console. Disabled - Encryption Management Agent/Manager is disabled by policy and not enforcing any previously received policy. Active - Encryption Management Agent/Manager is running normally and enforcing policies.
PAGE 62
Navigate Dell Security Center OS/OS Version - Example: Mac OS X 10.11.0 Processor Serial Number - Manufacturer assigned serial number Host ID - Endpoint identifier Unique ID - Dell assigned unique identifier Hardware ID - A unique identifier sent to the server from the client. Protected - Date and time stamp Plugin Manager Detail Command: Click View Effective Policies to go to the effective policy page for this endpoint. Version-Version of Data Guardian the endpoint is running.
PAGE 63
Dell Security Center v10.2.7 AdminHelp Data Guardian User - Each user on the specific endpoint Activated - Date/time stamp, per user Update - Date/time stamp, per user Administrators Assign or Modify Administrator Roles View or modify existing administrator privileges. 1. In the left pane, click Populations > Administrators. 2. Search or select the row that displays the user name of the appropriate administrator to display User Detail. 3. View or modify administrator roles in the pane at the right.
PAGE 64
Navigate Dell Security Center Performed by Type of Administrator Task Help Desk System Security Log Account Forensic1 Policy2 Report Log in ● ● ● ● ● ● Log out ● ● ● ● ● ● View current system state ● ● ● ● Search for Users, Groups, and Endpoints ● ● ● ● Add Users and Groups ● ● ● Remove an endpoint ● Change Dell Security Center Options ● ● Suspend a User ● Reinstate suspended user ● Deactivate a User ● View policies ● Modify policies ● Commit policies ●
PAGE 65
Dell Security Center v10.2.7 AdminHelp Guardian external users Manage Data Guardian external user key requests ● ● Revoke Data Guardian keys ● ● 1 The forensic administrator role provides the rights to use the forensic administrator tools via XAPI. 2 The policy administrator role is reserved for future use. Delegate Administrator Rights Administrator rights for a user group can be delegated to a user.
PAGE 66
Navigate Dell Security Center • Grouping - Group by Report Type, Author, Private, or None (default). • Columns - Select which columns to display on the Manage Reports page, such as Name, Description, Report Type, Author. Also: • • Private - True indicates only the owner of the report can access it. • Report Administrator - can view all public and private reports. • Other Administrators - can view private reports they created and all public reports. • Created - Date the report was created.
PAGE 67
Dell Security Center v10.2.7 AdminHelp Grouping, Columns, and More differ for each report type. Some Column and Grouping options are selected by default. • Columns allows customized options to display. After you select options, you can drag and resequence to avoid scrolling. The resequenced columns return to the default when you close the report. • Grouping allows you to sort the column options you selected.
PAGE 68
Navigate Dell Security Center Export File Export to Excel or a .csv file. Data Guardian Audit Events Data Guardian audit event logs maintain an audit trail of file activity for Windows, Mac, mobile devices, and the web portal. By alternating between a map visualization and multiple filter options, you can access audit data in various ways, from a global overview to specific geolocations or audit data on a specific file or a specific user.
PAGE 69
Dell Security Center v10.2.7 AdminHelp Note: Files that lack geolocation data and display only in the columns still provide some information for auditing. • Show only visible check box - If you click a marker cluster, the map only displays the area for that cluster, but the columns list all audit events in the original query. Select the check box on the lower right for the columns to only list audit events for those visible map points.
PAGE 70
Navigate Dell Security Center Protected_Office_Document_or_Basic_File_Protection_audit_events and the tables below for details and to determine the operating system. • • Net Action - (Windows and Data Guardian v2.7 and earlier) Grouping - Allows you to select one option. The default is None. For example: • Moniker - Groups by moniker if you have more than one selected. • Device or User - Allows you to determine the activity of specific devices or users.
PAGE 71
Dell Security Center v10.2.7 AdminHelp File Name File Path File Key ID File Size To search for a specific file, use the file key ID. Note: When both .xen and protected Office files exist in Mac or mobile or Windows (v2.3 and earlier), parameters may differ for each audit event but are the same within the event. For example, the data may differ for sl_xen_file and sl_protected_file, but the data for each Cloud Encryption .xen file event is the same. Note: For web portal and CASB, no File Path exists.
PAGE 72
Navigate Dell Security Center that were swept and converted from unprotected to protected Office. Modified Updated Summary of the number of times a file was changed since the last audit data transmission. ● ● Modified (Data Guardian v2.7 and earlier) Watermarked User printed a file or exported a file with a watermark. ● ● Accessed Block Copy (Windows only Indicates a file where a user tried to with Data Guardian copy from a protected Office v2.
PAGE 73
Dell Security Center v10.2.7 AdminHelp Open (Windows only) Used with Email Action. ● Sent (Windows only) Used with Email Action. ● Reply (Windows only) Used with Email Action. ● Forward (Windows only) Used with Email Action. . ● Column options for System (protected Office documents and Windows) The following actions relate to the computer, so they have no corresponding Data Guardian action. Note: The grey options apply to Windows and Data Guardian v2.7 and earlier.
PAGE 74
Navigate Dell Security Center Audit Event - Column options Description Provider Cloud storage provider. (Used for earlier versions.) Cloud Name Cloud storage provider name. See also File_Name. Cloud Action If a service acts on a .xen file, the Cloud Action column lists the reason. See Cloud_Encryption_audit events. Process Application Process - Migration of Cloud Encryption events. A system event from the client performs an action on the .xen file.
PAGE 75
Dell Security Center v10.2.7 AdminHelp The Device column lists CASB. For actions, see the CASB column in Protected_Office_Document_or_Basic_File_Protection_audit_events and Cloud_Encryption_audit events. See also Column_options_for_all_audit_events. Column options for Content Based Protection only (Windows) Content Based Protection applies to Windows' Opt-in mode. Policies: Protected Office Documents, Content Based Protection, Content Based Protection Rules.
PAGE 76
Navigate Dell Security Center events Add A protected file or email was shared with a user or a group. This applies to pre-share. ● Remove Data Guardian Access to a protected file or email has been revoked from a user or a group. ● Request A user had to request access to a protected file or email because they did not have access. ● Examples of Map Visualization and Column Filters You can alternate between drilling in at the map level and drilling in at the filter and search level.
PAGE 77
Dell Security Center v10.2.7 AdminHelp To audit protected Office documents only: 1. In Moniker, select Protected Office. 2. In More, select Action and Data Guardian Action. 3. In Columns, select Device, User, Timestamp, File Name, and File KeyID. 4. Optionally, in Grouping, select one item like Device or User to sort. 5. Select Export File > Excel or CSV to view the data for the Action and Data Guardian Action columns. For more information, see Protected_Office_Document_audit_events.
PAGE 78
Navigate Dell Security Center • Audit Control Policies • Web Portal Audit Policies • Mobile Audit Control Policies For Beacon events, see the advanced settings for Data Guardian and select the Enable Callback Beacon policy from one or more of these policy groups: • Protected Office • Mobile Client • Web Portal 1. In Moniker, select Protected Office and Beacon. 2. In the global map view, drill in to a marker cluster in an unexpected location and select a blue marker. 3.
PAGE 79
Dell Security Center v10.2.7 AdminHelp Map point represents a single event Fewer than 10 events More than 10 events More than 100 events Use the + and - icons in the upper left corner of the map to zoom in or out. Drag the map to view different areas of the map. To view individual events for map points representing multiple events, use the + icon in the upper left corner to zoom in on the map point. Click an individual map point within the group of points to view the event.
PAGE 80
Navigate Dell Security Center File Name - File name with extension Action - File action that triggered the event Data Guardian Action - Action taken by Data Guardian, based on policy and the file action that triggered the event Select columns to display from the Columns list. Management Commit Policies Uncommitted policies display in a badge icon in the top left of the Management Console. Click the badge icon to navigate to Management > Commit. To commit polices that have been modified and saved: 1.
PAGE 81
Dell Security Center v10.2.7 AdminHelp • Time Range - If you entered a Date Range, further narrow the entries by entering a Start Time and End Time. To insert times into these fields, click the calendar icons to the right of the fields. • Username and Host - Enter a either a username or host or both. 4. Click Search. 5. To sort the results in ascending order by column, click the heading of the column to sort. 6.
PAGE 82
Navigate Dell Security Center If a client has previously been activated and inventory records exist, then it is not blocked from any reactivation. However, if the subscription authorized count is exceeded during this process, new activations are blocked for the specific license that is in the over 105% state. Subscriptions 1. Subscription structure: a. 2.
PAGE 83
Dell Security Center v10.2.7 AdminHelp 3. Select the appropriate option(s): Export to Syslog lets you specify the syslog server to which to export the file. If TCP protocol is not selected, select it. 4. Click the Save Preferences button. Enable Data Guardian Access Groups You can allow access to selected user groups to collaborate on encrypted data by updating Access Groups preferences. Users outside that group cannot access or view the data unless the owner of the file grants access.
PAGE 84
Navigate Dell Security Center • Select the alert to delete, and click Delete. Product Notifications You can enroll to receive notifications of product updates, recommended configuration changes, and relevant knowledge base articles. Receive product notifications To enroll to receive product notifications: 1. In the left pane, click Management > Notification Management. 2. Select the Configure Notifications tab.
PAGE 85
Dell Security Center v10.2.7 AdminHelp • File Name • Request Date • Request Expiration • File Owner - internal user • Approve/Deny To approve or deny a request: 1. In the left pane, click Management > Data Guardian Management. 2. Select the Key Request tab. 3. Search for specific requests or select requests in the list. To select multiple requests to approve or deny, press Ctrl and then select the requests.
PAGE 86
Navigate Dell Security Center 6. Click Add. External users can also be added to the blacklist from the Audit Events page, if the user is associated with an audit event: 1. In the left pane, click Reporting > Audit Events. 2. In the user column, click to the right of the user name to add to the blacklist. Key Request Data Guardian external users can request a key from an internal user to access a protected Office document.
PAGE 87
Dell Security Center v10.2.7 AdminHelp 4. Click Revoke Keys. Key Management The administrator can manage key ownership. The keyid is available here: • Reporting > Audit Events > Columns > File KeyID. See Options_in_the_Columns_menu. • On the client side, a user can right-click a protected file to see the KeyID. To find/change the owner for a key: 1. In the left pane, navigate to Management > Data Guardian Management. 2. Select the Key Management tab. 3. Enter the keyid and click Find Owner.
PAGE 88
Navigate Dell Security Center The Download tab is only available if the user has been assigned a security and a system administrator role. Configuration To activate endpoints with the Dell Security Center, an Installation ID may be required: 1. In the left pane, click Management > Downloads. 2. Select the Configuration tab. 3. Copy the Installation ID. The Download tab is only available if the user has been assigned a security and a system administrator role.
PAGE 89
Manage Policies Manage Security Policies You can apply security policies at the Enterprise, Domain, User Group, User, and Endpoint Group levels. Default policy settings allow your enterprise to get started with Dell security, but you should customize the security and configuration settings. Security policies are grouped by technology. Click a technology group to view its policies and policy descriptions.
PAGE 90
Manage Policies A localizable policy change is not yet committed. To remove a policy override, hover over the red flag next to the policy name. The red flag becomes a red X. Click the red X to revert to the default value. Group precedence You can Modify Group Precedence. Group precedence creates a weight associated with the specific group it is assigned to, and that weight is used in policy arbitration for all policy overrides.
PAGE 91
Dell Security Center v10.2.7 AdminHelp 5. Enter text that is in the language you selected for localizable policies. Navigate the populations and technology groups as necessary to localize all desired policies for that language. 6. Click Save. 7. To update policies in a different language, select the language from the list, enter localized text for all desired policies, and click Save. Save policy changes before selecting another language in the list.
PAGE 92
Manage Policies Documents Office Protected Document Tamper Prompt Offline Key Generation Escrow Reminder Text Office Protected Files Cover Page Notice Data Guardian > Mobile Client > Cover Page Office Protected Files Cover Page Acceptance Text Office Protected Document Tamper Prompt Data Guardian > Web Portal Office Protected Files Cover Page EULA Data Guardian Overview of Data Guardian Features and Policies This topic provides a brief overview of the Data Guardian key features and policies.
PAGE 93
Dell Security Center v10.2.7 AdminHelp • Web Portal Monitor data To detect potential security risks, monitor audit events and create reports to identify who uses the data and how it is used.
PAGE 94
Manage Policies Cloud Encryption This technology allows for files to be automatically encrypted prior to being uploaded to supported public clouds; this maintains ownership/control of all data encryption keys. The supported public cloud providers are Dropbox, Dropbox for Business, Box, OneDrive, OneDrive for Business, and Google Drive. Off On Off Toggle On to enable Cloud Encryption policies. If this policy is Off, no Cloud protection takes place, regardless of other policies.
PAGE 95
Dell Security Center v10.2.7 AdminHelp Name>/cloudweb/register. See advanced settings Policy Default Setting Description Protected Office Documents This technology allows for Office documents (Excel, PowerPoint, and Word) to be encrypted at the file level. Encryption travels with the file wherever it goes, inside or outside the network.
PAGE 96
Manage Policies See Column_options_for_Content_Based_Protection_only__Windows. Content Based Protection Rules (previously Data Classification Rules) (Windows) Policy test (default) Public Internal Use Restricted Default Setting Selected Not Selected When selected, the selected content rule applies for encrypting files.
PAGE 97
Dell Security Center v10.2.7 AdminHelp Fencing Location policy to access files. Geo-Fencing Location US and Canada US Canada US and Canada Sets the location in which users can access files. The Enable Geo-Fencing policy must be Selected. See advanced settings Policy Default Setting Description Web Portal The Web Portal is a web-based client for creating and editing documents protected by Data Guardian.
PAGE 98
Manage Policies • Cloud Encryption (Mac; v2.3 and earlier for Windows) - Enterprise, Endpoint Groups, and Endpoints • Protected Office Documents - Enterprise, Endpoint Groups, and Endpoints (The Protected Office Documents master policy, Enable Callback Beacon, and Callback Beacon URL policies are available at the Enterprise level only.
PAGE 99
Dell Security Center v10.2.7 AdminHelp To view the files in the folder, you need to register with the owner of the files.

Click Here To Register
Excluded Folders (Windows) Excluded Files (Windows) Server Polling Interval (Windows and Mac) String %windir% %SystemDrive%\$recycle.bin %ProgramFiles% %SystemDrive%\users\*\appdata %ProgramFiles(x86)% %ProgramData%\WebEx String String C3901A99-1A1B-55B4-AE11-891207B1D341.
PAGE 100
Manage Policies 3. The files are encrypted when the files sync to the cloud. After the folders are encrypted, set the Folder Management Enabled policy for the endpoint back to Not Selected. See basic settings Policy Default Setting Description Protected Office Documents This technology allows for Office documents (Excel, PowerPoint, and Word) to be encrypted at the file level. Encryption travels with the file wherever it goes, inside or outside the network.
PAGE 101
Dell Security Center v10.2.7 AdminHelp Enable Time To Live and Embargo Control (Windows) Print Control (Mac; Windows- v2.7 and earlier) Not Selected Selected Not Selected Selected allows users to specify dates for when protected Office files are accessible to external users. Allowed Allowed Watermark Disabled Controls the Print function of protected Office documents (.docx, .xlsx, .pptx, .docm, .xlsm, .pptm, and .pdf): • Allowed - Print option is enabled for protected Office documents.
PAGE 102
Manage Policies Offline Key Generation Escrow Reminder Delay (Windows) Offline Key Generation Escrow Reminder Text (Windows) Protected Office Documents Cover Page Notice (Windows and Mac) Protected Office Documents Cover Page Corporate Logo (Windows and Mac) Enable Callback Beacon 3 days 1-14 days. 3 days default. Specifies the number of days the client will wait while not being able to escrow key material prior to warning the end user.
PAGE 103
Dell Security Center v10.2.7 AdminHelp This policy is supported as of Data Guardian v1.6 and later. See Set TITUS classification. Allow File Exclusions Email Encryption via Outlook Not Selected Selected Not Selected Selected allows internal users to place files within an Unprotected Documents folder where no data is protected. This applies only when Force Protected Files Only is selected. Selected Selected Not Selected Selected allows users to send emails as Protected by Data Guardian.
PAGE 104
Manage Policies Set inactivity lock duration Set copy/paste capabilities Allow Non-Genuine device OS 5 2, 5, 20, 30, or 60 minutes Configure the amount of inactivity time that can elapse before the end user must re-enter a PIN. Not Selected Selected Not Selected Selected allows users to copy and paste outside of the workspace. Not Selected Selected Not Selected Selected allows a jailbroken iOS device or a rooted Android device.
PAGE 105
Dell Security Center v10.2.7 AdminHelp Protected Office Documents Cover Page Corporate Logo Protected Office Documents Cover Page Dell Server URL Enable Callback Beacon Choose File button Corporate logo to display on the document cover page. The image must be a .jpg of square dimensions with a maximum file size of 25 KB. If the image height and width dimensions are not equal, the displayed image is stretched. For Dell Security Center.
PAGE 106
Manage Policies • • Protected Office Documents policies have been enabled, but the user has not yet installed or activated Data Guardian. • User opens a protected Office document or .pdf from the cloud. • User downloads a protected Office document or .pdf to a device that does not have Data Guardian installed. Unauthorized users - The cover page displays, and the person cannot access the content.
PAGE 107
Dell Security Center v10.2.7 AdminHelp NoRename. • • • .tmp .rtf .tif .tiff .txt .vsdx Word (winword) Excel PowerPoint These applications are partially supported: • Add these applications if required by another application: • • • .bmp See .bmp_file. This file extension is partially supported: .odt Currently, when opened with Wordpad, a protected .odt file may not save new content. Add applicable extensions from above. Here are examples: RuntimeBroker.exe:png.rtf.txt.bmp CodeWriter.exe:rtf.
PAGE 108
Manage Policies To configure additional file types to be encrypted: 1. In the left pane, click Populations > Enterprise, enable the Protected Office Documents policy. 2. In the Data Guardian > Windows technology group, enable the Basic File Protection policy. Note: This policy applies to the Enterprise population only. Also, if you enable Allow File Exclusions, users must remove files from the Unprotected Documents folder for these file types to be swept and encrypted. 3.
PAGE 109
Dell Security Center v10.2.7 AdminHelp powerpnt.exe:NoRename.png.jpg.jpeg.jpe.jfif.gif.tif.tiff.bmp Note: Do not add Office file extensions to this policy configuration. • NoNetwork – if users io to a network and files hang when users close them, add this to the application to prevent network save. 8. Before deploying Basic File Protection to the enterprise, be sure to test applications and file extensions in a test environment to ensure that the intended file types remain encrypted.
PAGE 110
Manage Policies Mac example Enter the string in this format: • Variable with a $VALUE format, for example, $HOME/Documents or $HOME/Hidden Note: For Force-protected mode, a sweep occurs in the /Users folder. Inform users of the impact or usability If you define a unique folder name in the Folder Exclusions for Basic File Protection policy so that users can store files of a specific type that should not be encrypted, the policy does not create that folder on the client computers.
PAGE 111
Dell Security Center v10.2.7 AdminHelp • • Microsoft.Photos.exe (Windows 10) • PhotosApp.exe (Windows 8.1) Windows Photo Viewer (Windows 8.1) This UWP application, is not supported and will not open a .bmp file: DllHost.exe:bmp sihost.exe:bmp RuntimeBroker.exe:bmp To add a Universal Windows Platform (UWP) application 1. In the Basic File Protection Configuration policy, enter the UWP application name. 2. Also enter the following process names: • RuntimeBroker.exe • sihost.
PAGE 112
Manage Policies This table lists policies required for enabling protected Office documents in Opt-in mode. If the Protected Office Documents policy is Off, no Office-protected formatting takes place, regardless of other policies. Policy Windows and Mac Enterprise > Data Guardian > Protected Office Documents: Protected Office Documents > On Version availability Description for Opt-in mode Windows and Mac - options for encrypting a file: • • Applies to the Enterprise population.
PAGE 113
Dell Security Center v10.2.7 AdminHelp Windows in Opt-in mode: Data Guardian > Content Based Protection: • Content Based Protection (previously Data Classification) • Content Based Protection Rules Content-based rules can be set at the Enterprise, Endpoint Groups, or Endpoints populations. See Configure Content Based Protection for Data Guardian's Opt-in mode. Windows • For compliance and monitoring purposes, creates audit events.
PAGE 114
Manage Policies File menu option for Office documents Policy for Opt-in mode: Protected Office Documents Protected Office documents Unprotected Office documents Open Files open as usual. Files open as usual. Save User clicks Save on an existing protected file: The file is saved User clicks Save on an existing unprotected file: The file is as protected saved as unprotected If the file is in read-only mode, the Save As window opens.
PAGE 115
Dell Security Center v10.2.7 AdminHelp When you enable encryption for these files in Windows or Mac, you can also set policies for users to view the encrypted files in mobile devices or the web portal. See Set Policies to Protect Office Documents in Mobile Devices or Set Policies to Protect Documents on the web client. Set Force-Protected policies for internal users To set Force-Protected policies for Office and other file types: 1. Log in to the Dell Security Center. 2.
PAGE 116
Manage Policies If your enterprise enables encryption for protected Office documents and PDFs, you can select these additional policies. Policy Version availability Description for Force Protected Enterprise > Data Guardian > Protected Office Documents > advanced: Allow File Exclusions > check box selected Windows and Mac Windows For internal users, an Unprotected Documents folder is added to the root of each Mac computer's Documents folder.
PAGE 117
Dell Security Center v10.2.7 AdminHelp If the file is in read-only mode, the Save As window opens. The only option in the Save as type field is Protected (Documents, Presentation, or Workbook). User opens and saves a .xen file - the only option in the Save as type field is Protected. The .xen file is removed from the cloud. Save As Windows: Data Guardian saves the file as unprotected but if the file is in a local folder, it gets swept and encrypted..
PAGE 118
Manage Policies Export (Office 2013 and higher) Office 2013/2016 and Export Control policy: • • Allowed: Enabled for user • Disabled: Disabled for user Enabled for user Watermark: Export is disabled. See Protected Export. Protected Export (Office Office 2013/2016 and Export Control policy: 2013 and higher) • Watermark: The user can export only to a PDF, This option displays in the but a watermark with their name, domain name, File menu only if the Export and computer ID displays on each page.
PAGE 119
Dell Security Center v10.2.7 AdminHelp For Data Guardian v2.7 and earlier, this table provides an overview of additional Protected Office policy settings and what displays in the Office File menu. These do not apply to Data Guardian v2.8 and higher. With Force Protected enabled, the user is forced to save any Office document as Protected.
PAGE 120
Manage Policies For enhanced security on Office documents (.docx, .pptx, .xlsx, .docm, .pptm, .xlsm, or .pdf), you can implement Data Guardian's Protected Office mode. Protected Office documents are uploaded to the cloud, not as .xen files, but with their file extensions (for example, .docx or .pdf). However, the Office documents are encrypted. Basic File Protection policies allow you to configure additional file extensions to be encrypted.
PAGE 121
Dell Security Center v10.2.7 AdminHelp In Windows for Office documents and PDFs, use the Content Based Protection Rules policy to set rules that enforce encryption on sensitive data. Data Guardian sweeps users' computers when you set the rules and if you modify the rules. Note: Users also have the option to right-click a file that has been analyzed by Content Based Protection and select Protect File. You can set content-based rules at the Enterprise, Endpoint Groups, or Endpoints populations.
PAGE 122
Manage Policies • Encrypt - If you select the Encrypt check box for a non-default rule in the Categories list, the system encrypts the files. In addition, Reports can list which files were encrypted based on content rules. If you select Encrypt and the system sweeps an endpoint and encrypts, the files remain encrypted. • Audit - By default when the Content Based Protection policy is enabled, the Audit action applies to all files. You can view these in Audit Events and Reports.
PAGE 123
Dell Security Center v10.2.7 AdminHelp 3. Select the Encrypt check box if you want the audit report to display files that have met the criteria for encryption. 4. Below the Content Based Protection Rules policy, click Save. Return to top Rules To modify: 1. See Configuration_overview. 2. Click the icon to expand a non-default rule name in the Categories list. 3. Click + to add a rule. 3. In the Rule field that displays, select one or more check boxes for that rule and modify the number if needed.
PAGE 124
Manage Policies • • US Name US Phone Number Keywords elements In the Keywords field, type any key words that you want the system to recognize when encrypting files for that rule name. The format is [object Object].Click Save. Click X to delete. See Add_an_Enterprise-Specific_Rule_Name_or_Tag_Element. Tags elements Public, Internal Use, Confidential, Restricted Select the tag element that corresponds to the rule name, for example, with the Restricted rule name, select Restricted Tag.
PAGE 125
Dell Security Center v10.2.7 AdminHelp 6. Below the Content Based Protection Rules policy, click Save. 7. Modify the Element when it displays in the Element window. After you create an element, you can add it as a new rule. For Regex, the best practice is to create a new element with a Content Identifier such as MyEnterprise Custom Regex or Custom Regex for Internal Use. Any Custom Regex would use the Content Type Custom Regex. However, do not use Custom Regex for predefined or Tags elements.
PAGE 126
Manage Policies 2. In the Dell Security Center > Protected Office Documents policy group, enable these policies: • Protected Office Documents • Advanced: Encrypt based on Titus Classification Do not select the Force Protected Files Only policy. 3. In the Titus Classification Encryption Mapping policy field, enter the formatting. For example, for Data Guardian to encrypt a Restricted TITUS classification, enter Set classification to t_class_4. 4.
PAGE 127
Dell Security Center v10.2.7 AdminHelp Protected Office Documents is On Cloud Encryption is Off Office documents are protected based on policies. N/A No DDG VDisk virtual drive is created. Non-Office documents are not impacted. If Force Protected Files Only is selected, an Unprotected folder is added to the root of the user's Documents folder. Cloud Encryption is On Protected Office Documents is Off Office and non-Office documents are protected as Office and non-Office documents are protected as .
PAGE 128
Manage Policies o Enterprise_has_Data_Guardian_Installed - Instruct users to process shared, encrypted files. • Configure Access Groups • Disable_Auto_access_for_swept_files Set up Access Groups Analyze which users to include within each access group based on which users need to share or collaborate on documents. You can create groups before or after enabling Access Groups in the Management Console. To set up groups, see Add a User Group.
PAGE 129
Dell Security Center v10.2.7 AdminHelp Inform internal users who will be in their access group and allow them to process shared files to ensure a smooth transition. Inform them that this effort will minimize their having to request access to shared files later. • • After Access Groups is enabled, a sweep occurs for Windows and Mac files. See Disable_Auto_access_for_swept_files.
PAGE 130
Manage Policies Return to top Configure Access Groups IT best practices should be followed during deployment. This includes, but is not limited to, controlled test environments for initial tests, and staggered deployments to users. 1. Enable Data Guardian Access Groups and, optionally, Auto access for swept files. Important: Currently, if you enable Access Groups, you cannot disable it. 2. If you have not yet created user groups for this feature, see Add a User Group. 3. In User Groups, select a group.
PAGE 131
Dell Security Center v10.2.7 AdminHelp • Content Based Protection (Windows) Opt-in mode files protected through: • • • • Protected Save As Right-click protect Basic File Protection - direct save Protected messages Internal users within the access group do not have automatic access. • • Same as above. Owner of the file can grant protected access. Users with a protected file can request access. In the Management Console, if needed, you can revoke key access that has been granted.
PAGE 132
Manage Policies Global Settings policies are available at the Enterprise, Endpoint Groups, and Endpoints levels. All Global Settings policies are endpoint-based, meaning the policies follow the endpoint, not the user. Audit Control policies are available at the Enterprise, Endpoint Groups, Endpoints, User Groups, and Users levels. Policy descriptions also display in tooltips in the Management Console.
PAGE 133
Dell Security Center v10.2.7 AdminHelp Advanced Global Settings Global Settings policies are available at the Enterprise, Endpoint Groups, and Endpoints levels. All Global Settings policies are endpoint-based, meaning the policies follow the endpoint, not the user. Audit Control policies are available at the Enterprise, Endpoint Groups, Endpoints, User Groups, and Users levels. Policy descriptions also display in tooltips in the Management Console.