I had this same question and submitted a ticket to support about it. If clients are using UCE (so you are accessing the CASB from the new authuimcafee domain) then this migration DOES NOT apply to you. I hope that helps. 

Migration not required if they are already actively using UCE

Generally speaking - yes. We do not make any difference if you are running Virtual or Hardware appliance . As long you are using our Cloud Service and want to apply your local policies make sure your Customer ID is migrated and Synch is working. If you can rebuild all rules with our Cloud UI you could consider to switch.

Q: We use onPrem McAfee ePO and it does not synch cloud. But we also have Web Gateway onPrem and it dose have a web hybrid policy synch. Do I have to take action and what is relevant? 

A: Yes, you will have to follow steps shown as "Hybrid"-Setup. 

for reference please follow guide on this link:

Migrate_WGCS_to_SWG/Migrate_from_WPS_to_WPS2_(ePO_Managed_MCP_Agent_and_Policy) 

---------------------------------------------------------------------------------------------------------------------

Q:  Which steps do I have to follow if I'm "Cloud only" and which for "Hybrid-Mode"?

A1: for Cloud only: Migrate_from_SWE_to_SWG_Cloud_(ePO_Cloud_Managed_MCP_Agent_and_Policy)

A2: for Hybrid Mode: Migrate_WGCS_to_SWG/Migrate_from_WPS_to_WPS2_(ePO_Managed_MCP_Agent_and_Policy) 

---------------------------------------------------------------------------------------------------------------------

Q: Why is there a infrastructure difference between "hybrid.skyhigh.cloud" and "wgcs.skyhigh.cloud"?

A: "c(Customer ID).hybrid.skyhigh.cloud will direct traffic directly to a hybrid proxy which will process the hybrid policy uploaded from the on-prem appliance." You might not have recognized any difference in first place cause you have possibly enabled "hybrid policy routing" in your "Web Policy". This would lead to internal redirection to your SWG synchronized policy.

Ref: Configure_New_Proxy_Name

---------------------------------------------------------------------------------------------------------------------

Q: Are different PoPs used for SSE (UCE) and WGCS (Hybrid) traffic?

A: different PoP - No, but you can expect different egress IP addresses. UCE and WGCS use different policy "language" which allow you to write rules in "Code View". Technically those are different products.

---------------------------------------------------------------------------------------------------------------------

Q: In hybrid mode, after onPrem is synched with Skyhigh domain, will clients that are still pointing to *.saasprotection.com via SCP loose access to *.saasprotection.com Proxy? Or have access but miss further policy updates?

A: No connection will be lost. Customer ID and Admin Account for cloud synch remains the same after migration. The only issue that would be expected is that this service wont work after 31th of Dec. 

---------------------------------------------------------------------------------------------------------------------

Q: I can sigh into Auth.ui.mcafee.com but when I select "Skyhigh Security Cloud" card it takes me to setup notification page, nothing else.

A: This symptom is common for expired trial accounts. No trial account will be migrated. If you need help to identify active account please contact support.

Good Morning @mgarten,

you're right this URL will become obsolete on 31.Dec this year as well. Please change it to https://policysync.skyhigh.cloud:443. 

The Backend remains the same the only change for you is the FQDN.