Sync Azure group membership for AD joined machines
K
Kaveh Sharifi
Currently for AD joined machines, only AD group membership is synced. Most clients have AD sync to Azure and management is done primarily in Azure, so would be good to have Azure group membership synced as well.
Log In
Maria Pavli
Hi Kaveh,
We are currently collecting feedback before starting work on this item.
The plan is to introduce a customer-wide flag that, when enabled, will allow user-group membership to be retrieved via the AzureAD connector, even if the device is not AzureAD-joined but is a member of an Active Directory domain.
Could you provide some example customers in this scenario by creating a support ticket?
A
Andrew Burchell 2nd Account
Maria Pavli - I am a customer with this issue / query...
K
Kaveh Sharifi
Maria Pavli, have submitted a ticket now with an example customer mentioned
K
Kaveh Sharifi
Not according to support and our experience recently. We have a client of roughly 150 endpoints, devices are AD joined. They have AD sync and we wanted to use Azure groups for policy selection in DefensX, it didnt work, for AD joined machines DefensX looks for the AD group membership thats returned from the users AD login token/session.
C
Cody Arnold
This is actually possible and I do this in some of my deployments where they mix in MacOS devices and have policy apply based on M365 group memberships and force MacOS devices to auth via M365 while Windows assets are logonuser.