Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
162
Views
0
Helpful
4
Replies

Applying Umbrella policy to Active Directory identities

Go to solution
mski7861
Level 1
Level 1

‎07-08-2024 12:15 PM

Can I apply and enforce an umbrella DNS policy to a Active Directory user that doesn't have the Umbrella Roaming Client installed? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to mski7861

‎07-08-2024 12:45 PM - edited ‎07-08-2024 12:52 PM

@mski7861 without the Roaming Client or the VA, Umbrella won't know which user the DNS request comes from. It's the VA that sends the client IP address and user information with the DNS request to the Umbrella cloud.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎07-08-2024 12:23 PM

@mski7861 yes, configure the clients to use the Umbrella Virtual Appliance (VA) for DNS resolution. https://docs.umbrella.com/deployment-umbrella/docs/1-introduction

And also ensure the the VA is integrated with AD https://docs.umbrella.com/deployment-umbrella/docs/active-directory-integration-with-the-virtual-appliances

 

 

0 Helpful

Go to solution
mski7861
Level 1
Level 1
In response to Rob Ingram

‎07-08-2024 12:32 PM

@Rob Ingram thank you for the response.  In this case we aren't using the VA nor does the client want another appliance in the environment.  We are directly integrated with Azure,

I created a test policy configured in allow-only mode and applied the test AD user identity to the policy.  The host I tested with had the roaming client installed.  I logged into the host (with the RC installed) as the test user defined in the policy and it blocked all internet traffic as expected.  I then uninstalled the roaming client and rebooted, then tested the same machine and same user however this time I was able to access all URLs.  I even ran the policy tester for the test user and it shows the allow-only policy will be applied.  

I'm just trying to figure out what is required to apply a policy to a Azure AD user or group identity. 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mski7861

‎07-08-2024 12:45 PM - edited ‎07-08-2024 12:52 PM

@mski7861 without the Roaming Client or the VA, Umbrella won't know which user the DNS request comes from. It's the VA that sends the client IP address and user information with the DNS request to the Umbrella cloud.

0 Helpful

Go to solution
mski7861
Level 1
Level 1
In response to Rob Ingram

‎07-08-2024 12:59 PM

Ohhhh so that's where the value of the VA comes into play @Rob Ingram Thank you for the clarification and your response!

0 Helpful
Customers Also Viewed These Support Documents