Hi Madura,
You can integrate with Azure AD directly for the provisioning of users and Groups. User and group identities from Azure AD integrate with Umbrella DNS-layer security and Umbrella Secure Web Gateway (SWG) deployments. You do not need to deploy an on-premises Umbrella Active Directory Connector.
Umbrella DNS
- Enables user identity support for the Umbrella roaming client and AnyConnect Roaming Security module.
Umbrella SWG
- Enables user identity support for the AnyConnect SWG module.
- Provisions user and group identities for use with end-user SAML authentication.
Note: Azure AD does not store the private IP to AD user mappings.
So without VA, for unmanaged endpoints ( without agents ), you will not get visibility of internal IP Address.
Reference: https://docs.umbrella.com/umbrella-user-guide/docs/microsoft-azure-ad-integration