Re: Identity Persistence configuration in Secure Endpoint missing

Davedog · ‎10-18-2022

I am experiencing some issues where machine names are changing, and I am getting incorrect reporting. I found Cisco Article updated June 28, 2022 Titled : Cisco Secure Endpoint Guide to Identity Persistence

Updated: June 28, 2022, Document ID:217557

This looked promising; however, I do not have the Identity Persistence Option within my Edit Policy choices, which is where persistence options are configured.

has this recently been discontinued, if so what are the options available now?

Ken Stieers · ‎10-18-2022

This is taken from the online help when you search for "Identity Persistence" , note the first line.... Open a TAC case to make sure it is enabled in your tenant.

IMPORTANT! This policy setting is only available when enabled by Support. If you feel you need this feature, contact Support<> to enable it.

Identity Persistence allows you to maintain a consistent event log in virtual environments or when computers are re-imaged. You can bind a connector to a MAC address or host name so that a new event log is not created every time a new virtual session is started or a computer is re-imaged. You can choose to apply this setting with granularity across different policies, or across your entire organization, as follows.
*

None: connector logs are not synchronized with new connector installs under any circumstance.

*

By MAC Address across Organization: New connectors look for the most recent connector that has the same MAC address to synchronize with across all policies in the organization that have Identity Synchronization set to a value other than None.

*

By MAC Address across Policy: New connectors look for the most recent connector that has the same MAC address to synchronize with within the same policy.

*

By Host name across Organization: New connectors look for the most recent connector that has the same host name to synchronize with across all policies in the organization that have Identity Synchronization set to a value other than None.

*

By Host name across Policy: New connectors look for the most recent connector that has the same hostname to synchronize with within the same policy.

IMPORTANT! In some cases a cloned virtual machine may be placed in the Default Group rather than the group from which it was cloned. If this occurs, move the virtual machine into the correct group in the Secure Endpoint console.

Roman Valenta · ‎10-19-2022

What Ken mentioned is correct, this feature must be enabled via back end and it is very simple task. TAC case is required.

However please be aware that this feature is not there to fix your issue with duplicates if the deployment was done incorrectly in the first place. This feature is more of prevention or addition that will prevent of creating duplicates in environments that are using "Golden Image" as the deployment whatever that might be VDI or Physical machine.

I would highly recommend read through that guide and check if your deployment was done correctly. TAC can help you remove the duplicates very easily but if they keep re-appearing then from what we seen the issue is usually 99% deployment issue and that needs to be corrected first. Usually by creating Golden Image correctly and then re-deploying. After that TAC can clean your duplicates one more time and you should be all set.

https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/217557-cisco-secure-endpoint-guide-to-identity.html

Regards,

Roman