Environment
- App Control Server: All Supported Versions
- App Control Agent: All Supported Versions
Question
Does App Control support adding Azure AD users/groups within Custom Rules?
Answer
App Control does not currently support adding Azure AD users/groups within Custom rules due to the difference between on-site AD SIDs and Azure SIDs formats
Additional Notes
There is an engineering development ticket for this feature to be added in an upcoming release: EP-17112
As a workaround you can:
- Add the Azure AD users/groups SID number to the Custom Rule (How to find the Azure SID here)
- Apply the rule to Authenticated users
- Apply the rule to all users and secure it with an "OnlyIf" macro to specific computer/s (e.g. <OnlyIf:HostName:*LSMITH-1*>)