What applies to the Endpoint Agent and when is important to understand.

Below offers some information on what applies and when.

If the user disconnects from the network, which Agent Group will apply, the default or the AD OU group?

Answer: Agent retains the last AD OU group applied.

If the user takes their laptop home, and logs in via a cached/offline profile which Agent Group is applied?

Answer: Agent retains the last AD OU group applied.

If the user takes their laptop home, and resumes a cached/offline profile (they're not requested for their credentials) which Agent Group is applied?

Answer: Agent retains the last AD OU group applied.

When is the default agent group superseded by the agent group based upon AD attributes?

Answer: The default agent group is always the fall back group. It is never superseded.

If the Endpoint Agent is unable to query Active Directory for Attribute Lookup, will the Agent Configuration go to default?

Answer: If the refresh interval expires and agent is unable to connect to AD, it retains the last group. If the agent has been categorized to some valid group, then it will remain in that group irrespective of whether it is able to query attribute lookup or not.

If the user establishes a VPN connection, does the Endpoint Agent attempt to perform an Attribute lookup?

Answer: As long as LDAP server is reachable, the agent will attempt to perform attribute lookup.

Can all the scenarios be provided on when Agent Configuration will change with respect to User Attributes?

Answer: In case, either the attribute value changes (and queried by agent) which results in re-grouping of the agent OR query itself changes.