DLP Endpoint Agent support for Microsoft Azure Domain Joined Systems
search cancel

DLP Endpoint Agent support for Microsoft Azure Domain Joined Systems

book

Article ID: 171699

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention

Issue/Introduction

Windows 10 Data Loss Prevention (DLP) agent endpoints are joined to an Azure domain(Azure-AD) and the Endpoint agent systems are reporting "Active Directory user group resolution failed". Microsoft Azure Support DLP on the endpoint is in question. 

Microsoft Azure support for DLP.

Active Directory user group resolution failed

Environment

Symantec Data Loss Prevention 15.8.x
Symantec Data Loss Prevention 16.x

Cause

Microsoft Azure Domain joined systems were not supported by the DLP Endpoint Agent prior to DLP 16.0 RU2.

Resolution

DLP 16.0.2 (RU2) introduced the support for MS Azure Domain (Entra ID) joined machines. The support is limited to Windows 11 and is currently only supported for hybrid Azure deployments where on-premises AD is still the source users and groups. For more information refer to the "What's new" Endpoint section of DLP 16.0.2 documentation linked below:

Endpoint Features in Data Loss Prevention 16.0.2 (broadcom.com)

 

 

Additional Information

A separate feature request is currently opened to implement support for pure Azure AD (Entra ID) applications without an on-premises AD server.

Please contact Symantec Support and/or your Sales Team to be added to enhancement request ISFR-3229 for this to eventually be added.