You are using the following document in order to use the new functionality introduced with importing objects from Microsoft Entra:
Using ITMS with Microsoft Entra:
https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/endpoint-security-and-management/it-management-suite/generated-pdfs/Using_IT_Management_Suite_with_Microsoft_Entra.pdf
You have configured the Entra connection to your Tenant. When adding a group and syncing in your SMP (Symantec Management Platform) Server, it creates a new user. You don't know if this is expected behavior or not. These are on-prem accounts, sync'd to your company's Tenant and would prefer to not have duplicates.
Example of duplicates:
"AZUREAD\JohnDoe"
"John Doe"
ITMS 8.7.1, 8.7.2, 8.7.3
Current functionality. This Use case was not considered originally:
User is imported from local AD and from Azure AD. What looks common between these users is a e-mail address (some other entries also - name, phone etc. but e-mail looks more useful as a merge key).
This is a common issue we run into with user matching. We are using UserPrincipalName from the claim to match an existing user e.g. JohnDoe@example.com. The existing user in the SMP Server has sAMAccountName set as the username .e.g. JohnDoe. This user would not exist in SMP Server hence a new/duplicate user is created.
This use case has been addressed in our next release: ITMS 8.8.
New APIs were created to get the necessary resource keys. Full implementation will be available in ITMS 8.8 Release.
A Pointfix will contain the simplified version of those changes for those customer using ITMS 8.7.2 and 8.7.3 releases.
See CUMULATIVE POST ITMS 8.7.2 POINT FIXES
See CUMULATIVE POST ITMS 8.7.3 POINT FIXES
After the improvements are applied, now a user will see new Items in the SMP Console:
By default existing AD import or Cloud AD Import rules have new check-box "Custom resource keys and names" checked
More details on how this new “Custom resource keys and names” option works, please refer to KB 385966 "Controlling how local AD imported users or Azure AD imported users names are be stored in “Symantec_CMDB” database or merged by directoryid resource key"