VAs/AD and Policy Hierarchy
With Insights, an Active Directory or Internal Network Identity is only displayed in the Identity column of Reports if the request matched a Policy with that Insights identity.
An Insights Identity can be one of the following:
Active Directory User
Active Directory Computer
Internal Network IP
Site (Refers to the Virtual Appliance when no matching Policy or Identity was mapped)
If a Network or Internal Network is configured higher in the Policy Hierarchy than an actual, specific Insights user or computer identity, then the Identity column in the Reports section of the dashboard will show as the Network or Internal Network that was matched when searching for the Insights identity.
Using Filtering by Identity in the Reports section will show you the identity’s request history correctly, but it will simply show as the Network/Internal Network.
In the example below, I searched for the identity “Zachary Gilman”, but since the Network Policy is higher in the Policy hierarchy, the Identity shows up as coming from the Identity of the Policy for which it matched. If there was a specific Policy for my user that was higher in the Policy Hierarchy, then it would display as my user. In essence, you can still search for the AD identity, but it will display as the Identity for which the policy matched.
VAs/AD + Roaming Client
A full article on Roaming Client and Reporting – What to Expect should be read for more information. This snippet only relates to using Umbrella roaming client in conjunction with Insights.
Many times the Umbrella roaming client is used for laptops that leave the Insights environment, but what happens to the reporting aspect when the Umbrella roaming client is inside an Insights network?
If the Umbrella roaming client is being protected by a Virtual Appliance, the Umbrella roaming client automatically disables itself, and you do not have the ability to search Reports for that Umbrella roaming client identity as it no longer reports as an Umbrella roaming client. However, you will be able to search by the Active Directory user, computer, or the Internal IP address of the computer.
You can tell if you're being protected by a Virtual Appliance by looking in the tray icon (Mac or Windows), or by checking that identity in the dashboard by hovering over the "Primary Policy" icon.
|Tray Icon (for a Mac)||Umbrella Dashboard (Roaming Computers section)|