Features Introduced in User-ID Agent 8.0

Review the new feature introduced in the Windows User-ID™ agent 8.0 release.
The Windows-based User-ID™ Agent 8.0 release includes the following new features.

Features Introduced in User-ID Agent 8.0.1

New User-ID Agent FeatureDescription
AirWatch MDM Integration
The Windows-based User-ID agent 8.0.1 release supports a new AirWatch MDM Integration service. This service enables GlobalProtect to use the host information that the AirWatch service collects to enforce HIP-based policies on devices managed by AirWatch. As part of the User-ID agent, the AirWatch MDM integration service uses the AirWatch API to collect information from mobile devices that are managed by VMware AirWatch and then translate this data into host information.

Features Introduced in User-ID Agent 8.0.0

New User-ID Agent FeatureDescription
Centralized Deployment and Management of User-ID and TS Agents
You can now use endpoint management software such as Microsoft SCCM to remotely install, configure, and upgrade multiple Windows-based User-ID agents and Terminal Services (TS) agents in a single operation. Using endpoint management software streamlines your workflow by enabling you to deploy and configure numerous User-ID and TS agents through an automated process instead of using a manual login session for each agent.
User-ID Syslog Monitoring Enhancements
The following enhancements improve the accuracy of User-ID mappings and simplify monitoring of syslog servers for mapping information:
  • Remove IP address-to-username mappings through logout events—To improve the accuracy of your user-based policies and reports, the firewall can now use syslog monitoring to detect when users have logged out and then delete the associated User-ID mappings.
  • Multiple syslog formats—In environments with multiple points of authentication sending syslog messages in different formats, it is now easier to monitor login and logout events because the firewall can ingest multiple formats from a syslog server that is aggregating input from various sources.
Configure Windows User ID agent with your Enterprise Signed PKI Certificate
Beginning with User-ID agent 8.0, you can assign a custom certificate to Windows-based User-ID agents from your enterprise PKI. This enables the firewall to confirm the identity of a Windows-based User-ID agent before accepting User-ID information from the agent. You deploy a custom certificate on the Windows-based User-ID agent and a certificate profile on the firewall—one that contains the CA of the certificate—to establish a unique trust chain between the two devices.
Additionally, this feature reintroduces support for XML API on Windows-based User-ID agents.

Related Documentation