Recently, we’ve encountered a use case we hadn’t seen before. Can GPO policies be applied to remote devices using ZTNA?
What could you share about this? From what we’ve seen, it seems possible. Any advice?
Question
Can Active Directory GPO policies be applied to remote devices using ZTNA?
This topic has been closed for replies.
Yes GPOs and other Microsoft Active Directory services work over NPA. So long as the user or machine (via Prelogon tunnels) have access to Active Directory via policies then GPOs should work without issue. This is a very common use case for ZTNA (NPA). If you’re encountering any trouble or have more specific questions please let me know. More info on using Active Directory with NPA can be found at https://docs.netskope.com/en/netskope-private-access-for-microsoft-active-directory-domain-services/.
If you have some of the newer features like latency based Publisher selection enabled then some of the above setup can be simplified.
Thank you for answering my question about GPOs. This is the first time we are encountering this use case.
I have a couple of questions: Even with legacy protocols, is using NPA to apply GPOs reliable?
What about the Netskope SD-WAN solution? Would it work better than NPA?
I can’t think of a reason it wouldn’t be reliable since GPOs are usually updated by a periodic client check-in.
Though if you had a requirement to push updates server → client you would probably need to look into BWAN.
Former Netskope PS Consultant, Current Netskope customer
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.