Computer groups from Microsoft Entra ID are treated like static groups in DriveLock, except that they are maintained automatically by synchronization and not manually by the user.

It helps you achieve the following goals:

1. Assign policies to computer groups

   Computer groups that are connected to a Microsoft Entra ID serve as the target of policy assignments.

   They are available as static computer groups in DriveLock. These groups need to be readable by DOC and DriveLock Management Console (DMC).

2. Use computer groups in policies

   Within policies, you can use Microsoft Entra ID groups in the same way as static groups. Rules for individual computers need to be created using the computer name.

3. Use users and user groups in policies

   For users, the Microsoft Entra ID account name is used instead of the SID as before. This is an address such as "user@mydomain.onmicrosoft.com".

   Microsoft Entra ID user groups can also be selected as DriveLock user groups within the DMC. The available user groups and their members are entered in the same way as computer groups by means of a synchronization mechanism.

4. Login based on roles and permissions via Microsoft Entra ID user groups

   When assigning roles, you can select a Microsoft Entra ID user group. When a user logs on to the DOC via SAML, the DES determines the Microsoft Entra ID user groups of which the user is a member. The remaining logic is no different from standard AD.

5. Self-service

   Microsoft Entra ID user and computer groups can be used in the self-service unlock