Automatic update Rollout non-persistent vdi - Group Based restrictions

Good day, trying to get my arms around non-persistent VDI deployment of ZCC and how to control automatic software updates.

The challenge on non-persistent VDIs with software updates are, is that upon machine creation the image is taken from a saved “image” file vmware uses, so the ZCC will attempt to update every time.

Goal is to enable auto-updates for the enterprise, but block them on non-persistent vdi.

I see the feature for group based rollout - so I could restrict the rollout based on an AD group. My challenge is that some users have both a laptop and VDI, so blocking by a user AD group (user attribute passed to ZIA on SAML assertion) is not really what I want, I want to block by the machine type, or attribute.

Has anyone had anyluck solving this problem, I really dont want to turn off updates for the entire account.

I was thinking maybe there was an install option to pass for the non-persistent VDI such that it would tell it to not check for updates, or an IP address I could block at the network level so it can not reach the update server.

Thanks for you

I would try disabling auto updates and saving that as the VDI image:

Hi William,
https://config.zscaler.com/zscalerthree.net/zscaler-app
ZApp auto update
Port 443 d32a6ru7mhaq0c.cloudfront.net