Deployment Question

I am deploying ZScaler for the first time to a mixed windows environment. Some users are using intune and AzureAD, others are using on premise AD to authenticate their laptops but use AzureAD credentials for O365.

I can deploy to both which is great, both can use their AzureAD credentials too to sign in, which is great.

My issue is - My users can still use the internet without bothering to sign in to zScaler.

Can I block internet until the user has signed in? If not, im guessing the rollout to 1000 users would take a considerable time with lots of manual intervention. Why would end users bother to sign in without being pushed to?



Classification: Public

See here for stopping internet access if not authenticated.

1 Like

Thank you Ramesh! That works great. Is there a similar function available for Android deployment? I have the zScaler app downloaded and configured, but it does not start service until the user clicks the app.

Please check if any MDM solutions can use.

In addition to the above, for on-premise (AD) devices, look at deploying Seamless SSO and hybrid Azure AD joining the devices.

The devices will be issued a PRT which will be picked up by any apps using Azure AD as an IdP with proper MSAL libraries. Zscaler will login automatically.