I have found when a user connects for the first time and does not pass device posture checks they never show up for me to filter for their username in diagnostics. Typically the first thing I do is username=x in diagnostics but they cannot be found.
I only found this work around to find them to diagnose the issue. I go to dashboards/user on the right under USERS BLOCKED BY POLICIES. I usually can find them listed there near the top and there I can click them and it takes me to diagnostics where I can indeed see them and their issue. If I clear that filter and try to just filer based on username again they cannot be found.
Is this by design or a bug? I went ahead and opened a case because it appear to be the actual search as the issue with username field. The query language works fine.