Multiuser and User Switching on Shared Devices (Windows only)

Harmony SASE Agent version 11.7 enhances security on shared Windows devices by detecting when users switch accounts and applying Internet Access policies specific to each user.

The agent ensures each monitored device receives user-specific security by enforcing individual policies, browsing restrictions, and private resource access based on group membership. Security events are logged under the active user's account for accurate tracking. This provides administrators with clear visibility and control over user activity on all monitored devices.

User Identification and Policy Assignment

• For Domain and Active Directory or Entra Synced Users:

  1. The agent automatically detects the domain user using the User Principal Name (UPN).

  2. The device is reassigned to the detected user.

  3. User-specific policies and restrictions are applied immediately.

• For Local or Non-Domain Users (UPN Unavailable):

  1. A new user account is automatically created in the Harmony SASE Administrator Portal.

     Note - Local users are created in the %username%.%devicename%@%tenantname%.local format. Each local user account uses an additional user license.

  2. The new user is assigned to the default group policy named All users.

  3. The device remains protected by this policy.

     Important - Access to private resources (for example, VPN connections) is not available for local users.