In our current MWG policy we map users into a policy by using their AD group membership. We are trying to integrate MACs into this using the MCP client. Is it a hard requirement for these MACs to be joined to the AD domain for this to work for them?
MCP always works without a Domain Membership. Therefore you have to configure the Customer ID and the shared secret. This is, let me say, the main authentication.
For user/group information/mapping MCP (on a windows client) extracts the username and group membership from the logged on user.
Let´s summarize this information. MCP only works with information from the local user on the system. If there is a non Domain User/local user logged on this information is not available for MCP.
Hope this helps,