You can override the SecureEdge global Access/Default settings of the ZTNA features and create settings on a user level. You must first enable User Override for a specific user before configuring individual settings for Tamper Proof, Windows Pre-Logon, User Device Limit, and Trusted Platform Module (TPM) Enforcement. TPM is used to improve the security of your device.

Create an User Access Settings
- Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
- In the left menu, click the Tenants/Workspaces icon.
- From the drop-down menu, select the workspace your SecureEdge Access user should be configured for.
- In the left menu, click Access and select Enrolled Users.  
- The Enrolled Users page opens. Select the user you want to edit.
- To override the global SecureEdge Zero Trust Access settings for a specific user, click on the arrow icon next to the enrolled user. 
- The dashboard of the selected < Name of Enrolled User > page opens. In the left menu, click Settings. 
- In the selected < Name of Enrolled User>, specify values for the following: - User Override – Click to enable/disable. By default, User Override is disabled. - If User Override is enabled, specify the values for the following: - Tamper Proof – Click to enable/disable. By default, Tamper Proof is disabled. Note: For devices running iOS, iPadOS, or Android, an MDM solution is required. - If Tamper Proof is enabled, the user will no longer be able to do the following: - Disable the SecureEdge Access Agent
- Unenroll
- The right-click Quit option for the SecureEdge Access Agent will not be available on the system tray.
 
- If Tamper Proof is disabled, all of the above-mentioned features are available to the user.
 
- Windows Pre-Logon – Click to enable/disable. By default, Windows Pre-Logon is disabled. - If Windows Pre-Logon is enabled, administrators can manage user devices running Windows without the user being logged in. Note: This feature is available only for Windows.
 
- User Device Limit – Select a user device limit from the drop-down menu. You can choose between 1 to 10 devices per user. User Device Limit refers to the number of devices the user is allowed to enroll. By default, User Device Limit is 5.
- Web Filtering – Click to enable/disable DNS-based web filtering. By default, Web Filtering is enabled.- If Web Filtering is enabled, all web traffic will be checked against the defined Web Filter policy. You can enforce Web Filtering policies for the web traffic that the clients connect to via the SecureEdge Agent in order to establish a secure connection to access internal and external company resources. For more information, see Web Filter Policies.
 
- TPM Enforcement – Click to enable/disable. By default, TPM Enforcement is disabled.- If TPM Enforcement is enabled, it ensures that the SecureEdge Access Agent is using a TPM-generated key that is stored in a Trusted Platform Module (TPM). TPM is a non-exportable, secure device authentication certificate using the TPM chip on your device. Note that by using TPM, it is not possible to access a private key directly. 
- If TPM Enforcement is disabled, you cannot establish secure operations to a device. 
 
 
- If User Override is disabled, you are not allowed to set any of the ZTNA features. The global Access/Default settings will be used instead. 
 
- Click Save.
After configuration is complete, verify the user-level settings for a specific user on the SecureEdge Access Agent. The usage of ZTNA features is as follows:
- You can enable/disable Tamper Proof for a specific user if User Override is enabled.
- You can enable/disable Windows Pre-Logon for a specific user if User Override is enabled.
- If User Override is enabled, you can increase/decrease the user device limit per user. By default, User Device Limit is 5. The range is between 1 and 10. You will get an enrollment error under the following circumstances:- If the user attempts to enroll more devices than the limit allows, an error message will be displayed.
- Decreasing the number of devices in the global Access Settings is not allowed for a specific user when the user has already deployed the maximum number of devices. Attempting to do so will result in an error.
 
- You can enable/disable TPM for specific users in a selected workspace.
Further Information
- For more information how to set up ZTNA features on a global level, see How to Configure SecureEdge Access Global Settings.
- For more information on how to set up the SecureEdge Access Agent network configuration, see How to Configure SecureEdge Access Agent Network.
