One way is to create a real or virtual organizational unit, or a security group, that contains only the on-prem or cloud users, then use that OU or group as the scope of the policy.
Another is to select either the “Update Cloud User” or “Update On-Prem User” action in the policy. Each of those actions will only target the related user type, so if you have a scope and condition set in the policy that includes both on-prem and cloud users but select the “Update On-Prem User” action, only the on-prem users that the policy matches will be affected.
Note: if you create an OU or group for the scope, you still have to select the correct action type. The reason for creating the OU or group is to make clear what the scope is for both human users and auditing software.
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center