1.2 Understanding the Universal Policy Administrator Architecture

Universal Policy Administrator extends the Active Directory (AD) capabilities by enabling domain controllers to add Linux and Mac servers along with Cloud resources to the AD environment, which can interface with identity services, Universal policies, and domains.

1.2.1 Universal Policy Administrator Components

Universal Policy Administrator Components	Description
Universal Policy Administrator Agents	Windows, Linux or Mac based software that enforce universal policies and audit logs; the Windows agent manages a non-domain joined Windows computer.
Universal Policy Administrator On Premises Gateway	A Windows server that performs most of the operations, including storing Universal Policies and interacting with AD.
Universal Policy Administrator Cloud Gateway	A Windows server that can be on-premises or in the cloud, interacts with the SQL database, hosts the web UI, and meters calls to the on-premises gateway.
Web Console	A browser-based console that Interfaces dashboards and management consoles for universal policies, associated roles, domains, OUs, users, groups, agent versions, environments, view session and event details and so on.

1.2.2 Understanding the Workflow

Universal Policy Administrator has multiple components depicted in the architecture diagram below:

A high‑level Universal Policy Administrator change management workflow includes the following steps:

Create a new Universal Policy in the Web Console or import GPOs from your production Active Directory environment into the Web Console of the Universal Policy Administrator and save as a Universal Policy.
Check out a Universal Policy, locking it from changes by other users.
Edit the Universal Policy as needed.
Check in the updated Universal Policy, unlock the Universal Policy and update its version number.
Analyze the Universal Policy to verify your changes (for example, RSoP analysis), and then approve the policy.
Export to Active Directory.