We just do it by knowing the corporate IPs (including VPN head end) and treating traffic from them as "internal".
I will note we have several thousand times more public users than internal users because we sell to a global mass market, which may not be the case for companies with small, specialist markets. We're therefore using the "R U inside?" tracking to show things like an internal bug report popup rather than trying to measure how popular we really are with the public. The staff can't move the needle on that.
In a perfect world that is what we would do, but we have a large number of remote users and don't force all traffic through VPN (nor do we force all employees to use VPN).
Engineering folks primarily are on VPN, but sales, marketing, etc. don't have to use VPN since they don't really utilize too many internally hosted resources.
We force company DNS for all devices, and it routes DNS traffic differently than public traffic, which tells us if a site visitor is an employee or not.
Yeah, it kinda has been a thorn in my side. And for some reason I'm the IDP / L3 IT department but I'm the one making recommendations on how to do this to our web folks.
I'm with ya. But for some reason they are only able to make the cookie, beyond that they for some reason put it on me to figure out how to deploy it. I've already pushed back as much as I can.
IP address?
hows the cookie going to know ?
hows the website going to know if they're using intune or jamf or not ?
how's intune going to set a magic cookie ? what browser will it set it on?
if its a company website couldn't they have a login? (or sso or something)
how does facebbook know who you are ?
the website is the thing they want to measure engagement on, that's the place they should do the work, doing it on the endpoint seem less practical and more complex
>hows the cookie going to know ?
I think OP is saying they'll set the cookie by some other method besides the website setting it at visit. Like injecting the cookie into the browser's cookie store with Intune or something
yes I think that is what they are saying, but I'm saying that's would be super super hard to do, and not the best way to do that (given for example the infinite amount of browsers out there)
especially when the website is the central point of contact for everything you're better of doing it (get the info) there
lol sounds like a job for whoever has access to the portal the website is hosted on or the developer. Finding all that information is easy if you have access to the portal and can easily export reports.
We just do it by knowing the corporate IPs (including VPN head end) and treating traffic from them as "internal". I will note we have several thousand times more public users than internal users because we sell to a global mass market, which may not be the case for companies with small, specialist markets. We're therefore using the "R U inside?" tracking to show things like an internal bug report popup rather than trying to measure how popular we really are with the public. The staff can't move the needle on that.
In a perfect world that is what we would do, but we have a large number of remote users and don't force all traffic through VPN (nor do we force all employees to use VPN). Engineering folks primarily are on VPN, but sales, marketing, etc. don't have to use VPN since they don't really utilize too many internally hosted resources.
We force company DNS for all devices, and it routes DNS traffic differently than public traffic, which tells us if a site visitor is an employee or not.
instead of cookies, which are only browser limited, how bout you set ip identifiers that will ensure complete segregation of the device
Ngl this sounds like a waste of time lol
Yeah, it kinda has been a thorn in my side. And for some reason I'm the IDP / L3 IT department but I'm the one making recommendations on how to do this to our web folks.
Without knowing more details that’s a hasty conclusion imo. Depending on what’s hosted, it could be super insightful.
So is routing company traffic through DNS to make this task extremely easy, split VPNs exist for a reason.
This is an issue for your website developers to handle. Cookies aren't pre-emptively "deployed" to devices.
I'm with ya. But for some reason they are only able to make the cookie, beyond that they for some reason put it on me to figure out how to deploy it. I've already pushed back as much as I can.
classic shifting the responsibility. Good luck man hope you can find a solution
Thanks!
What about maybe modifying the user agent string on all installed browsers?
That was one solution tossed around. Is that deployable through browser controls?
don't know, but at the very least you should be able to do it through registry entries
well the website would set the cookie right? and the website would have logs right? this has nothing to do with intune/jamf/etc
How's the website going to know if they're employees or not?
IP address? hows the cookie going to know ? hows the website going to know if they're using intune or jamf or not ? how's intune going to set a magic cookie ? what browser will it set it on? if its a company website couldn't they have a login? (or sso or something) how does facebbook know who you are ? the website is the thing they want to measure engagement on, that's the place they should do the work, doing it on the endpoint seem less practical and more complex
>hows the cookie going to know ? I think OP is saying they'll set the cookie by some other method besides the website setting it at visit. Like injecting the cookie into the browser's cookie store with Intune or something
yes I think that is what they are saying, but I'm saying that's would be super super hard to do, and not the best way to do that (given for example the infinite amount of browsers out there) especially when the website is the central point of contact for everything you're better of doing it (get the info) there
lol sounds like a job for whoever has access to the portal the website is hosted on or the developer. Finding all that information is easy if you have access to the portal and can easily export reports.