Real Import users from AD and LDAP (not just the structure)
Import the USERS, not only the AD structure.
Importing the users, you can create rules (policy) based in user not the device. ie: A manager of the company use the officeboy machine to access his pendrive (the structure from managers can access pen drive and the officeboy is disable the pen drive access). For now its not possible, because the policy is machine based and not user based. So if the manager try to use a pen drive in officeboy machine he cant use.
Also if you import the userd from AD/LDAP, you dont need to create a user inside Policy Manager, you can use a Single Sign On to access Policy Manager and verify if the user have permission to access Policy Manager and PMS modules.