Base web filter profile with block policy is not working

Question

I am running a default web filter profile, transparent mode with AD SSO, allowing all web traffic. I have added a policy called "block all" and added an AD group to it. The "block all" policy does not work with the AD group. If I add the users in the group to the policy, the filter will block the users. What am I missing? 
 Edit: 
 This user should be blocked but is not. Notice the empty group? Should the AD group be displaying? I have this user in an AD group called "NoWebAccess" 
 
 user="winqc" group="" ad_domain="MARS" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (SPI Block)" filteraction="REF_HttCffAllowAll (Allow All)"

BAlfson · Answer

Hi, Kevin -your first post here - welcome to the UTM Community! 
 Configuring HTTP/S proxy access with AD SSO is aimed at Standard mode, but the things related to AD will be the same. I suspect your Backend Group isn't based on a manually-created AD Security Group or that the AD Group is not properly described in your Backend Group. 
 Cheers - Bob