Before configuring NSX IdFW, make sure you have AD user credentials with read permission for all objects in the domain tree and with read permissions for security logs when using a physical desktop.
NSX IdFW also uses the Guest Introspection VM to do user-to-IP mapping on the virtual desktop; make sure the Guest Introspection services VM's are deployed before or after configuring the security policy.