New Prisma Access User

1. Set up management for your NGFW.
   • Prisma Access (Managed by Panorama)
     1. Set up Panorama.

        • M-Series Appliance—Set up the M-Series appliance in Management Only or Panorama mode.
        • Panorama Virtual Appliance—Install the Panorama virtual appliance on your preferred hypervisor in Management Only or Panorama mode
     2. Set up an M-Series appliance or Panorama virtual appliance in Log Collector mode.
     3. Register Panorama.
     4. Activate the Panorama support license.
     5. Activate the Panorama device management license (M-Series Appliance or Panorama Virtual Appliance).
     6. Upgrade Panorama to the minimum PAN-OS version supported for AI Access Security.
     7. Install the Cloud Services plugin on Panorama.
        Refer to the Setup Prerequisites for the minimum supported Cloud Services plugin version.
     8. Set up Panorama Managed Prisma Access.
   • Prisma Access (Managed by Strata Cloud Manager)
     1. Activate the AIOps for NGFW Premium license.
     2. Onboard your NGFW to Strata Cloud Manager.
     3. Install the latest dynamic content updates and upgrade your NGFW to the minimum PAN-OS version supported for AI Access Security.
2. Set up Enterprise Data Loss Prevention (E-DLP).
   • Prisma Access (Managed by Panorama)
     1. Install the Enterprise DLP plugin on Panorama.
     2. Enable Enterprise DLP for Prisma Access.
     3. Edit the Enterprise DLP cloud content, data filtering, and snippet settings as needed.
   • Prisma Access (Managed by Strata Cloud Manager)
     1. Enable Enterprise DLP for NGFW.
     2. Edit the Enterprise DLP data filtering and snippet settings as needed.
3. Click the magic link provided to you by Palo Alto Networks when you purchased the AI Access Security subscription.
4. Click Activate Subscription to begin activating AI Access Security.

5. Enter Palo Alto Networks Customer Support Portal (CSP) Email Address. This email address must match the email that received the magic link to activate AI Access Security.
   Create a New Account if the email address that received the AI Access Security activation link doesn't already have a valid CSP account. You must enter a Password to successfully create the account. The newly created account is automatically associated with the same tenant for which you are activating AI Access Security and assigned a Multitenant Superuser role.

6. (Multitenancy only) In the Specify the Tenant section, select the tenant service group (TSG) for which you want to activate AI Access Security.
   Skip this step if you have only have a single TSG associated with your Customer Support Portal (CSP) account. It will be selected by default.

   Click Done after selecting a tenant to continue.
7. Review the tenant Region. This region is pre populated based on the region NGFW is deployed and cannot be changed.
8. Verify that the AI Access Security License is Fully Assigned
9. Verify that Data Loss Prevention is active on the tenant. Enterprise DLP is a prerequisites for AI Access Security.
10. Agree to the Terms and Conditions.
11. Activate Now.
12. Get Started with AI Access Security.