Aperture™ SaaS security service is a cloud-based service that allows you to govern sanctioned SaaS application usage across all users in your organization to prevent the risk of breaches and non-compliance. The service delivers complete visibility and granular enforcement across all user, folder and file activity within sanctioned SaaS applications. Aperture enables you to discover and classify data stored across the supported SaaS applications, protect sensitive data from accidental exposure, identify and protect against known and unknown malware, and perform user activity monitoring to identify potential misuse or data exfiltration.

What's New

Month Feature Description
May 2019 Bulk Incident Management Instead of editing one incident at a time, you can now assess up to 1000 incidents simultaneously.
March & April 2019

SaaS Application Visibility on Aperture 



Administrator Activity Logs Enhancements

The combined visibility of Aperture data along with firewall and GlobalProtect Cloud Service logs enables you to assess monthly and quarterly trends on sanctioned and unsanctioned SaaS application usage across your enterprise.

Updates to include more details and export a CSV file to audit administrative actions on the Aperture service.

February 2019 General Data Protection Regulation (GDPR) Report The GDPR report on Aperture helps you review how you collect, use, and share PII data across your sanctioned SaaS applications.
December 2018 Azure Active Directory Integration for Group-Based Scanning Selective scanning with Active Directory enables you to adhere to data privacy regulations or exclude the scanning of confidential assets for a specific user group.


Aperture™ New Features Guide

All users on your network use SaaS applications. Use the Aperture new features guide to learn about enhancements or new features and how you can use it to manage and secure the sanctioned SaaS application usage on your network.

Aperture™ Administrator's Guide


Lightboard Series: Protect SaaS Applications with Next-Gen Security

This Lightboard video provides an overview of the key SaaS security requirements, including specific examples that showcase how our next-generation security platform provides complete SaaS control, based on users, content, and applications.

Lightboard Series: Aperture SaaS Security

Aperture by Palo Alto Networks protects your sanctioned SaaS applications from threats and Data exposure risks. Watch a short overview to learn how Aperture uniquely secures SaaS applications as part of the Next Generation Security Platform.

Lightboard Series - Securing Office 365

This Lightboard video is an overview on how to implement and secure Office 365.

Related Documents

Begin Selective Scanning Using Azure Active Directory Groups

Add your Azure Active Directory to Aperture to enable selective scanning of groups.

Configure Unsanctioned Device Access Control

Use the Aperture service as a SAML proxy between your Identity Provider and next generation firewall to control access to your sanctioned SaaS applications.

Book Image

Tech Docs: Update Your AWS S3 Security Monitoring Bucket List with Aperture!

Generate the SaaS Application Usage Report

The SaaS Application Usage report compares sanctioned versus unsanctioned applications on your network and lists the top applications by usage, compliance, and data transfers, and identifies apps with risky hosting characteristics.