Enable ADEM in Cloud Managed Prisma Access for Mobile Users
Learn how to enable Autonomous DEM for your Cloud Managed Prisma Access users.
To enable Autonomous Digital Experience Management (ADEM) for your Prisma Access mobile users, you must enable ADEM in the GlobalProtect app settings. After you enable ADEM for a user, the GlobalProtect portal will automatically push the ADEM capabilities and the required authentication certificate to the selected users the next time they connect.
Autonomous DEM is supported on GlobalProtect app version 5.2.6 or later (we recommend version 5.2.8 or later) with Content Release version 8393-6628 or later running on Windows or macOS endpoints only. Because you may not have licensed Autonomous DEM for all of your mobile users, you might want to create a new app settings configuration and restrict it to the supported operating systems and the specific users for which you want to enable ADEM.
After the GlobalProtect app receives the ADEM configuration, it uses the corresponding certificate to authenticate to the ADEM service and register with the service. After the agent registers, you will be able to assign app tests to the user.
To enable Autonomous DEM for your GlobalProtect users:
- From the Prisma Access app on the hub, create a new GlobalProtect App Settings configuration and enable Autonomous DEM.
- SelectandManageService SetupGlobalProtectGlobalProtect AppNamethe configuration.
- Add App Settingsto create a GlobalProtect app configuration for your autonomous DEM users and give it aName.
- To set the Match Criteria forOS, clickAdd OSand selectMacand/orWindowssystems only.
- If you only want to deploy the ADEM configuration to a subset of your Mac and/or Windows users, underUser EntitiesclickAdd Userand select the users to whom you want to push this configuration.
- To enable Autonomous DEM for the selected users, under App Configuration, expandand select an option to enableShow Advanced OptionsUser BehaviorDigital Experience Management (DEM) for Prisma Access (Windows and Mac only).You can select whether to let users enable and disable ADEM by selectingInstall and User can Enable or Disable DEMorInstall and User cannot Enable or Disable DEM. When you enable ADEM, this also triggers creation of the certificate needed to authenticate to the ADEM service and enables log collection for troubleshooting.Starting in GlobalProtect version 5.2.8, you have the option to suppress receiving all Autonomous DEM update notifications (pertaining to installing, uninstalling and upgrading an agent) on the endpoints. To suppress the notifications, deselect theDisplay ADEM Update Notification Messagecheck box. By default, this check box is selected.
- Customize any other App Settings as needed.
- Savethe App Settings.
- Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests.To do so, you must add the ADEM URLs to make the endpoints register to the ADEM portal.
- Add a security profile for your endpoint agent registration. You will need to create a security policy for it.ClickAllow All Traffic for ADEM clients.TheAllow All Traffic for ADEM Clientspage opens.
- Create anAddress Groupto hold your URLs.
- Add the following ADEM URLs to the address group:
To do so, click the+icon under.DestinationAddressesADEM URL
- To enable the app to connect to the ADEM service and to run the application tests, you must have a policy rule to allow the GlobalProtect users to connect to applications over HTTPS.
- To enable the app to run network monitoring tests, you must have a policy rule to allow ICMP and TCP traffic.
- (Optional) If you plan to run synthetic tests that use HTTP, you must also have a security policy rule to allow the GlobalProtect users to access applications over HTTP.
- SaveandPushthe configuration to Prisma Access.
Recommended For You
Recommended videos not found.