Mobile Users Dashboard

ADEM helps you resolve performance issues reported by a specific user starting from
Autonomous DEM
Mobile Users
From here you get an overall view of the experiences and the experience trend for all your ADEM users, as well a per-user view of the digital experience across your SASE environment. You can drill down into details for the specific user who is reporting performance issues.
  • Immediately when you drill down, alerts at the top of the page highlight any experience issues the specific user is having, such as low device memory or high CPU usage.
  • The experience score will also give you an indication of the overall digital experience for the user.For each application that is monitored per mobile user, ADEM calculates a score based on the 5 critical metrics - application availability, DNS resolution time, TCP connect time, SSL connect time, and the HTTP latency. If the application fails the availability test (application is unavailable), then the experience score is 0. If the application is reachable, only then the remaining four metrics will be calculated. Each of the above metrics (other than application reachability) have a different weightage and baselined lower and upper thresholds, and their combined weightage equals 100. The sum of these individual metric scores determines the application experience score for a user. An average of all the test sample results for each application determines the experience score of a user.
  • The user’s application experience trend chart shows when the experience score began to decline for this user, and also shows any significant events that could have been a catalyst for the decline, such as an OS upgrade or a GP app upgrade that may have caused high CPU usage or low available memory on the user’s device.
  • You can also see which segment of the network—device, local LAN or Wi-Fi network, ISP or WAN, Mobile User gateway, or the application itself—might be the cause of the issue.
Autonomous DEM for Hybrid Workforce
Autonomous DEM for Hybrid Workforce
monitors the experience of all applications irrespective of where they are hosted. It also continuously monitors the experience of every user as they shift between working from home, connected over a non-trusted network, to working from the office over a trusted corporate campus network. Whether the user is connected from an untrusted network or a trusted network, Autonomous DEM will continue to do application performance monitoring.
An untrusted network can be any network such as the user’s home, a retail shop, a hospital, hotel, or airport from where they are connected to Prisma Access. Even if your user disables the VPN manually, Autonomous DEM will continue to do the user experience and application monitoring. When mobile users are in their office campus, they are connected to a trusted network.
Autonomous DEM is enabled when GlobalProtect endpoints connect to Prisma Access. Once enabled, it will continue to monitor user experience across hybrid work environments on and off campus.
When you create an application test, by default the
End-to-end Application Experience monitoring from Trusted Networks (in Office)
is disabled. Select the application test on which you want to monitor user experience at all times irrespective of whether the user is in a trusted or untrusted network and select the
End-to-end Application Experience monitoring from Trusted Networks (in Office)
check box for the application in order for Autonomous DEM to continue to do the Application Performance Monitoring. The
End-to-end Application Experience monitoring from Untrusted Networks when VPN is disabled
check box is selected by default.
The following table describes the various states in GlobalProtect and how Autonomous DEM performs when GlobalProtect is in each state. These states are displayed in the GlobalProtect app settings. Autonomous DEM monitoring is supported in all the states.
GlobaProtect Status
Connected To
VPN Status
ADEM Monitoring
What it means
Prisma Access
VPN is connected to Prisma Access through GlobalProtect. User is logged in from an untrusted network (logged in remotely).
Internal network (from a trusted network)
VPN is connected to the internal network when the user is logged in from a trusted network (logged in from within the office or headquarters).
VPN is not connected to Prisma Access.
Connected Internal
User is not connected to the VPN. User is on a trusted network.
In the
Application Experience
trend widget on the
User Details
page, you will be able to visually see the duration when the user was connected or disconnected from the VPN. Clicking on a significant event provides information on the GlobalProtect status, the timestamp, current status of connectivity to a Prisma Access Location, and the name of the Prisma Access Location that the user’s device is currently connected to. In addition, you can view the SSID of the network from where the user is connecting.
Path Visualization
tab shows you the hop-by-hop network details of the traffic flow from the user to an application. Even if your VPN is disabled, it will provide visibility on all the internet hops from the user to an application. If your application (private application) is not reachable from an untrusted network when the VPN is disabled, it will fail the availability test and the application experience for that session will be impacted.

Recommended For You