Enable ADEM in Cloud Managed Prisma Access for Mobile Users
Table of Contents
Expand all | Collapse all
- Products That Use Autonomous DEM
- View App Acceleration Metrics with AI-Powered ADEM
- ADEM Data Collection and Agent Processes
Enable ADEM in Cloud Managed Prisma Access for Mobile Users
Prisma Access
for Mobile UsersLearn how to enable
Autonomous DEM
for your Cloud Managed Prisma Access
users.Autonomous
DEM is supported on GlobalProtect app version 5.2.11 with Content
Release version 8393-6628 or later running on Windows or macOS endpoints
only. Because you may not have licensed Autonomous DEM for all of
your mobile users, you might want to create a new app settings configuration
and restrict it to the supported operating systems and the specific
users for which you want to enable ADEM.
After the GlobalProtect
app receives the ADEM configuration, it uses the corresponding certificate
to authenticate to the ADEM service and register with the service.
After the agent registers, you will be able to assign app tests
to the user.
To enable Autonomous DEM for your GlobalProtect
users:
- From theStrata Cloud Manageruser interface, create a new GlobalProtect App Settings configuration and enableAutonomous DEM.
- Select.WorkflowsPrisma AccessSetupGlobalProtectGlobalProtect App
- Add App Settingsto create a GlobalProtect app configuration for yourAutonomous DEMusers and give it aName.
- To set the Match Criteria forOS, clickAdd OSand selectMacand/orWindowssystems only.
- If you only want to deploy the ADEM configuration to a subset of your Mac and/or Windows users, underUser EntitiesclickAdd Userand select the users to whom you want to push this configuration.
- To enableAutonomous DEMfor the selected users, under App Configuration, expandand select an option to enableShow Advanced OptionsUser BehaviorDigital Experience Management (DEM) for.Prisma Access(Windows and Mac only)You can select whether to let users enable and disable ADEM by selectingInstall and User can Enable or Disable DEMorInstall and User cannot Enable or Disable DEM. When you enable ADEM, this also triggers creation of the certificate needed to authenticate to the ADEM service and enables log collection for troubleshooting.Starting in GlobalProtect version 5.2.8, you have the option to suppress receiving allAutonomous DEMupdate notifications (pertaining to installing, uninstalling and upgrading an agent) on the endpoints. To suppress the notifications, deselect theDisplay ADEM Update Notification Messagecheck box. By default, this check box is selected.
- Customize any other App Settings as needed.
- Savethe App Settings.
- Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests.To do so, you must add the ADEM URLs to make the endpoints register to the ADEM portal.
- Create anAddress Groupto hold your URLs.
- Add the following ADEM URLs to the address group.
- agents.dem.prismaaccess.com
- agents.jp1.ap-northeast-1.dem.prismaaccess.com
- agents.sg1.ap-southeast-1.dem.prismaaccess.com
- agents.au1.ap-southeast-2.dem.prismaaccess.com
- agents.ca1.ca-central-1.dem.prismaaccess.com
- agents.eu1.eu-central-1.dem.prismaaccess.com
- agents.uk1.eu-west-2.dem.prismaaccess.com
- agents.us1.us-east-2.dem.prismaaccess.com
- updates.dem.prismaaccess.com
- agents.in1.ap-south-1.dem.prismaaccess.com
- Create a security policy rule and add the newly created address group object to it.To do so, click the+icon underand add the address group you created as shown in the image below.DestinationAddresses
- To enable the app to connect to the ADEM service and to run the application tests, you must have a policy rule to allow the GlobalProtect users to connect to applications over HTTPS.
- To enable the app to run network monitoring tests, you must have a policy rule to allow ICMP and TCP traffic.
- (Optional) If you plan to run synthetic tests that use HTTP, you must also have a security policy rule to allow the GlobalProtect users to access applications over HTTP.
- SaveandPushthe configuration toPrisma Access.