What’s New in Common Services: Subscription and Tenant Management
Table of Contents
Expand all | Collapse all
- Activate a License for Remote Browser Isolation
-
- What is a Tenant?
- Add a Tenant
- Edit a Tenant
- Manage Tenant Licenses
- Delete a Tenant
- Transition from Single Tenant to Multitenant Cloud-managed Prisma Access FedRAMP
- Move an Internal Tenant
- Acquire an External Tenant
- Approve an External Tenant Acquisition
- Limitations for Moving and Acquiring Tenants
- Tenant Hierarchy Limits
What’s New in Common Services: Subscription and Tenant
Management
Common Services
: Subscription and Tenant
Management Learn about the latest features related to
Common Services
: Subscription and Tenant Management. Here’s what’s new in
Common Services
: Subscription and Tenant Management. You
can also check what’s new for Identity and Access Management, Device Associations, and Prisma SASE Multitenant Portal.What's new in February 2024
The following new items were released in February 2024.
Tenant Moves and Acquisitions
If you're a managed security service provider (MSSP) or distributed enterprise with a
multitenant hierarchy, you can now move a tenant that is part of your tenant
hierarchy to a different location. You can do this by moving an internal tenant. Any tenant is
considered an internal tenant if it's within your tenant hierarchy, and you have
superuser access to the source and target tenants. It's possible to move tenants
within the same top-most, root-level, parent tenant or intermediate tenants of your
hierarchy. You would move an internal tenant primarily in the case of testing,
demonstrations, reorgs, correcting mistakes, and more.
If you're a managed security service provider (MSSP) or distributed enterprise with a
multitenant hierarchy, you can also acquire and manage tenants that are not part of
your current tenant hierarchy. You can do this by acquiring an external tenant. Any tenant
is considered an external tenant if it isn’t within your current tenant hierarchy.
You can only acquire a top-most, root-level, parent tenant through an external
tenant acquisition. You would acquire an external tenant primarily in the case of
corporate acquisitions or mergers or reorgs.
What's new in December 2023
The following new items were released in December 2023.
FedRAMP High "In Process" Support
The Federal Risk and Authorization Management Program (FedRAMP) is a United States
government-wide program that provides a standardized approach to security
assessment, authorization, and continuous monitoring for cloud products and services
for government users. Palo Alto Networks has demonstrated FedRAMP compliance.
For more information about Palo Alto Networks FedRAMP authorization, visit
Prisma Access for U.S. Public Sector.
To ensure FedRAMP compliance, follow the FedRAMP High "In Process" Requirements and
Activation.
The following apps and features are supported for use in a FedRAMP High "In Process"
environment:
- Cloud Managed Prisma Access, including:
- Activity
- Autonomous DEM
- CDSS add-on services, including:
- Advanced WildFire cloud (full detections)
- App-ID Cloud Engine
- Cloud Identity Engine
- Enterprise DLP
- SaaS API
- SaaS/DLP Inline
- SaaS Security Posture Management (SSPM)
- Dedicated hub for federal
- Dedicated support environment for federal
- FIPS dependencies: FIPS Mode is recommended that endpoints have FIPS enabled
- Insights
- Multitenant Platform
- Panorama-managed Prisma Access:
- Autonomous DEM
- CDSS add-on services, including:
- Advanced WildFire cloud (full detections)
- App-ID Cloud Engine
- Cloud Identity Engine
- Enterprise DLP
- IoT Security
- SaaS API
- SaaS/DLP Inline
- SaaS Security Posture Management (SSPM)
- Dedicated hub for federal
- Dedicated support environment for federal
- FIPS dependencies: FIPS Mode is recommended to be enabled for customers of on-premise Panorama Management and computers using the GlobalProtect Agent
- Insights
License Activation Changes
- Now all stand-alonePrisma SD-WAN:Prisma SD-WANsales orders come with an activation email regardless if the subscription is brand new or for an existing tenant. You'll see this when you activate a license forPrisma SD-WAN.
- Now you can choose a different Customer Support Account than you chose during first-time activation. You'll see this during return visit license activation forPrisma SD-WAN:Prisma SD-WAN.
- Software NGFW Credits:Now you can activate a Software NGFW Credits License usingStrata Cloud Manager(AIOps for NGFW Premium) for Panorama Managed VM-Series.
After you receive an email from Palo Alto Networks identifying the new product
license you're activating, including all your add-ons and capacities, use the
activation link to begin the activation process. You can activate and manage all
your available licenses, device associations, tenants, and identity and access from
Common Services. As existing app instances transition to
tenants and tenant service groups you can
also use Common Services to manage those as well. After activation or transition,
you can find Common Services in the tenant view of the hub or in a variety of ways.
What's new in November 2023
The following new items were released in December 2023.
App Tile Name Change
You'll notice the following change in various license activation scenarios. For
example, if you activate a license for the app formerly known as
AIOps for NGFW Premium
, after the activation status is complete, you can
launch the app from a variety of places including the hub
Strata Cloud Manager
app tile.The application tile names on the hub for Prisma Access, Prisma SD-WAN, and
AIOps for NGFW (the premium app only) are now changed to
Strata Cloud
Manager
. With this update, the application URL has also changed to stratacloudmanager.paloaltonetworks.com
, and
you’ll also now see the Strata Cloud Manager
logo on the left navigation
pane.Moving forward, continue using the Strata Cloud Manager app to manage and
monitor your deployments.
License Activation Changes
- IOT add-on forNow you can usePrisma Access:Common Servicesto activate the IoT Security add-on when you enable available add-ons forPrisma Access (Managed by Strata Cloud Manager)
- SaaS Security Inline:Now you can useCommon Servicesto activate Saas Security Inline licenses and then get started with SaaS Security Inline.
After you receive an email from Palo Alto Networks identifying the new product
license you're activating, including all your add-ons and capacities, use the
activation link to begin the activation process. You can activate and manage all
your available licenses, device associations, tenants, and identity and access from
Common Services. As existing app instances transition to
tenants and tenant service groups you can
also use Common Services to manage those as well. After activation or transition,
you can find Common Services in the tenant view of the hub or in a variety of ways.
Remote Browser Isolation
Now you can use
Common Services
to activate a license for Remote Browser Isolation
(RBI).Browser and web-based attacks are continuously evolving, resulting in security
challenges for many enterprises. Web browsers, being a major entry point for malware
to penetrate networks, pose a significant security risk to enterprises, prompting
the increasing need to protect networks and devices from zero day attacks. Highly
regulated industries, such as government and financial institutions, also require
browser traffic isolation as a mandatory compliance requirement.
While most enterprises want to block 100% of attacks by using network security and
endpoint security methods, such a goal might not be realistic. Most attacks start
with the compromise of an endpoint that connects to malicious or compromised sites
or by opening malicious content from those sites. An attacker only needs one miss to
take over an endpoint and compromise the network. When this happens, the
consequences of that compromise and the impact to your organization can be
damaging.
Remote Browser Isolation (RBI) creates a no-code
execution isolation environment for a user's local browser, so that no website code
and files are executed on their local browser. Unlike other isolation solutions, RBI
uses next-generation isolation technologies to deliver near-native experiences for
users accessing websites without compromising on security.
RBI is a service that isolates and transfers all browsing activity away from the
user's managed devices and corporate networks to an outside entity such as Prisma
Access, which secures and isolates potentially malicious code and content within
their platform. Natively integrated with Prisma Access, RBI allows you to apply
isolation profiles easily to existing security policies. Isolation profiles can
restrict many user controls such as copy and paste actions, keyboard inputs, and
sharing options like file uploading, downloading, and printing files to keep
sensitive data and information secure. All traffic in isolation undergoes analysis
and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as
Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security,
and SaaS Security.
What's new in October 2023
The following new items were released in October 2023.
New Features in October 2023 | |
---|---|
Prisma Access China Cloud Managed License
Activation | You can now activate a license through Common Services for
Cloud Managed
, an offering that
allows you to onboard Prisma Access locations in
mainland China. |
What's new in August 2023
The following new items were released in August 2023.
New Features in August 2023 | |
---|---|
CIE Sharing | Now you can use Common Services to activate and share Cloud Identity
Engine. |
What's new in July 2023
The following new items were released in July 2023.
New Features in July 2023 | |
---|---|
Unified License Activation | The separate single tenant license activation flow and
multitenant license activation flow have been unified into one.
The following pages are updated to reflect the changes: |
What's new in June 2023
The following new items were released in June 2023.
New Features in June 2023 | |
---|---|
Strata Cloud Manager | Depending on your licensed products, and if you have
received information about the migration of your tenant, you might
begin to manage and monitor your network and security infrastructure
through Strata Cloud Manager . You
still use the same Common Services for
license activation and tenant management, but you access them
through Settings . |
VM Flex License Agreement | Now you can use Common Services to Activate a VM Flex License
Agreement for IoT Security and AIOps for NGFW. |
Service Provider Backbone License
Activation | Now you can use Common Services to activate a license for
Service Provider
Backbone, an offering that allows you more control of
your Prisma Access egress traffic. |
What's new in May 2023
The following new items were released in May 2023.
New Features in May 2023 | |
---|---|
IOT Security subscriptions | Now that IoT Security is
compatible with tenants and tenant service groups (TSGs), you
can use Common Services to activate IoT Security
subscriptions. |
What's new in April 2023
The following new items were released in April 2023.
New Features in April 2023 | |
---|---|
Enterprise License Agreement add-on | Now that IoT Security is
compatible with tenants and tenant service groups (TSGs), you
can use Common Services to activate an
Enterprise License Agreement for IoT Security. |
Extend or renew subscriptions | Extend or Renew a Subscription is
updated to show additional steps to follow in shared license
scenarios. |
What’s New in March 2023
The following new items were released in March 2023.
New Features in March 2023 | |
---|---|
Prisma Access China License Activation | You can now activate a license through Common Services for Panorama Managed Prisma Access , an offering that allows you to onboard
Prisma Access locations in mainland China. |
What’s New in February 2023
The following new items were released in February 2023.
New Features in February 2023 | |
---|---|
Enterprise License Agreement add-on | Now that AIOps for NGFW is compatible with
tenants and tenant service groups (TSGs), you can use Common Services to activate an
Enterprise License Agreement of AIOps for NGFW
Premium or AIOps for NGFW Free. |
AIOps for NGFW | Now that AIOps for NGFW is compatible with
tenants and tenant service groups (TSGs), you can use Common Services to activate AIOps for
NGFW. |
Saas Security Posture Management | Now that Saas Security Posture Management
(SSPM) is compatible with tenants and tenant service groups (TSGs),
you can use Common Services to activate a standalone
SSPM license. |
What’s New in January 2023
The following new items were released in January 2023.
New Features in January 2023 | |
---|---|
Singapore and Australia region changes | When you Activate a License for in a single tenant or
multitenant hierarchy using the Singapore or Australia region,
all tenant data (such as configuration, telemetry logs, system
logs, and stats) is now stored in the selected location. The new
behavior is available only for new licenses and new tenant
activations. |
What’s New in December 2022
The following new items were released in December 2022.
New Features in November 2022 | |
---|---|
Location add-on changes | If you have a local edition license, the Location add-on is now available for enabling more than
5 regions, and for sharing additional locations with your
tenants during Activate a License
for Cloud-managed . |
What’s New in November 2022
The following new items were released in November 2022.
New Features in November 2022 | |
---|---|
CASB-X license activation | Next Generation CASB License on
Cross Platforms (CASB-X) can be applied on both
Prisma Access and Next Generation Firewall (NGFW)
devices in a single tenant environment. |
What’s New in October 2022
The following new items were released in October 2022.
New Features in October 2022 | |
---|---|
CASB license sharing | When you share a license for that
includes the Cloud Access Security Broker (CASB) add-on, you can
enable CASB on the root tenants or child tenants where the
Prisma Access license is shared. |
Deselect add-ons | When you share a , you can now deselect
add-ons such as Autonomous Digital Experience Management (ADEM)
and Service Connection.
|
What’s New in September 2022
The following new items were released in September 2022.
New Features in September 2022 | |
---|---|
Multi-DLP Additional Workflows | Data Loss Prevention (DLP) is now also available in single tenant Activate a License
for Cloud-managed .
In a single tenant Prisma Access Enterprise
environment, you have the option to activate multiple individual
DLPs against different single tenants or to consolidate multiple
DLP instances (such as CASB, NGFW, and Prisma Cloud) under one
Customer Support Portal (CSP) ID and one single tenant.
|
Panorama-managed License Activation | When you Activate a License
for Panorama-managed , the
button label is now updated to Single Tenant /
Panorama to indicate that the button is for both
single tenant Prisma Access license activation and also
for Panorama-managed Prisma Access license activation,
regardless of single or multitenant status in Panorama. |
What’s New in August 2022
The following new items were released in August 2022.
New Features in August 2022 | |
---|---|
Prisma Access License Activation Enhancements | Activate and manage all your in one place. |
Subscription Modification | Request to modify a subscription for
your production tenant. |
Evaluation to Production Conversion | Request evaluation license
to production conversion, specifying the licenses you would
like on your production tenant. |
License Diagnostics | You can now diagnose license activation issues and
open support cases in one location. |
CASB Bundle | CASB add-on bundle allows you to activate the following capabilities all at once during Activate a License
for Cloud-managed :
SaaS Security Inline and API, Enterprise DLP, SaaS Security
Posture Management (SSPM). |
Multi-DLP Support | Data Loss Prevention (DLP) is no longer restricted to one DLP instance per CSP ID. Depending on
your license, you can now activate multiple DLPs per CSP ID.
This makes it possible to activate the DLP add-on against
multiple tenants, including child tenants, in your multitenant
hierarchy during Activate a License
for Cloud-managed . |