Autonomous DEM for Hybrid Workforce
Focus
Focus
FedRAMP

Autonomous DEM for Hybrid Workforce

Table of Contents

Autonomous DEM for Hybrid Workforce

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Strata Cloud Manager
  • Prisma Access license
  • Autonomous DEM license
Autonomous DEM for Hybrid Workforce monitors the experience of all applications irrespective of where they are hosted. It also continuously monitors the experience of every user as they shift between working from home, connected over a non-trusted network, to working from the office over a trusted corporate campus network. Whether the user is connected from an untrusted network or a trusted network, ADEM will continue to do application performance monitoring.
An untrusted network can be any network such as the user’s home, a retail shop, a hospital, hotel, or airport from where users are connected to Prisma Access. Even if your user disables the VPN manually, ADEM will continue to do the user experience and application monitoring. When mobile users are in their office campus, they are connected to a trusted network.
Autonomous DEM is enabled when GlobalProtect endpoints connect to Prisma Access. Once enabled, it will continue to monitor user experience across hybrid work environments on and off campus.
When you create an application test, by default the End-to-end Application Experience monitoring from Trusted Networks (in Office) (in the Advanced Mobile Users Test Options section on the New App Test page) is disabled. Select the application test on which you want to monitor user experience at all times irrespective of whether the user is in a trusted or untrusted network and select the End-to-end Application Experience monitoring from Trusted Networks (in Office) check box for the application in order for Autonomous DEM to continue to do the Application Performance Monitoring. The End-to-end Application Experience monitoring from Untrusted Networks when VPN is disabled check box is selected by default.
The following table describes the various states in GlobalProtect and how Autonomous DEM performs when GlobalProtect is in each state. These states are displayed in the GlobalProtect app settings. Autonomous DEM monitoring is supported in all the states.
GlobaProtect StatusConnected ToVPN StatusADEM MonitoringWhat it means
ConnectedPrisma AccessEnabledYesVPN is connected to Prisma Access through GlobalProtect. User is logged in from an untrusted network (logged in remotely).
ConnectedInternal network (from a trusted network)EnabledYesVPN is connected to the internal network when the user is logged in from a trusted network (logged in from within the office or headquarters).
DisabledN/ADisabledYesVPN is not connected to Prisma Access.
Connected InternalN/ADisabledYesUser is not connected to the VPN. User is on a trusted network.