Autonomous DEM for Hybrid Workforce monitors the experience of all applications irrespective of where they are hosted. It also continuously monitors the experience of every user as they shift between working from home, connected over a non-trusted network, to working from the office over a trusted corporate campus network. Whether the user is connected from an untrusted network or a trusted network, ADEM will continue to do application performance monitoring.

An untrusted network can be any network such as the user’s home, a retail shop, a hospital, hotel, or airport from where users are connected to Prisma Access. Even if your user disables the VPN manually, ADEM will continue to do the user experience and application monitoring. When mobile users are in their office campus, they are connected to a trusted network.

When you create an application test, by default the End-to-end Application Experience monitoring from Trusted Networks (in Office) (in the Advanced Mobile Users Test Options section on the New App Test page) is disabled. Select the application test on which you want to monitor user experience at all times irrespective of whether the user is in a trusted or untrusted network and select the End-to-end Application Experience monitoring from Trusted Networks (in Office) check box for the application in order for Autonomous DEM to continue to do the Application Performance Monitoring. The End-to-end Application Experience monitoring from Untrusted Networks when VPN is disabled check box is selected by default.

The following table describes the various states in GlobalProtect and how Autonomous DEM performs when GlobalProtect is in each state. These states are displayed in the GlobalProtect app settings. Autonomous DEM monitoring is supported in all the states.