First time Device Security Activation

1. Choose the Customer Support Account that you want to use.

   If you only have one Customer Support Portal account associated with your username, the Customer Support Account is prepopulated.
2. Allocate the product to the Recipient of your choice.

   Multiple CSP accounts You can allocate your entire license to one recipient or you can share it with multiple recipients in a tenant hierarchy. What is a tenant?

   1. If you need just one tenant, use or rename the tenant provided. The name provided matches your Customer Support Portal account for convenience.

   2. (Optional) This step applies if you are a managed security service provider (MSSP), a distributed enterprise customer, or need multiple tenants. After you create the first tenant, you can Allocate to subtenant and use or rename the tenant provided.

      A subscription gets allocated on a tenant or a sub-tenant. This step is for choosing a tenant where you want to allocate a license, not for building a complete tenant hierarchy. You can create only a tenant and subtenant here, and you can choose to allocate a license to that subtenant.

      After activation, you can build out your tenant hierarchy as needed through tenant management. You can create your tenant hierarchy to reflect your existing organizational structure. You can also consider identity and access inheritance when creating the hierarchy, in addition to tenant hierarchy limits.
   3. Select Done.
3. Choose the data ingestion Region, which is the region where the cloud logging service is receiving data from firewalls.
4. Strata Logging Service

   • If you are using Device Security that doesn't require Strata Logging Service, this sends data logs to a cloud logging service that streams them directly to Device Security without storing them in a data lake. Skip to the App Subdomain step.
   • If you are using Device Security that does require Strata Logging Service, add Strata Logging Service.
     1. Select a Strata Logging Service instance.
     2. Enter the amount of data log storage.
     3. The region is grayed out, but is autopopulated with the same region that you used for Strata Logging Service.
5. Enter an App Subdomain.

   Use a unique subdomain to complete the <subdomain>.iot.paloaltonetworks.com URL for your Device Security application. This will be the URL where you log in to the Device Security portal.
6. Agree to the terms and conditions, and Activate.

   A single default tenant is autocreated behind the scenes, and the product is activated in the tenant.

   This tenant, and any others created by this Customer Support Portal account, will have the Superuser role.
7. Go to the Common ServicesDevice Associations tab to add firewalls to the tenant, associate them with the Device Security application, and then apply the Device Security subscription to them: Device Associations.
8. Get started with Device Security.
9. Optional Manage your product.
10. Optional Manage identity and access.