Create a Jamf Policy for Prisma Access Agent Deployment

Table of Contents

Create a Configuration Profile for the Prisma Access Agent

Deploy Prisma Access Agents Using Microsoft Intune

Learn how to create a Jamf policy for the deployment of Prisma Access Agents.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Panorama)	For Prisma Access deployments: Minimum Required Prisma Access Version: 5.1 Preferred or Innovation Prisma Access license with the Mobile User subscription For NGFW deployments: Minimum required PAN-OS version: 11.2 Prisma Access Agent license for NGFW deployments For all deployments: Prisma Access Agent version: 25.1.0.14 macOS 14 and later desktop devices Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature

You can create a Jamf policy that will trigger the installation of the Prisma Access Agent to macOS devices that already have the Prisma Access Agent configuration profile installed.

Upload the Prisma Access Agent package to Jamf Pro for deployment to the managed macOS devices in your organization.
1. If you have not done so, download the Prisma Access agent package and configuration file from ManagePrisma Access Agent in Strata Cloud Manager.
2. Zip up the Prisma Access Agent installation package and the config.json file that you downloaded.
3. In Jamf Pro, select SettingsComputer ManagementPackages.
4. Click New.
5. Specify the General settings for the package.
  Enter a Display Name for the package.
  Click Choose File, select the package that you zipped up, and click Open.
6. Save your settings.
Create a Smart Computer Group that identifies those users who have the Prisma Access Agent configuration profile installed on their devices.

As a best practice, use the Profile Identifier as the match criteria for the Smart Computer Group. You can obtain the identifier from a macOS device that already has the configuration profile installed, such as a test device.
1. Select ComputersSearch Inventory.
2. Search for the computer that has the Prisma Access Agent profile installed.
3. Select the computer name and select InventoryProfiles.
4. Find the Prisma Access Agent profile from the list of profiles, and copy the corresponding profile identifier.
5. Create the Smart Computer Group.
6. For the Criteria, select Profile Identifier, and paste the profile identifier that you copied.
7. Save your settings.
Create a policy for deploying the Prisma Access Agent by selecting ComputersPoliciesNew.
In the General payload, configure the basic settings for the policy:
1. Enter a Display Name for the policy and make sure that the policy is Enabled.
2. (Optional) Select a Category to add the policy to.
3. Specify Trigger events that will initiate the policy, such as Recurring Check-in.
4. Select the Execution Frequency, such as Once per computer.
Configure the Packages payload for your new policy.
1. Select PackagesConfigure.
2. Scroll down the list of packages and Add the Prisma Access Agent zip package that you uploaded.
3. Select a Distribution Point.
4. Select the Install action.
(Optional) Configure the Maintenance payload.
1. Select MaintenanceConfigure.
2. Select Update Inventory.
Set the scope of the policy to the Smart Computer Group that you created in Step
2
to target those users who have the Prisma Access Agent profile installed on their devices.
Save the policy.
When the macOS endpoints in the Smart Computer Group check in with Jamf Pro and meet the trigger in the policy, the policy will run and deploy the Prisma Access Agent to the endpoints.