Manage Prisma Access Browser Devices
Focus
Focus
Prisma Access Browser

Manage Prisma Access Browser Devices

Table of Contents

Manage Prisma Access Browser Devices

Learn how to monitor devices running Prisma Access Browser, and create device groups.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • Prisma Access Browser standalone
  • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
  • Superuser or Prisma Access Browser role
The device directory provides a roster of your Prisma Access Browser devices and device groups.
The page is tabbed so that you can choose which view you want to see: Devices or Device Groups. The Device Groups tab allows you to create and examine groups of devices. This becomes important when defining rules and policies.

Manage Devices

  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access BrowserDirectoryDevices.
    You can see the total number of Prisma Access Browser devices displayed at the top of the page. By default, the Devices screen displays the first 50 devices based on your sort order. Click Load 50 More to move to the next page of devices.
  2. Review the device data.
    The Device Directory allows you to see the details of each device, and includes the following information:
    • Name—The device's hostname.
    • User—The Prisma Access Browser user's browser login name. Click the name to see user details, such as the devices and device groups associated with the user.
    • IP address—The device's external IP address.
    • Device groups—The number of device groups to which the device belongs.
    • Browser version—The browser version that's running on the device.
    • Device type—The type of device. The options are:
      • Desktop
      • Laptop
      • VM
      • Mobile
      • Unknown
    • OS platform—The operating system installed on the device (Windows, macOS, iOS, Android, Linux, Unknown).
    • OS version—The version of OS running on the device.
    • Last seen—The time the device last recorded an event to Prisma Access Browser. Hover over the field to see the full timestamp.
  3. Investigate devices using search and filters.
    • Search by device name or user name.
    • Filter the devices based on Device Groups, OS platform, EPP status, Last seen date, Screen lock status, Disk encryption status, and Firewall status.
  4. View details about a specific device.
    1. Click on a specific device on the list to see the device details.
    2. Review the device-specific details, including:
      • User—The device user's name.
      • Device type—The device type (desktop, laptop, VM, mobile, or unknown).
      • OS platform—The operating system installed on the device (Windows, macOS, iOS, Android, Linux, or Unknown).
      • OS version—The OS version installed on the device.
      • Browser brand—The name of the selected browser.
      • Browser version—The browser version running on the device.
      • First Seen—The elapsed time since the device first connected to the network. Hover over the field to see the full timestamp.
      • Last Seen—The time the device last recorded an event to Prisma Access Browser. Hover over the field to see the full timestamp.
      • Model—The device model.
      • Device management—The device management system that's managing the device.
      • Serial number—The device serial number.
      • IP address—The device's external IP address.
      • User-Agent—The request string that identifies the browser, device, and OS to network peers.
      • MAC addresses—The MAC addresses of the network cards installed on the device.
      • Posture—The status of the different posture requirements. Specific postures have a link to the details, and others have some additional information.
      • Extensions—The Extensions (if any) installed with the browser.
      • Device Groups—A list of the device groups to which the device belongs. Each group displays the relevant posture information, and a link to the device group.
      • User Groups—A list of the user groups to which the device user belongs.
  5. Export device details for offline investigation.
    1. Click the Export icon.
    2. In the Export window, select one of the following options:
      • Export all—Export all device data.
      • Export filtered data—Export device details based on the current filters.

Manage Device Groups

The Prisma Access Browser has a device group function that allows you to create different groups for different devices. Groups are dynamic. For example, you can set up groups for specific managed devices, different subsidiary devices, or contractors. As an administrator, you can exercise a considerable amount of flexibility in configuring the device groups you need within your organization. For example, groups meet changing business, operational, and organizational circumstances. You can use device groups either with sign-in rules to set the security bar for accessing Prisma Access Browser, or with posture-focused scoping for policy rules. For managing mobile device groups, see Create, Edit, and Delete Prisma Access Mobile Device Groups.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access BrowserDirectoryDevices and then select the Device Groups tab.
    You can see the total number of Prisma Access Browser device groups displayed at the top of the page. By default, the Device Groups screen displays the first 50 device groups based on your sort order. Click Load 50 More to move to the next page of devices.
  2. Review the device group data.
    The Device Group Directory allows you to see the details of each device group, and includes the following information:
    • Name—The device group name.
    • TypePrisma Access Browser, Mobile, Prisma Access Browser Extension, or Chromebook.
    • Attributes—Matching criteria for identifying which devices belong to the device group.
    • Created at—The device group creation date. Hover over the field to see the full timestamp.
    • Updated at—The device group last update date. Hover over the field to see the full timestamp.
  3. Add a device group.
    1. From the Device groups tab, click Add device group.
    2. Name the device group.
    3. Select whether you want to create a device group for Prisma Access Browser endpoints or for Mobile devices.
    4. Select and configure the attributes that devices must match in order to be part of the device group.
      Attributes match against device criteria, such as whether the device has disk encryption enabled, active endpoint protection, or complex password policy requirements. Enforcing device group membership based on attributes provides a granular way for you to ensure that the devices Prisma Access Browser allows have good security posture. There are different attributes depending on whether you are creating a device group for Windows and macOS devices or for mobile devices.
    5. Click Create.
    To edit or delete a device group, hover over the device group name in the director and click the pencil icon (to edit) or the trash icon (to delete).
  4. Investigate devices using search and filters.
    • Search by name or id.
    • Filter the device groups based on Type, Attributes, Created at, and Updated at.
  5. Export device details for offline investigation.
    1. Click the Export icon.
    2. In the Export window, select one of the following options:
      • Export all—Export all device group data.
      • Export filtered data—Export device group details based on the current filters.