Prisma Access Browser
Device Posture Attributes
Table of Contents
Expand All
|
Collapse All
Prisma Access Browser Docs
-
- Use the Prisma Access Browser Dashboards
- Digest Prisma Access Browser Home Screen Highlights
- Investigate Prisma Access Browser Events
- Account Protection for the Prisma Access Browser
- Manage Prisma Access Browser Users
- Manage Prisma Access Browser Applications
- Manage Prisma Access Browser Extensions
- Manage Prisma Access Browser Sign-in Rules
- Manage Prisma Access Browser Requests to Bypass Policy Rules
- Manage Rollback Control for the Prisma Access Browser
- Prisma Access Browser Remote Connections
- Location-based Policy
- The Prisma Access Browser Extension
-
- Integrate Prisma Access Browser with Microsoft 365
- Integrate Prisma Access Browser with Microsoft Information Protection
- Windows Account Based SSO Authentication
- Integrate Prisma Access Browser with Google Workspace
- Integrate Prisma Access Browser with Votiro
- Integrate Prisma Access Browser with CrowdStrike Falcon Intelligence
- Integrate Prisma Access Browser with OPSWAT MetaDefender
- Integrate Prisma Access Browser with YazamTech SelectorIT
- Integrate Prisma Access Browser with Symantec DLP
- IP Based Enforcement
- Certificate-Based Enforcement
- How Is Synched Data Stored?
Device Posture Attributes
This topic explains how the posture attributes work.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can create posture attributes for either positive or negative use. This
allows you to create device groups for almost any possible option.
Negative posture attributes are only available on the Desktop
browser.
The positive attributes require the device to have the specified attribute -
for example - the device must have endpoint protection.
The logic between the attributes is AND. This means that if you select more than
one posture attributes, all of then must be matched.
The negative attributes require the device to not have the specified
attribute - for example - The device must not have a Screen Lock. This can be
useful when you need to detect or differentiate the behavior in unmanaged devices. An
example of this would be a device group that has the following posture requirements:
- Must have a Screen lock.
- Must not belong to a specified Device Software Management tool.
All the devices that are members of this group must have a Screen Lock, and
must not be managed by one of the available Software Management tools (Jamf,, Intune,
Azure, Active Directory) in the list of device serial numbers.
Each Posture attribute contains a positive and negative option - is or is
not OR active or inactive. You can select one option per attribute.
- Unprivileged process is now Privileged process attribute. Legacy users will see that it is now defined as “is not” privileged/elevated.
- A Device group with no attributes will match all devices in the specified platform.
- Endpoint Protection now has an Any vendor control. This means that your users can have any EPP.
- OS Password Protection now has an Any password configuration. This means that any password is acceptable, even one that does not normally follow standard rules.
- Full OS boot mode is now Normal OS boot mode.
For a more detailed discussion of the device posture attributes, refer to Configure Prisma Access Browser Device Posture Attributes