Configure Prisma Access Browser Mobile Device Posture Attributes
Focus
Focus
Prisma Access Browser

Configure Prisma Access Browser Mobile Device Posture Attributes

Table of Contents

Configure Prisma Access Browser Mobile Device Posture Attributes

Define the device posture attributes that determine which mobile devices can join the device group.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • Prisma Access Browser standalone
  • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
  • Superuser or Prisma Access Browser role
In Prisma Access Browser, you can add attributes as match criteria when you add or edit a device group. Because Prisma Access Browser policy rules are enforced at the device group level, the attributes provide granular security that ensures the devices that Prisma Access Browser allows to access your apps are adequately maintained and adhere with your security standards before they are allowed access to your network resources. For example, before allowing access to your most sensitive apps, you might want to ensure that the mobile devices accessing your apps are not rooted or jailbroken. In this case, you would create a device group with an attribute that only allows mobile devices that are not rooted or jailbroken. The following sections detail the attributes you can use to determine device group membership for mobile devices. To learn about attributes for managing device group membership on Windows and macOS devices, see Configure Prisma Access Browser Device Posture Attributes

Root/Jailbreak Status

Enable this attribute to create a device group that only allows mobile devices that have not been rooted or jailbroken.

Active Screen Lock

Active screen lock mechanisms limit device access to authorized users only, preventing malevolent players from gaining access to confidential information on a mobile device. When you enable the Active screen lock attribute in a device group, Prisma Access Browser verifies that the device is enabled with an automatic screen lock, password, PIN, biometric, or similar lock feature before allowing access to the group.

iOS and Android OS Versions

Creating a device group that uses the device's operating system as a posture is a good way to make sure that users have specific versions of the OS. If you add an OS version attribute as match criteria for a device group, Prisma Access Browser checks the device OS version matches the attribute you defined before allowing membership in the device group.
Define the list of acceptable operating system versions for the Prisma Access Browser posture mechanism to check as follows.
  1. When you add or edit a device group, add the OS versions attribute.
  2. Select the iOS or Android versions, minimal minor versions, and minimal security patch level to allow into the device group and then click Save.

Device Type

Enable the Device type attribute to ensure that the device group only contains specific types of devices—such as smartphones or tablets. This can be especially useful when you need to create specialized rules for the different devices.

Device Manufacturer

Enable the Device manufacturer attribute to restrict device group membership to Android devices from selected manufacturers. This attribute is supported for Android devices only; it does not support iOS devices.
  1. When you add or edit a device group, enable the Device manufacturer attribute.
  2. Select the Android device manufacturers you want to support in the device group.
  3. Click Set.