>
    Deploy the Prisma Access Browser
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. Deploy the Prisma Access Browser
    Download PDF
    Prisma Access Browser

    Deploy the Prisma Access Browser

    Table of Contents

    Deploy the
    Prisma Access Browser

    Learn about deployment methods for the
    Prisma Access Secure Enterprise Browser
     (
    Prisma Access Browser
    ) based on your organization’s policies and preferences. You can use self-service, MSI installer, Jamf, or Intune.
    Where Can I Use This?
    What Do I Need?
    • Strata Cloud Manager
    • Prisma Access Browser
       standalone
    • Prisma Access
       with
      Prisma Access Browser
       bundle license or
      Prisma Access Browser
       standalone license
    • Superuser or
      Prisma Access Browser
       role
    You can choose from a variety of deployment methods for the
    Prisma Access Browser
     based on your organization’s policies and preferences.
    Select the method that you prefer for deployment:

    Deploy
    Prisma Access Browser
     Using Self-Service Methods

    The self-service installation allows end users to install the
    Prisma Access Browser
     without administrator intervention. This method does not require any special privileges on the computer.
    1. Direct users to the link
      https://get.pabrowser.com
       to proceed with browser installation.
    2. Users will need to log in with their SSO credentials (after the administrator configures SSO).
    3. For more information and getting started for end users, see the User Guide.

    Deploy
    Prisma Access Browser
     Using Offline MSI Installer

    NOTE:
     The Offline Installer is available for Windows devices only.
    You can decide to install updates manually instead of relying on the automatic updates. This would be the case when you want to test the updates before releasing them to your users.
    The
    Prisma Access Browser
     Offline MSI Installer provides functionality that is designed for organizations employing mobile device management (MDM) utilities to govern the managed devices. This allows you complete oversight over Prisma Access Browser updates, allowing more opportunity to test before implementation.
    Organizations opting for this feature will have the automatic browser updates disabled.
    We strongly recommend that you regularly update the browser; failure to update the browser in a timely manner could expose your organization to critical security risks.
    1. Monitor the various support links and RSS feeds to monitor when updates are available.
    2. Check them on your testing environment and when you're confident with the update, you can push the update to your users.
    3. The offline MSI Installer is available at: https://updates.talon-sec.com/sparkle/PAB/offline-win/2804.5/stable_prisma_access_browser_installer_125_142_2804_5-sEL3FStyfY.msi

    Deploy
    Prisma Access Browser
     Using Jamf

    Jamf is a comprehensive management system for Apple macOS and iOS devices. With Jamf, you can proactively manage the entire lifecycle of Apple devices. This includes deploying and maintaining software, responding to security threats, distributing settings, and analyzing inventory data.
    Deploying the
    Prisma Access Browser
     using Jamf is a 2-step procedure.
    1. Open the Jamf Dashboard and select
      Settings
      .
      1. Select
        Computer Management
        Scripts
        .
      2. On the Scripts page, select
        New
        .
      3. On the New Script page, on the General tab, enter the
        Display Name
         - a name for the script. Use any name that meets your organizational requirements.
      4. Select the
        Script
         tab.
        1. Install the Installomator script.
        2. Locate the line:
          DEBUG=1
          , and change it to:
          DEBUG=0
          .
          .
        3. Locate the label:
          prism9
          . Enter the following script
          before
           this label:
          pabrowser)
                                            name="Prisma Access Browser"
                                            type="dmg"
                                            if [[ $(arch) != "i386" ]]; then
                                            printlog "Architecture: arm64 (not i386)"
                                            downloadURL=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable-a64/appcast.xml | grep -Eo 'url="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            appNewVersion=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable-a64/appcast.xml | grep -Eo 'sparkle:shortVersionString="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            else
                                            printlog "Architecture: i386"
                                            downloadURL=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable/appcast.xml | grep -Eo 'url="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            appNewVersion=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable/appcast.xml | grep -Eo 'sparkle:shortVersionString="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            fi
                                            expectedTeamID="XZMH593AYG"
                                            ;;
          .
        4. Click the
          Options
           tab. Under
          Parameter 4
          , enter the Application name. Select
          Save
          .
        5. The script is saved; you can now create a new Policy.
    2. Create the Policy.
      1. In the Jamf Dashboard, select
        Computers
        Policies
        New
        .
      2. On the Policies page, select
        New
        .
      3. On the
        New Policy
         page, enter the
        Display Name
         for the policy.
      4. Select
        Scripts
        .
      5. In the Configure Scripts field, click
        Configure
        .
      6. On the
        New Policy
         page, select the
        Script
         and click
        Add
        .
      7. In the
        Parameter Values
         section, select the
        Application Name
         field, and enter
        pabrowser
        .
      8. Save
        .
        The Script is added to the policy.

    Deploy
    Prisma Access Browser
     Using Intune

    Learn how to deploy
    Prisma Access Secure Enterprise Browser
     (
    Prisma Access Browser
    ) using Intune.
    Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
    1. Open the
      Microsoft Intune Admin Center
      .
    2. Select
      Apps
      All apps
      .
    3. Click
      + Add
      .
    4. In the Select app type window, select
      Line-of-business app
      .
    5. Click
      Select
      .
    6. In the App information step, click
      Select app package file
      .
    7. In the App package file window, browse to the MSI installation file, named
      PrismaAccessBrowserSetup.msi
      .
    8. Click
      Ok
      .
    9. Enter all the needed properties.
      1. Enter a
        name
         for the app. This will be visible in the Intune list and in the Company Portal.
      2. Provide a brief description of the app and its benefits for users. This description will be available in the Company Portal, where you can use rich text formatting to enhance it.
      3. Enter the name of the app’s
        publisher
        , which appears in the Company Portal.
      4. App install context
         – Select the Device.
      5. Show this as a featured app in the Company Portal
         – we recommend that you select Yes so that it will be easier for your users to find.
      6. Select the appropriate
        Logo
         for the application. Contact support for the correct file.
    10. Click
      Next
      .
    11. Select the Assignments for this app.
      1. For Available for enrolled devices, select Add group, and select the required Entra groups assigned to the application.
      2. If you select Add all users, then the Entra assignment will include all Entra users in your organization.
    12. Click
      Next
      .
    13. Review all the settings and click
      Create
       to create the new app, or
      Previous
       to make changes.
      Creating the app might take a few additional minutes. The application will be available for use after this step.

    Set
    Prisma Access Browser
     Mobile as the Default Browser for Intune-managed Apps

    If you are using Intune to manage your deployment, you can set
    Prisma Access Browser
     Mobile as the default browser. Intune empowers you to set a default browser for organization-managed apps. This can be applied globally through App Protection Policies, or selectively for specific, critical applications. This is particularly relevant for mobile devices (iOS and Android), as they are often employee-owned. However, enforcing a company browser as the default for all apps might raise employee concerns.
    Enforcing the
    Prisma Access Browser
     for your Intune-managed apps significantly enhances your organization's data security. This approach safeguards against phishing and identity theft by limiting how URLs are opened. Only the approved Prisma Access Browser can be used, minimizing the risk of exposure to malicious links.
    Furthermore, Intune's clipboard control adds another layer of protection. It prevents users from copying and pasting links into unmanaged apps. This ensures that organizational data is always accessed through trusted and controlled applications.
    In essence, designating the Prisma Access Browser for Intune apps mitigates the risks associated with phishing and other identity-based attacks.
    This requires an Intune Plan 1 license.
    1. Browse to the Intune Admin Portal → App Protection Policies → Select the policy you want to modify or create.
    2. At the
      Data Protection
       step, select "Restrict web content transfer with other apps", and enter Unmanaged browser
    3. (
      Optional
      ) For iOS devices: In the
      Unmanaged browser protocol
       field, enter
      pab://
      .
      This requires
      Prisma Access Browser
       iOS version 1.4046 or later.
    4. (
      Optional
      ) For Android devices:
      1. In the
        Unmanaged Browser ID
         field, enter
        com.talonsec.talon
        .
      2. In the
        Unmanaged Browser Name
         field, enter
        PA Browser
        .

    Deploy
    Prisma Access Browser
     Using Workplace ONE

    Workspace ONE is a digital platform that delivers and manages any app on any device by integrating access control, application management, and unified endpoint management. The platform allows IT to deliver a digital workspace that includes the devices and apps of the business's choice, without sacrificing the security and control that IT professionals need.
    To deploy the
    Prisma Access Browser
    , follow the appropriate steps for your operating system.

    Deploy for Windows

    Create an Internal Application using the Windows Installer. The installer is available here: Windows Prisma Access Browser Installer.
    1. Run the installer. In the
      Add Application
       window, add the following:
      1. Organizational Group ID
         - Palo Alto Networks Inc.
      2. Application File
         - Select the app file (usually PrismaAccessBrowserSetup.exe), and click
        Upload
        .
      3. Is this a dependency app?
         - Click
        No
        .
    2. On the
      Add Application - PrismaAccessBrowserSetup.exe v n.n.n.n
       window, select the
      Files
       tab.
    3. In the
      App Uninstall Process
       section, enter the following:
      1. Custom Script Type
         - Select
        Upload
        .
      2. Uninstall Script
         - Select the appropriate script, and click
        Upload
        .
      3. Uninstall Command
         - Enter
        powershell -ExecutionPolicy Bypass -File uninstall_pab.ps1
        .
    4. On the
      Add Application - PrismaAccessBrowserSetup.exe v n.n.n.n
       window, select the
      Deployment Options
      .
    5. Enter the following information:
      1. Install Context
         - Select
        Device
        .
      2. Install Command
         - Enter PrismaAccessBrowserSetup.exe
      3. Admin Privileges
         - Select Yes.
      4. Identify Application By
        : Select Defining Criteria
      5. File exists
        : C:\Program Files (x86)\Palo Alto Networks\Update\PrismaAccessBrowserUpdate.exe.
        AND
      6. Registry exists
         - HKLM\SOFTWARE\WOW6432Node\Palo Alto Networks\Update\Clients\{DFEF2477-4F0E-454B-BC0D-03CE61074E4C}.
    6. Save and Assign
      .

    Deploy for Mac

    Create an Internal Application using the macOS installer. You can download the installer, found here: Latest macOS Prisma Access Browser.
    Using the VMware Workspace ONE Admin Assistant tool, create a package as follows on a machine running macOS:
    1. Download the latest Mac Browser from the URL (
      Latest Mac PAB
      )
    2. Use the VMware Workspace ONE Admin Assistant tool to create a package.
      1. On a Mac machine, download the tool from this URL:
        Admin Assistant
      2. Run the tool, and drag and drop the latest PAB Browser into the app.
      3. After “Parsing”, the app should produce a package containing a .DMG and .PLIST file.
    3. Create an Internal Application using the output of the previous step.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.