>
    Strata Copilot
    Enhanced Anti-Tamper Protection for Prisma Access Agents on Panorama Managed Deployments
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. December 2025
    5. Enhanced Anti-Tamper Protection for Prisma Access Agents on Panorama Managed Deployments
    Download PDF
    What's New in the NetSec Platform

    Enhanced Anti-Tamper Protection for Prisma Access Agents on Panorama Managed Deployments

    Table of Contents

    Enhanced Anti-Tamper Protection for Prisma Access Agents on Panorama Managed Deployments

    Enhanced anti-tamper protection for Prisma Access Agent now supports Panorama Managed deployments, providing Privileged Access Tokens and OTPs for stronger endpoint security.
    You can now use the enhanced anti-tamper protection capabilities for Prisma® Access Agent in Panorama Managed deployments, extending support beyond the existing Strata Cloud Manager managed Prisma Access environments where this feature is already generally available. This extension provides you with granular control over agent protection through unique one-time passwords and emergency access options across your Panorama Managed Prisma Access and NGFW deployments.
    Enhanced anti-tamper protection supports the following use cases:
    • Granular anti-tamper protection—Gives you the flexibility to configure anti-tamper settings (also called privileged access protection settings) at a per-user or per-user group level.
    • Selective protection for operational teams—Temporarily disable privileged access protection for certain users or user groups who need the ability to modify files and folders, such as DevOps users, while maintaining anti-tamper protection for the rest of your users and user groups.
    • Streamlined bulk operations—Allow certain users to perform batch operations such as installing Prisma Access Agent on endpoints for specific users or user groups.
    • Offline access continuity—For emergency situations, such as when a device loses network connectivity, an emergency Privileged Access Token allows authorized users to perform necessary maintenance.
    • User-initiated troubleshooting—Provides time-bound access for problem resolution by providing time-limited Privileged Access OTPs for specific troubleshooting scenarios. This enables self-service problem resolutions while maintaining security controls.
    You can implement stronger authentication controls using Privileged Access Tokens, one-time passwords, and role-based access control that prevent unauthorized users from disabling or modifying agent configurations, ensuring your security policies remain enforced at endpoints. You should consider implementing these enhancements when your Panorama-managed deployment requires stronger endpoint security controls, particularly where agent tampering poses significant risks. This extension ensures feature parity between Strata Cloud Manager and Panorama Managed deployments, allowing you to leverage consistent anti-tamper protection regardless of your management platform.

    © 2025 Palo Alto Networks, Inc. All rights reserved.