Advanced Device-ID Overview
    
    
        Learn about Advanced Device-ID and how it helps manage your network security.
    
    
  
    
  
| Where Can I Use This? | What Do I Need? | 
|---|
    
  
 
  
Advanced Device-ID introduces a powerful new capability for Device Security
            device management and Security policy enforcement in Palo Alto Networks
            Next-Generation Firewall. With Advanced Device-ID, you can create flexible,
            customizable device identification rules that provide more granular control without the
            limitations of legacy Device-ID objects. To enable Advanced Device-ID,
            you need an active Device Security subscription on a firewall running
            PAN-OS 12.1.
        
            The Advanced Device-ID feature addresses several key use cases that are
            challenging to implement with legacy Device-ID.
        
- 
                    Grouping multiple device categories under a single identifier, particularly
                    within medical or Industrial OT settings.
                 
- 
                    Creating policy rules based on complex criteria, such as all end-of-life
                    operating systems.
                 
            This feature enhances policy recommendation workflows, generating behaviors for both
            system default and custom Advanced Device-ID objects. It also improves visibility
            by adding Advanced Device-ID information to asset inventory views and Traffic logs.
        
Advanced Device-ID configurations are centrally managed in Device Security,
            providing a unified location for defining complex device matching criteria. Users can
            create Advanced Device-ID objects using a combination of over 20 device attributes,
            including legacy Device-ID attributes, such as category, profile, vendor,
            model, and OS version. The matching rules support nested conditional logic, enabling
            precise device identification based on multiple criteria.
        
            Once created, an Advanced Device-ID synchronizes to PAN-OS firewalls
            through the PAN-OS Edge Service. The firewall receives a list of
            Advanced Device-ID definitions, including UUIDs, names, and descriptions.
            Additionally, Device Security IoT Device Context, also known as IoT verdicts, now
            include Advanced Device-ID attributes for each device, enabling more
            granular policy enforcement.
        
PAN-OS provides flexible enforcement options, letting administrators
            choose to use legacy Device-ID objects, Advanced Device-ID objects, or a
            hybrid mode supporting both. This flexibility ensures backward compatibility while
            enabling the adoption of the new Advanced Device-ID capabilities.
        
            By implementing Advanced Device-ID, you can create more precise and efficient
            Security policy rules, reduce administrative overhead for monitoring network traffic,
            and improve your overall security posture for assets on your networks. The
            centralized management and flexible matching criteria enable security teams to adapt
            quickly to new assets and evolving requirements in modern, complex network environments.