New Features - Prisma Access Agent - 26.1

With the release of Android 16, Prisma® Access Agent for Android has been updated to align with current Android design standards. Your users can perform tasks including connecting to gateways, switching between locations for optimal performance, sharing diagnostic logs with administrators, and viewing connection statistics. The updated interface provides navigation patterns consistent with native Android applications while supporting gesture navigation across all Android device types including tablets and ChromeOS.

The Prisma® Access Agent for Linux now supports custom Host Information Profile (HIP) checks that enable you to collect specific endpoint data beyond standard HIP categories. You can define custom checks to determine if particular processes are running on endpoints by examining a process list. This capability allows you to enforce granular access policies based on criteria unique to your environment that standard HIP checks might not address. The custom HIP data integrates seamlessly with existing workflows as it becomes part of the raw host information that the agent submits to the gateway for policy evaluation.

Prisma® Access Agent for iOS has adopted iOS 26 design standards to align with the latest platform requirements. The updated interface uses iOS 26 control styles, navigation patterns, and animations to match current operating system conventions. Your users can connect to gateways, select locations, troubleshoot connections, and manage settings through the updated interface. The agent maintains existing functionality while adopting the visual and interaction standards introduced in iOS 26. This update ensures the interface remains consistent with platform expectations across iOS and iPadOS devices.

Enterprise security solutions often require users to repeatedly authenticate with separate credentials even after logging into their macOS device, creating user friction and reducing adoption of Zero Trust policies. This additional authentication step undermines your enterprise investments in centralized identity management and can lead to user resistance or security workarounds that compromise your overall security posture.

macOS Platform SSO support for Prisma® Access Agent eliminates these pain points by automatically authenticating to the agent using your users' existing macOS device credentials. When they log into their macOS device, the agent leverages their Platform SSO token to provide transparent connectivity to Prisma Access without additional login prompts, maintaining always-on security protection while preserving user productivity.

You can deploy this feature on macOS devices where your mobile device management (MDM) solution has configured SSO extension profiles through tools like Microsoft Intune or Jamf. The agent integrates with any identity provider (IdP) that supports macOS Platform SSO (such as Microsoft Entra ID or Okta) while protecting users' authentication credentials using Secure Enclave hardware-backed storage. The agent operates silently after device login, automatically establishing Prisma Access connection without browser prompts or manual intervention.

Organizations need consistent zero trust network access (ZTNA) across all endpoints, but Linux desktop environments often present integration challenges. Prisma® Access Agent for Linux addresses this by extending ZTNA capabilities to Linux desktop environments, supporting Ubuntu, Fedora, Arch Linux, and Debian distributions on both x86_64 and 64-bit ARM architectures with kernel versions 5.15 and higher. You can deploy the agent using a portable installation method that eliminates dependency conflicts and works across different Linux configurations without requiring package manager modifications.

The agent provides comprehensive traffic steering to enforce split-tunnel policy rules and forwarding profiles based on applications, domains, or IP addresses. Users can authenticate using Security Assertion Markup Language (SAML) through their system default browsers. The agent operates in user interface (UI) mode for desktop environments accompanied by a limited command-line interface (CLI) for automated deployments and troubleshooting. The feature provides configuration support to Linux endpoints on Strata Cloud Manager Managed Prisma Access as well as Panorama® Managed Prisma Access and Panorama Managed NGFW deployments. You can configure agent settings based on match criteria for Linux agents directly through the management interface, enabling consistent identity management across your deployment.

You benefit from unified management through existing Prisma Access Agent endpoint management infrastructure, host information profile (HIP) reporting for endpoint compliance, and comprehensive logging capabilities. The Endpoint Management page provides Linux-specific device filtering and inventory management, allowing you to organize and monitor Linux endpoints according to your operational requirements. You can also download Linux agent installation packages directly from Endpoint Management.

Organizations with significant Linux desktop deployments can now extend their zero trust security posture to these critical endpoints while maintaining consistent security enforcement across mixed operating system environments.

Mobile devices used for work often require always-on security, but routing all traffic through the gateway can introduce latency that impacts application performance and raises privacy concerns when employees use corporate-owned or personally-owned devices for personal activities. Forwarding profiles now extend to iOS, Android, and ChromeOS devices running Prisma® Access Agent, offering a subset of the functionality available for desktop devices. You create forwarding rules that match traffic based on IP address destinations and configure connectivity options to send traffic through the gateway, direct to destination, or block it. This allows you to maintain always-on connectivity while excluding specific traffic to address performance concerns and meet privacy requirements including GDPR compliance. Rules will be consolidated top-down based on the destination interface to determine the access route for traffic forwarding.

Prisma® Access Agent extends support for third-party coexistence with bypass rules to Panorama® Managed Prisma Access and Panorama Managed NGFW deployments. This enhancement allows you to prevent routing conflicts when deploying Prisma Access Agent alongside other remote access agents on the same endpoint. You can configure forwarding rules to specify which traffic should bypass Prisma Access Agent processing, enabling third-party remote access solutions to handle the bypassed traffic without interference.

The bypass rules apply to network traffic only, DNS traffic only, or both traffic types based on your requirements. When bypassed traffic matches third-party agent policy rules, those agents process the connections normally. If no third-party agent handles the bypassed traffic, the system sends traffic to the tunnel (if present) or directly to its destination (if the tunnel is not present).

Enterprises increasingly require Always-On security combined with SAML authentication for comprehensive mobile device protection. Prisma Access Agent now extends SAML authentication support with Always-On connection to iOS devices. The support is available by default when you deploy an Always-On profile to your iOS endpoints.

When your users unlock their devices, they receive a notification to authenticate and connect through the embedded browser. The solution supports multi-factor authentication prompts during the authentication process. When user sessions expire, network access is automatically blocked until they re-authenticate. This capability maintains centralized identity management through SAML providers, extending the same security controls already available on Android devices to your iOS deployments.

You can now use wildcard patterns in Prisma® Access Agent Forwarding Profile source application paths to accommodate applications that install in dynamic locations. This feature addresses scenarios where application paths contain version numbers, usernames, or randomized identifiers that change during updates or vary across users. You can specify wildcards using the asterisk (*) character to replace single directory components in the path, enabling a single rule to match multiple path variations. This capability reduces administrative overhead when managing applications like Microsoft Teams that embed version numbers in their installation paths, or applications that install into user-specific directories. The feature provides flexibility for modern application deployment patterns across Windows and macOS environments.

Windows Hello for Business integration with Prisma Access Agent addresses the challenge of secure yet convenient enterprise authentication by enabling users to access corporate resources using biometric authentication methods. This integration enhances your organization's security posture by leveraging the facial recognition, fingerprint scanning, and personal identification number (PIN) capabilities specifically designed for business environments in Windows 10 and later operating systems, reducing reliance on traditional passwords that can be compromised. You can improve your enterprise user experience with faster authentication that doesn't require a browser redirect, resulting in more seamless access to your network resources.

The integration is fully compatible with your existing Windows Hello for Business implementation, ensuring cohesive application across your corporate environment. Windows Hello for Business authentication maintains high security standards required for enterprise applications while meeting compliance requirements for data protection and privacy regulations when handling biometric information. By implementing this feature, you provide your users with a modern enterprise-grade authentication experience that aligns with zero-trust principles and scales efficiently across geographically dispersed corporate teams. The streamlined authentication process reduces friction for your enterprise users while maintaining the robust security controls necessary for protecting sensitive corporate resources.