>
    Device Posture Attributes
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. Device Posture Attributes
    Download PDF
    Prisma Access Browser

    Device Posture Attributes

    Table of Contents

    Device Posture Attributes

    This topic explains how the posture attributes work.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma Access Browser standalone
    • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
    • Superuser or Prisma Access Browser role
    You can create posture attributes for either positive or negative use. This allows you to create device groups for almost any possible option.
    Negative posture attributes are only available on the Desktop browser.
    The positive attributes require the device to have the specified attribute - for example - the device must have endpoint protection.
    The logic between the attributes is AND. This means that if you select more than one posture attributes, all of then must be matched.
    The negative attributes require the device to not have the specified attribute - for example - The device must not have a Screen Lock. This can be useful when you need to detect or differentiate the behavior in unmanaged devices. An example of this would be a device group that has the following posture requirements:
    • Must have a Screen lock.
    • Must not belong to a specified Device Software Management tool.
    All the devices that are members of this group must have a Screen Lock, and must not be managed by one of the available Software Management tools (Jamf,, Intune, Azure, Active Directory) in the list of device serial numbers.
    Each Posture attribute contains a positive and negative option - is or is not OR active or inactive. You can select one option per attribute.
    • Unprivileged process is now Privileged process attribute. Legacy users will see that it is now defined as “is not” privileged/elevated.
    • A Device group with no attributes will match all devices in the specified platform.
    • Endpoint Protection now has an Any vendor control. This means that your users can have any EPP.
    • OS Password Protection now has an Any password configuration. This means that any password is acceptable, even one that does not normally follow standard rules.
    • Full OS boot mode is now Normal OS boot mode.
    For a more detailed discussion of the device posture attributes, refer to Configure Prisma Access Browser Device Posture Attributes

    © 2024 Palo Alto Networks, Inc. All rights reserved.