Prisma Access Browser
Configure Prisma Access Browser Mobile Device Posture Attributes
Table of Contents
Configure Prisma Access Browser Mobile Device Posture Attributes
Define the device posture attributes that determine which mobile devices can join the
device group.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
In Prisma Access Browser, you can add attributes as match criteria when you add or edit a device group.
Because Prisma Access Browser policy rules are enforced at the device group level, the
attributes provide granular security that ensures the devices that Prisma Access Browser allows to access your apps are adequately maintained and adhere with your
security standards before they are allowed access to your network resources. For
example, before allowing access to your most sensitive apps, you might want to
ensure that the mobile devices accessing your apps are not rooted or jailbroken. In
this case, you would create a device group with an attribute that only allows mobile
devices that are not rooted or jailbroken. The following sections detail the
attributes you can use to determine device group membership for mobile devices. To
learn about attributes for managing device group membership on Windows and macOS
devices, see Configure Prisma Access Browser Device Posture Attributes
Root/Jailbreak Status
Enable this attribute to create a device group that only allows mobile devices
that have not been rooted or jailbroken.
Active Screen Lock
Active screen lock mechanisms limit device access to authorized users only,
preventing malevolent players from gaining access to confidential information on
a mobile device. When you enable the Active screen lock
attribute in a device group, Prisma Access Browser verifies that the device is
enabled with an automatic screen lock, password, PIN, biometric, or similar lock
feature before allowing access to the group.
iOS and Android OS Versions
Creating a device group that uses the device's operating system as a posture is a
good way to make sure that users have specific versions of the OS. If you add an
OS version attribute as match criteria for a device group, Prisma Access Browser
checks the device OS version matches the attribute you defined before allowing
membership in the device group.
Define the list of acceptable operating system versions for the Prisma Access Browser posture mechanism to check as follows.
- When you add or edit a device group, add the OS versions attribute.Select the iOS or Android versions, minimal minor versions, and minimal security patch level to allow into the device group and then click Save.
![]()
Device Type
Enable the Device type attribute to ensure that the device group only contains specific types of devices—such as smartphones or tablets. This can be especially useful when you need to create specialized rules for the different devices.![]()
Device Manufacturer
Enable the Device manufacturer attribute to restrict device group membership to Android devices from selected manufacturers. This attribute is supported for Android devices only; it does not support iOS devices.- When you add or edit a device group, enable the Device manufacturer attribute.Select the Android device manufacturers you want to support in the device group.
![]()
Click Set.
