Configure Browser Hardening
Focus
Focus
Prisma Access Browser

Configure Browser Hardening

Table of Contents

Configure Browser Hardening

Configure browser security controls for Prisma Access Secure Enterprise Browser (Prisma Access Browser).
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • Prisma Access Browser standalone
  • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
  • Superuser or Prisma Access Browser role

Cast

Mobile Browser - No support
This feature controls the ability to screencast a tab or the desktop via the Prisma Access Browser.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Cast.
  3. Select Allow to permit casting or Block to deny casting.
  4. Click Set.
  5. Restart the browser to apply this feature.

Developer Tools

Mobile Browser - No support
This feature actively controls users' ability to open Developer Tools or manually load browser extensions in "Developer Mode" via "load unpack". It can also assist with preventing users from running unauthorized JavaScript code in the Developer Tools console.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Developer Tools.
  3. Select Allow to permit the Developer options, or Block to deny their use.
  4. Click Set.
    Restart the browser to apply this feature.

Native Messaging Hosts

Mobile Browser - No support
Native Messaging Hosts allows the software installed on the device to communicate with Prisma Access Browser and its installed extensions, and vice versa. Enterprise software that interacts with the browser typically requires you to select "Allow only hosts installed with admin permissions."
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Native Messaging Hosts.
  3. Select one of the following options:
    • Allow – the browser will be able to communicate with Native Messaging Hosts.
    • Allow only hosts installed with admin permissions
    • Block – the browser’s use of Native Messaging Hosts will be restricted.
  4. Click Set.

JavaScript Running from Omnibox

Mobile Browser - No support
This feature determines whether or not users will be able to run JavaScript code from the browser omnibox (Address Bar). Users may exploit this functionality to manipulate web pages using JavaScript.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select JavaScript Running from Onmibox.
  3. Select one of the following options:
    • Allow – the Prisma Access Browser will allow JavaScript to run from omnibox..
    • Block – the Prisma Access Browser will restrict JavaScript from running from omnibox.
  4. Click Set.

Keylogging Protection

Mobile Browser - No support
This policy allows you to determine if keylogging protection will be enabled. Keylogging tools can monitor and report a user's actions as they interact with the computer. As the name suggests, a keylogger records what the user types, and reports the information back to whoever installed the logger.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Keylogging Protection.
  3. Select one of the following options:
    • Allow – Keyloggers will be prevented from listening to keystrokes typed on Prisma Access Browsers.
    • Block – Keylogging protection is turned off.
  4. Click Set.

Popups

Mobile Browser - Support for iOS only.
With this feature, you can control the display of popups in the browser.
The popups can be allowed, allowed with exceptions, blocked, or blocked with exceptions.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Popups.
  3. Select one of the following options:
    • Allow – Popups will be permitted in the browser. You can specifically exclude domains from being allowed. This will block popups from those domains only.
    • Block – Popups will be blocked. You can specifically exclude domains from being blocked. This will allow popups from those domains only.
  4. Click Set.

Notifications

Mobile Browser - No support
You can use this feature to control notifications being displayed within the browser. The notifications can be allowed, allowed with exceptions, blocked, or blocked with exceptions.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Notifications.
  3. Select one of the following options:
    • Allow - Notifications will be permitted in the browser. You can specifically exclude specific domains. This will block notifications from these domains.
    • Block - Notifications will be blocked. You can specifically exclude specific domains from the rule. This will allow popups from those domains only.
  4. Click Set.

Authentication Factor

Mobile Browser - No support
You can use this feature to configure the settings for the Authentications methods. When you need to enable the Browser Lock or step-up MFA across the different data controls, this control is needed to select the options for the lock.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Authentication Factor.
  3. Select one of the following options:
    • PIN Code – configure the size of the code (between 4-6 digits) and the number of attempts that can be made before the account will be locked out.
    • Passkey – select whether the passkey will be an Internal or External authenticator.
  4. Click Set.

Open Links in External Apps

Mobile Browser - Mobile only
While most of the time we want to keep the Prisma Access Browser as a secure bubble, that all work is done only in the browser. This is not possible for a few reasons. First of all, some applications can't be opened in a browser, such as Zoom, Teams, Slack, among others. Blocking these apps would result in a terrible user experience. Second, most mobile devices are BYOD. Third, Some URLs can only be opened in a native app.
  1. From Strata Cloud Manager, select ManageConfigurationPrisma Access Browser PolicyProfilesBrowser Security
  2. Select Open Links in External Apps.
  3. Select one of the following options:
    • Always – External apps will always open in native applications.
    • Only for specific apps – Only selected links will open in external apps. The following apps can be selected:
      • MS Teams
      • MS Outlook
      • Microsoft 365
      • Slack
      • Zoom
      • Salesforce
      • Gmail
      • Google Workspace (Sheets, Docs, Slides)
      • Google Drive.
    • Never - External apps will never open in native applications.
    • Users decide when to open links in native apps - End users will be able to decide when to open links in Prisma Access Browser and when to use a native app.
  4. Click Save.