>
    Strata Copilot
    Deploy the Prisma Access Browser via MDM
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. Deploy the Prisma Access Browser via MDM
    Download PDF
    Prisma Access Browser

    Deploy the Prisma Access Browser via MDM

    Table of Contents

    Deploy the Prisma Access Browser via MDM

    Learn about deployment methods for the Prisma Access Secure Enterprise Browser (Prisma Access Browser) based on your organization’s policies and preferences. You can use self-service, MSI installer, Jamf, or Intune.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Prisma Access Browser standalone
    • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
    • Superuser or Prisma Access Browser role
    You can choose from a variety of deployment methods for the Prisma Access Browser based on your organization’s policies and preferences.
    Select the method that you prefer for deployment:

    Deploy Prisma Access Browser Using Jamf

    Jamf is a comprehensive management system for Apple macOS and iOS devices. With Jamf, you can proactively manage the entire lifecycle of Apple devices. This includes deploying and maintaining software, responding to security threats, distributing settings, and analyzing inventory data.
    Deploying the Prisma Access Browser using Jamf is easy - just follow these 2 steps.
    1. Open the Jamf Dashboard and select Settings.
      1. Select Computer ManagementScripts.
      2. On the Scripts page, select New.
      3. On the New Script page, on the General tab, enter the Display Name - a name for the script. Use any name that meets your organizational requirements.
      4. Select the Script tab.
        1. Download and edit the Installomator script.
        2. Locate the line: DEBUG=1, and change it to: DEBUG=0.
          .
        3. Locate the label: prism9. Enter the following script before this label:
          pabrowser)
                                            name="Prisma Access Browser"
                                            type="dmg"
                                            if [[ $(arch) != "i386" ]]; then
                                            printlog "Architecture: arm64 (not i386)"
                                            downloadURL=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable-a64/appcast.xml | grep -Eo 'url="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            appNewVersion=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable-a64/appcast.xml | grep -Eo 'sparkle:shortVersionString="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            else
                                            printlog "Architecture: i386"
                                            downloadURL=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable/appcast.xml | grep -Eo 'url="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            appNewVersion=$(curl -s https://bfe078e7921507bb.talon-sec.com/sparkle/PAB/stable/appcast.xml | grep -Eo 'sparkle:shortVersionString="(.*)"' | cut -d '"' -f2 | tail -n1)
                                            fi
                                            expectedTeamID="XZMH593AYG"
                                            ;;
          .
        4. Click the Options tab. Under Parameter 4, enter the Application name. Select Save.
        5. The script is saved; you can now create a new Policy.
    2. Create the Policy.
      1. In the Jamf Dashboard, select ComputersPoliciesNew.
      2. On the Policies page, select New.
      3. On the New Policy page, enter the Display Name for the policy.
      4. Select Scripts.
      5. In the Configure Scripts field, click Configure.
      6. On the New Policy page, select the Script and click Add.
      7. In the Parameter Values section, select the Application Name field, and enter pabrowser.
      8. Save.
        The Script is added to the policy.

    Deploy Prisma Access Browser Using Intune

    Learn how to deploy Prisma Access Secure Enterprise Browser (Prisma Access Browser) using Intune.
    Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints.
    1. Open the Microsoft Intune Admin Center.
    2. Select AppsAll apps.
    3. Click + Add.
    4. In the Select app type window, select Line-of-business app.
    5. Click Select.
    6. In the App information step, click Select app package file.
    7. In the App package file window, browse to the MSI installation file, named PrismaAccessBrowserSetup.msi.
    8. Click Ok.
    9. Enter all the needed properties.
      1. Enter a name for the app. This will be visible in the Intune list and in the Company Portal.
      2. Provide a brief description of the app and its benefits for users. This description will be available in the Company Portal, where you can use rich text formatting to enhance it.
      3. Enter the name of the app’s publisher, which appears in the Company Portal.
      4. App install context – Select the Device.
      5. Show this as a featured app in the Company Portal – we recommend that you select Yes so that it will be easier for your users to find.
      6. Select the appropriate Logo for the application.
    10. Click Next.
    11. Select the Assignments for this app.
      1. For Available for enrolled devices, select Add group, and select the required Entra groups assigned to the application.
      2. If you select Add all users, then the Entra assignment will include all Entra users in your organization.
    12. Click Next.
    13. Review all the settings and click Create to create the new app, or Previous to make changes.
      Creating the app might take a few additional minutes. The application will be available for use after this step.

    Set Prisma Access Browser Mobile as the Default Browser for Intune-managed Apps

    If you are using Intune to manage your deployment, you can set Prisma Access Browser Mobile as the default browser. Intune empowers you to set a default browser for organization-managed apps. This can be applied globally through App Protection Policies, or selectively for specific, critical applications. This is particularly relevant for mobile devices (iOS and Android), as they are often employee-owned. However, enforcing a company browser as the default for all apps might raise employee concerns.
    This requires an Intune Plan 1 license.
    1. Browse to the Intune Admin Portal → App Protection Policies → Select the policy you want to modify or create.
    2. At the Data Protection step, select "Restrict web content transfer with other apps", and enter Unmanaged browser
    3. (Optional) For iOS devices: In the Unmanaged browser protocol field, enter pab://.
      This requires Prisma Access Browser iOS version 1.4046 or later.
    4. (Optional) For Android devices:
      1. In the Unmanaged Browser ID field, enter com.talonsec.talon.
      2. In the Unmanaged Browser Name field, enter PA Browser.
    5. More information on Intune's App Protection Policies.

    Deploy Prisma Access Browser Using Workspace ONE

    How to deploy the Prisma Access Browser in a Workspace ONE environment.
    Workspace ONE is a digital platform that delivers and manages any app on any device by integrating access control, application management, and unified endpoint management. The platform allows IT to deliver a digital workspace that includes the devices and apps of the business's choice, without sacrificing the security and control that IT professionals need.
    To deploy the Prisma Access Browser, follow the appropriate steps for your operating system.

    Deploy for Windows

    Create an Internal Application using the Windows Installer.
    1. Download the Windows MSI Installer. The installer can be downloaded using the following link: Windows Prisma Access Browser Installer.
    2. In the Workspace One application, add an Internal Application with the MSI file.
    3. In the Details section, enter the following:
      1. Custom Processor Architecture - 64-bit.
    4. In the Add Application - PrismaAccessBrowserSetup.exe v n.n.n.n window, select the Deployment Options.
    5. Enter the following information:
      1. Admin Privileges - Select Yes.
    6. Save and Assign.

    Deploy for Mac

    Create an Internal Application using the macOS installer. You can download the installer, found here: Latest macOS Prisma Access Browser.
    Using the VMware Workspace ONE Admin Assistant tool, create a package as follows on a machine running macOS:
    1. Download the latest Mac Browser from the URL (Latest macOS Prisma Access Browser)
    2. Use the VMware Workspace ONE Admin Assistant tool to create a package.
      1. On a Mac machine, download the tool from this URL: Admin Assistant
      2. Run the tool, and drag and drop the latest Prisma Access Browser into the app.
      3. After “Parsing”, the app should produce a package containing a .DMG and .PLIST file.
    3. Create an Internal Application using the output of the previous step.

    Deploy using IGEL

    deploy PAB using IGEL
    Prisma Browser installation and update over IGEL OS is performed via the IGEL App Portal. For more information, refer to the IGEL App Portal.

    Deploy using Linux

    directions on deploying PAB using Linux
    Distribution Agnostic Installation
    • Installation of the latest version on either Ubuntu/Fedora (MD5: eaeb2552cdffe5842debb6c8b7f5cffd):
      curl -fsS https://updates.talon-sec.com/linux/prisma-access-browser/install.sh | sudo bash
    Ubuntu
    • Dynamic list of Prisma Browser Linux (.deb) stable versions can be found here. New stable versions are released on a weekly basis and will be reflected in the list.
    Manual/One-time installation
    • Install the package using the downloaded .deb file.
      sudo apt install prisma-access-browser-stable_<version_number>-1_amd64.deb
    Package Repository (via MDM/Local)
    • Create a new repository file under /etc/apt/sources.list.d 
      echo "deb [arch=amd64] https://updates.talon-sec.com/
linux/prisma-access-browser/deb/ stable main" | sudo tee /etc/apt/sources.list.d/
prisma-access-browser.list
    Import the GPG key (before using the repository)
    wget -q -O - https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub | sudo tee /etc/apt/trusted.gpg.d/pab.asc >/dev/null
    Update the package list
    sudo apt update
    Install Prisma Browser
    sudo apt install prisma-access-browser-stable
    Prisma Browser Removal
    sudo apt remove prisma-access-browser-stable
    Fedora
    • Dynamic list of Prisma Browser Linux (.rpm) stable versions can be found here. New stable versions are released weekly and are reflected in the list.
    • Manual/one time installation
      • Install the package using the downloaded .deb file:
        sudo dnf install prisma-access-browser-stable-<version_number>-1.x86_64.rpm
        when using sudo yum install prisma-access-browser-stable-<version_number>-1.x86_64.rpm
    Package repository (via MDM/Local)
    ○ Create a new repository file under
    /etc/yum.repos.d/package-name.repowith the following content:
    [prisma-access-browser]
    name=prisma-access-browser
    baseurl=https://updates.talon-sec.com/linux/prisma-access-browser/rpm/stable/x86_64
    enabled=1
    gpgcheck=1
    gpgkey=https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub
    ○ [Optional - as already referenced in the repo file]
    manually import the key
    sudo rpm --import
          https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub
    ○ Clear the cache
    sudo dnf clean all
    ○ Install the package
    sudo dnf install prisma-access-browser-stable
    • Prisma Access Browser Removal
      Package removal
    sudo dnf remove prisma-access-browser-stable
    Distribution agnostic installation
    • Installation of the latest version on either Ubuntu/Fedora (MD5: eaeb2552cdffe5842debb6c8b7f5cffd):
      curl -fsS https://updates.talon-sec.com/linux/prisma-access-browser/install.sh | sudo bash
    Ubuntu
    ● Dynamic list of PAB Linux (.deb) stable versions can be found here. A new stable version is released on a weekly basis and will be reflected in the list.
    Manual/one time installation
    ○ Install the package using the downloaded .deb file
    sudo apt install prisma-access-browser-stable_<version_number>-1_amd64.deb
    Package repository (via MDM/Local)
    ○ Create a new repository file under /etc/apt/sources.list.d/echo "deb [arch=amd64] https://updates.talon-sec.com/linux/prisma-access-browser/deb/ stable main" | sudo tee /etc/apt/sources.list.d/prisma-access-browser.list
    ○ Import the GPG key (before using the repository)
    wget -q -O - https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub | sudo tee /etc/apt/trusted.gpg.d/pab.asc >/dev/null
    ○ Update the package list
    sudo apt update
    ○ Install Prisma Access Browser
    sudo apt install prisma-access-browser-stable
    • Prisma Access Browser Removal
      Package removal
    sudo apt remove prisma-access-browser-stable
    Fedora
    ● Dynamic list of PAB Linux (.rpm) stable versions can be found here. A new stable version is released on a weekly basis and will be reflected in the list.
    Manual/one time installation
    ○ Install the package using the downloaded .deb file
    sudo dnf install prisma-access-browser-stable-<version_number>-1.x86_64.rpm
    When using 
    yum 
sudo yum install prisma-access-browser-stable-<version_number>-1.x86_64.rpm
    Package repository (via MDM/Local)
    ○ Create a new repository file under
    /etc/yum.repos.d/package-name.repowith the following content:
    [prisma-access-browser]
    name=prisma-access-browser
    baseurl=https://updates.talon-sec.com/linux/prisma-access-browser/rpm/stable/x86_64
    enabled=1
    gpgcheck=1
    gpgkey=https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub
    ○ [Optional - as already referenced in the repo file]
    manually import the key
    sudo rpm --import
          https://updates.talon-sec.com/linux/prisma-access-browser/linux_signing_key.pub
    ○ Clear the cache
    sudo dnf clean all
    ○ Install the package
    sudo dnf install prisma-access-browser-stable
    • Prisma Access Browser Removal
      Package removal
    sudo dnf remove prisma-access-browser-stable

    © 2025 Palo Alto Networks, Inc. All rights reserved.