>
    Configure Staged Rollouts for the Prisma Access Agent
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Administration
    4. Configure Dynamic Privilege Access Settings
    5. Set Up the Prisma Access Agent for Dynamic Privilege Access
    6. Configure Staged Rollouts for the Prisma Access Agent
    Download PDF
    Prisma Access

    Configure Staged Rollouts for the Prisma Access Agent

    Table of Contents

    Configure Staged Rollouts for the Prisma Access Agent

    Configure staged rollouts to automatically upgrade batches of Prisma Access Agents in a particular order.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access 5.1 Preferred or Innovation
    • Prisma Access license with the Mobile User subscription
    • macOS 12 or later desktop devices or Windows 10 version 2024 or later or Windows 11 desktop devices
    • Role: Superuser
    The Prisma Access Agent upgrade rollout functionality provides administrators with a way to upgrade groups of devices in a specific order. With upgrade rollouts, you no longer have to rely on mobile device management (MDM) software, such as Jamf Pro and Microsoft Intune, to upgrade Prisma Access Agents.
    Stage upgrade rollouts can occur only after the initial deployment or installation of the Prisma Access Agent on your end users' devices.
    To stage the rollout of Prisma Access Agent upgrades, you can configure upgrade rings with match criteria based on users, groups, and operating systems. Devices that match the criteria are upgraded in the order of the upgrade rings (Ring 0 to Ring 4, Default ring).
    You can optionally define upgrade rings when you onboard mobile users using the Access Agent Setup page for the Prisma Access Agent. If you choose not to define upgrade rings during the initial agent configuration, all devices are placed in the default ring. You can return to Prisma Access Agent Setup page later to define the upgrade rings and push the configuration to Prisma Access. These changes will take effect during the next staged rollout, or after you stop and start a staged rollout.
    To configure an upgrade ring:
    1. In Strata Cloud Manager, select WorkflowsPrisma Access SetupAccess AgentPrisma Access Agent.
    2. In the Staged Rollouts section, click Add Ring.
    3. Select a predefined Name for the ring. You can select from Ring0 to Ring4. The first ring that you will add is Ring0.
    4. Enter a meaningful Description for the ring.
    5. Specify the criteria for the ring based on the User, Groups, or Device OS attributes.
      1. Add a criteria.
      2. For each criterion, select an Attribute, Operator, Value, and then click Add. You can select only one attribute and operator per criterion. The value depends on what you selected for the attribute and operator:
        • For the Username attribute:
          • If you select OperatorContains, select or search for a username from the Value list. To start a search, start typing the username. You can select one or more usesrnames from the list.
          • If you select OperatorEquals, select or search for a username from the Value list. To start a search, start typing the username. You can select one usesrname from the list.
        • For the Groups attribute:
          • If you select OperatorContains, select or search for a group from the Value list. To start a search, start typing the group name. You can select one or more groups from the list.
          • If you select OperatorEquals, select or search for a group from the Value list. To start a search, start typing the group name. You can one group from the list.
        • For the OS attribute, select an OS type (Windows or macOS). Then:
          • If you select OperatorContains, search for or select one or more OS versions from the Value list. To start a search, start typing the OS and version. You can select one or more OS versions from the list.
          • If you select the Greater than or Less than operator, search for or select an OS version from the Value list. To start a search, start typing the OS and version. You can select one OS version from the list.
      3. If needed, Add more criteria. You can specify up to three criteria per ring.
        You can use an attribute only once per ring. After you add a criteria using an attribute, that attribute will no longer appear in the Attribute drop-down.
        After you added the criteria, the criteria is displayed in the Criteria table in the Ring Criteria page. When Prisma Access evaluates the criteria, the values listed in the same cell are evaluated using the logical OR operator, while the attributes and values between the rows are evaluated using the logical AND operator.
        For instance, the criteria in the following image will match those devices that belong in the gp-auto-saml-group or Okta Administrators group and run the Windows 11 operating system.
      4. Save the ring criteria.
    6. To create more rings, repeat steps 2-5. You can create a total of five rings (Ring 0 to Ring 4).
    7. Push the configuration to Prisma Access.
      1. Select Push ConfigPush.
      2. Enter a Description for the job.
      3. Select the GlobalPrisma AccessMobile UsersAccess Agent container and click Push.
      4. Wait for the job to finish and Close the Jobs dialog.
    8. You can monitor the staged rollout in ManagePrisma Access Agent in Strata Cloud Manager.

    © 2024 Palo Alto Networks, Inc. All rights reserved.