Organizations face difficulties in pushing updates to remote machines without requiring users to log in to their machines, which can delay critical updates and impact user productivity. Pre-logon for Prisma Access Agent addresses this challenge by establishing a secure connection before user authentication occurs. This feature enables you to manage and update remote devices efficiently, improving IT productivity, and enhancing the overall security posture.

With pre-logon, you can establish a tunnel as soon as a device boots up, using machine certificate authentication. This enables access to critical resources like domain controllers or LDAP servers, even when they are only accessible through the tunnel. You can now perform essential management tasks, such as applying group policies, installing software updates, and synchronizing roaming profiles, without waiting for user login.

Pre-logon is useful for remote users. It enables scenarios such as the application of group policies and software updates before user login, and synchronization of roaming profiles. For kiosks like ATM machines, it allows connection to the corporate network without user intervention.

The feature requires client certificates for authentication. You can configure certificate-based authentication for pre-logon while maintaining SAML or other methods for user login. This flexibility ensures that your security policies remain intact while improving device management capabilities.

You can troubleshoot the agent using existing Prisma Access Agent tools like log retrieval and HIP reports even when the pre-logon tunnel is active. The feature supports agent upgrades and downgrades, ensuring your devices remain current and secure.

By implementing pre-logon, you can significantly improve the management of remote and corporate-owned devices, reduce IT overhead, and enhance security by ensuring devices are properly configured and updated before users gain full network access. This feature is designed to work across system restarts and sleep-wake cycles, providing consistent connectivity for your managed devices.