Organizations that manage device compliance through a mobile device management (MDM) solution such as Microsoft Intune or Jamf can now use that compliance status to control whether the Prisma® Access Agent is authorized to establish a tunnel to Prisma Access.
When a device is not enrolled in or is out of compliance with your MDM policies, the Prisma Access Agent blocks tunnel establishment and notifies the user that the device is not compliant. You connect your MDM tenant to Strata Cloud Manager and enable compliance enforcement in your agent configuration. Each time the agent requests gateway configurations, Prisma Access queries your MDM tenant using the device serial number and returns either the gateway configuration or a compliance failure that causes the agent to tear down any active tunnel and prevent reconnection. This gives your security team a single source of truth for device compliance rather than maintaining parallel policies across MDM and HIP.
Read more about MDM Posture Checks for Prisma Access Agent.
