: What’s New in Common Services: Subscription and Tenant Management
Focus
Focus

What’s New in Common Services: Subscription and Tenant Management

Table of Contents

What’s New in Common Services: Subscription and Tenant Management

Learn about the latest features related to Common Services: Subscription and Tenant Management.
Here’s what’s new in Common Services: Subscription and Tenant Management. You can also check what’s new for the NetSec Platform, Identity and Access Management, Device Associations, and Multitenant Portal.

What's new in June 2024

License Simplification and Default Tenant Creation

Products offered for free, such as AIOps Free and CIE, don't need an activation link or auth code for activation. The hub serves as the entry point for you to activate these products. Activating a product from the tenant view of the hub creates a single default tenant where the product is deployed. If you have a single Customer Support Portal account, certain fields in the activation form are prepopulated on your behalf for a simplified license activation experience.
First-time license activation for paid products is still through an email that you receive from Palo Alto Networks. The email still contains an activation link. Activating a product from the activation link creates a single default tenant where the product is deployed. If you have a single Customer Support Portal account, certain fields in the activation form are prepopulated on your behalf for a simplified license activation experience.
If you have multiple Customer Support Portal accounts, during activation you will select the Customer Support Portal account that you want to use for managing your product. If you're a managed security service provider (MSSP), during activation you will select the Customer Support Portal account that you want to use for managing your customers' products.

What's new in May 2024

FedRAMP Moderate

Fedramp requirements are security controls and well established standards for cloud solutions intended for Cloud Service Providers managing and processing the government data. Many government agencies mandate the Fedramp authorization. Palo Alto Networks products and services are Fedramp Authorized to increase security, reliability, consistency, monitoring and thereby gaining the trust and confidence of Federal agencies.
To ensure FedRAMP Moderate compliance, Prisma SASE FedRAMP Moderate adds support for additional Prisma SASE apps, add-ons, and certain features.

FedRAMP High "In Process" Enhancement

FedRAMP High “In Process” adds additional support for Prisma SD-WAN standalone and add-on

What's new in February 2024

The following new items were released in February 2024.

Tenant Moves and Acquisitions

If you're a managed security service provider (MSSP) or distributed enterprise with a multitenant hierarchy, you can now move a tenant that is part of your tenant hierarchy to a different location. You can do this by moving an internal tenant. Any tenant is considered an internal tenant if it's within your tenant hierarchy, and you have superuser access to the source and target tenants. It's possible to move tenants within the same top-most, root-level, parent tenant or intermediate tenants of your hierarchy. You would move an internal tenant primarily in the case of testing, demonstrations, reorgs, correcting mistakes, and more.
If you're a managed security service provider (MSSP) or distributed enterprise with a multitenant hierarchy, you can also acquire and manage tenants that are not part of your current tenant hierarchy. You can do this by acquiring an external tenant. Any tenant is considered an external tenant if it isn’t within your current tenant hierarchy. You can only acquire a top-most, root-level, parent tenant through an external tenant acquisition. You would acquire an external tenant primarily in the case of corporate acquisitions or mergers or reorgs.

What's new in December 2023

The following new items were released in December 2023.

FedRAMP High "In Process" Support

The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services for government users. Palo Alto Networks has demonstrated FedRAMP compliance.
To ensure FedRAMP High "In Process" compliance, Prisma SASE FedRAMP High In Process introduces support for additional Prisma SASE apps, add-ons, and certain features.

License Activation Changes

  • Prisma SD-WAN: Now all stand-alone Prisma SD-WAN sales orders come with an activation email regardless if the subscription is brand new or for an existing tenant. You'll see this when you activate a license for Prisma SD-WAN.
  • Prisma SD-WAN: Now you can choose a different Customer Support Account than you chose during first-time activation. You'll see this during return visit license activation for Prisma SD-WAN.
  • Software NGFW Credits: Now you can activate a Software NGFW Credits License using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama Managed VM-Series.
After you receive an email from Palo Alto Networks identifying the new product license you're activating, including all your add-ons and capacities, use the activation link to begin the activation process. You can activate and manage all your available licenses, device associations, tenants, and identity and access from Common Services. As existing app instances transition to tenants and tenant service groups you can also use Common Services to manage those as well. After activation or transition, you can find Common Services in the tenant view of the hub or in a variety of ways.

What's new in November 2023

The following new items were released in December 2023.

App Tile Name Change

You'll notice the following change in various license activation scenarios. For example, if you activate a license for the app formerly known as AIOps for NGFW Premium, after the activation status is complete, you can launch the app from a variety of places including the hub Strata Cloud Manager app tile.
The application tile names on the hub for Prisma Access, Prisma SD-WAN, and AIOps for NGFW (the premium app only) are now changed to Strata Cloud Manager. With this update, the application URL has also changed to stratacloudmanager.paloaltonetworks.com, and you’ll also now see the Strata Cloud Manager logo on the left navigation pane.
Moving forward, continue using the Strata Cloud Manager app to manage and monitor your deployments.

License Activation Changes

After you receive an email from Palo Alto Networks identifying the new product license you're activating, including all your add-ons and capacities, use the activation link to begin the activation process. You can activate and manage all your available licenses, device associations, tenants, and identity and access from Common Services. As existing app instances transition to tenants and tenant service groups you can also use Common Services to manage those as well. After activation or transition, you can find Common Services in the tenant view of the hub or in a variety of ways.

Remote Browser Isolation

Now you can use Common Services to activate a license for Remote Browser Isolation (RBI).
Browser and web-based attacks are continuously evolving, resulting in security challenges for many enterprises. Web browsers, being a major entry point for malware to penetrate networks, pose a significant security risk to enterprises, prompting the increasing need to protect networks and devices from zero day attacks. Highly regulated industries, such as government and financial institutions, also require browser traffic isolation as a mandatory compliance requirement.
While most enterprises want to block 100% of attacks by using network security and endpoint security methods, such a goal might not be realistic. Most attacks start with the compromise of an endpoint that connects to malicious or compromised sites or by opening malicious content from those sites. An attacker only needs one miss to take over an endpoint and compromise the network. When this happens, the consequences of that compromise and the impact to your organization can be damaging.
Remote Browser Isolation (RBI) creates a no-code execution isolation environment for a user's local browser, so that no website code and files are executed on their local browser. Unlike other isolation solutions, RBI uses next-generation isolation technologies to deliver near-native experiences for users accessing websites without compromising on security.
RBI is a service that isolates and transfers all browsing activity away from the user's managed devices and corporate networks to an outside entity such as Prisma Access, which secures and isolates potentially malicious code and content within their platform. Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing security policies. Isolation profiles can restrict many user controls such as copy and paste actions, keyboard inputs, and sharing options like file uploading, downloading, and printing files to keep sensitive data and information secure. All traffic in isolation undergoes analysis and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and SaaS Security.

What's new in October 2023

The following new items were released in October 2023.
New Features in October 2023
Prisma Access China Cloud Managed License Activation
You can now activate a license through Common Services for Cloud Managed , an offering that allows you to onboard Prisma Access locations in mainland China.

What's new in August 2023

The following new items were released in August 2023.
New Features in August 2023
CIE Sharing
Now you can use Common Services to activate and share Cloud Identity Engine.

What's new in July 2023

The following new items were released in July 2023.
New Features in July 2023
Unified License Activation
The separate single tenant license activation flow and multitenant license activation flow have been unified into one. The following pages are updated to reflect the changes:

What's new in June 2023

The following new items were released in June 2023.
New Features in June 2023
Strata Cloud ManagerDepending on your licensed products, and if you have received information about the migration of your tenant, you might begin to manage and monitor your network and security infrastructure through Strata Cloud Manager. You still use the same Common Services for license activation and tenant management, but you access them through Settings.
VM Flex License Agreement
Now you can use Common Services to Activate a VM Flex License Agreement for IoT Security and AIOps for NGFW.
Service Provider Backbone License Activation
Now you can use Common Services to activate a license for Service Provider Backbone, an offering that allows you more control of your Prisma Access egress traffic.

What's new in May 2023

The following new items were released in May 2023.
New Features in May 2023
IOT Security subscriptions
Now that IoT Security is compatible with tenants and tenant service groups (TSGs), you can use Common Services to activate IoT Security subscriptions.

What's new in April 2023

The following new items were released in April 2023.
New Features in April 2023
Enterprise License Agreement add-on
Now that IoT Security is compatible with tenants and tenant service groups (TSGs), you can use Common Services to activate an Enterprise License Agreement for IoT Security.
Extend or renew subscriptions
Extend or Renew a Subscription is updated to show additional steps to follow in shared license scenarios.

What’s New in March 2023

The following new items were released in March 2023.
New Features in March 2023
Prisma Access China License Activation
You can now activate a license through Common Services for Panorama Managed Prisma Access, an offering that allows you to onboard Prisma Access locations in mainland China.

What’s New in February 2023

The following new items were released in February 2023.
New Features in February 2023
Enterprise License Agreement add-on
Now that AIOps for NGFW is compatible with tenants and tenant service groups (TSGs), you can use Common Services to activate an Enterprise License Agreement of AIOps for NGFW Premium or AIOps for NGFW Free.
AIOps for NGFW
Now that AIOps for NGFW is compatible with tenants and tenant service groups (TSGs), you can use Common Services to activate AIOps for NGFW.
Saas Security Posture Management
Now that Saas Security Posture Management (SSPM) is compatible with tenants and tenant service groups (TSGs), you can use Common Services to activate a SSPM license.

What’s New in January 2023

The following new items were released in January 2023.
New Features in January 2023
Singapore and Australia region changes
When you Activate a License for in a single tenant or multitenant hierarchy using the Singapore or Australia region, all tenant data (such as configuration, telemetry logs, system logs, and stats) is now stored in the selected location. The new behavior is available only for new licenses and new tenant activations.

What’s New in December 2022

The following new items were released in December 2022.
New Features in November 2022
Location add-on changes
If you have a local edition license, the Location add-on is now available for enabling more than 5 regions, and for sharing additional locations with your tenants during Activate a License for Cloud-managed .

What’s New in November 2022

The following new items were released in November 2022.
New Features in November 2022
CASB-X license activation
Next Generation CASB License on Cross Platforms (CASB-X) can be applied on both Prisma Access and Next Generation Firewall (NGFW) devices in a single tenant environment.

What’s New in October 2022

The following new items were released in October 2022.
New Features in October 2022
CASB license sharing
When you share a license for that includes the Cloud Access Security Broker (CASB) add-on, you can enable CASB on the root tenants or child tenants where the Prisma Access license is shared.
Deselect add-ons
When you share a Prisma Access license, you can now deselect add-ons such as Autonomous Digital Experience Management (ADEM) and Service Connection.

What’s New in September 2022

The following new items were released in September 2022.
New Features in September 2022
Multi-DLP Additional Workflows
Data Loss Prevention (DLP) is now also available in single tenant Activate a License for Cloud-managed . In a single tenant Prisma Access Enterprise environment, you have the option to activate multiple individual DLPs against different single tenants or to consolidate multiple DLP instances (such as CASB, NGFW, and Prisma Cloud) under one Customer Support Portal (CSP) ID and one single tenant.
Panorama-managed License Activation
When you Activate a License for Panorama-managed , the button label is now updated to Single Tenant / Panorama to indicate that the button is for both single tenant Prisma Access license activation and also for Panorama-managed Prisma Access license activation, regardless of single or multitenant status in Panorama.

What’s New in August 2022

The following new items were released in August 2022.
New Features in August 2022
Prisma Access License Activation Enhancements
Activate and manage all your in one place.
Subscription Modification
Request to modify a subscription for your production tenant.
Evaluation to Production Conversion
Request evaluation license to production conversion, specifying the licenses you would like on your production tenant.
License Diagnostics
You can now diagnose license activation issues and open support cases in one location.
CASB Bundle
CASB add-on bundle allows you to activate the following capabilities all at once during Activate a License for Cloud-managed : SaaS Security Inline and API, Enterprise DLP, SaaS Security Posture Management (SSPM).
Multi-DLP Support
Data Loss Prevention (DLP) is no longer restricted to one DLP instance per CSP ID. Depending on your license, you can now activate multiple DLPs per CSP ID. This makes it possible to activate the DLP add-on against multiple tenants, including child tenants, in your multitenant hierarchy during Activate a License for Cloud-managed .