What’s New in Common Services: Subscription and Tenant Management
Table of Contents
Expand all | Collapse all
- Get Started with License Activation, Subscription, & Tenant Management
-
-
- First Time License Activation - One CSP Account
- First Time License Activation - Multiple CSP Accounts
- Return Visit License Activation
- Allocate Licenses for Cloud-managed Prisma Access
- Plan Service Connections for Cloud-managed Prisma Access and Add-ons
- Add Additional Locations for Cloud-managed Prisma Access and Add-ons
- Enable Available Add-ons for Cloud-managed Prisma Access
- Search for Subscription Details
- Share a License for Cloud-managed Prisma Access and Add-ons
- Increase Subscription Allocation Quantity
-
- Remote Browser Isolation Activation
- Product Management
What’s New in Common Services: Subscription and Tenant Management
Learn about the latest features related to Common Services: Subscription and Tenant Management.
Here’s what’s new in Common Services: Subscription and Tenant Management. You
can also check what’s new for the NetSec Platform, Identity and Access Management, Device Associations, and Multitenant Portal.
- What's new in June 2024
- What's new in May 2024
- What's new in February 2024
- What's new in December 2023
- What's new in November 2023
- What's new in October 2023
- What's new in August 2023
- What's new in July 2023
- What's new in June 2023
- What's new in May 2023
- What's new in April 2023
- What’s New in March 2023
- What’s new in February 2023
- What’s new in January 2023
- What’s New in December 2022
- What’s New in November 2022
- What’s New in October 2022
- What’s New in September 2022
- What’s New in August 2022
What's new in June 2024
License Simplification and Default Tenant Creation
Products offered for free, such as AIOps Free and CIE, don't need an activation link
or auth code for activation. The hub serves as the entry point
for you to activate these products. Activating a product from the tenant view of the
hub creates a single default tenant where the product is
deployed. If you have a single Customer Support Portal account, certain fields in
the activation form are prepopulated on your behalf for a simplified license
activation experience.
First-time license activation for paid products is still through an email that you
receive from Palo Alto Networks. The email still contains an activation link.
Activating a product from the activation link creates a single default tenant where
the product is deployed. If you have a single Customer Support Portal account,
certain fields in the activation form are prepopulated on your behalf for a
simplified license activation experience.
If you have multiple Customer Support Portal accounts, during activation you will
select the Customer Support Portal account that you want to use for managing your
product. If you're a managed security service provider (MSSP), during activation you
will select the Customer Support Portal account that you want to use for managing
your customers' products.
What's new in May 2024
FedRAMP Moderate
Fedramp requirements are security controls and well established standards for cloud
solutions intended for Cloud Service Providers managing and processing the
government data. Many government agencies mandate the Fedramp authorization. Palo
Alto Networks products and services are Fedramp Authorized to increase security,
reliability, consistency, monitoring and thereby gaining the trust and confidence of
Federal agencies.
To ensure FedRAMP Moderate compliance, Prisma SASE FedRAMP Moderate adds support for additional Prisma SASE
apps, add-ons, and certain features.
FedRAMP High "In Process" Enhancement
FedRAMP High “In Process” adds
additional support for Prisma SD-WAN standalone and add-on
What's new in February 2024
The following new items were released in February 2024.
Tenant Moves and Acquisitions
If you're a managed security service provider (MSSP) or distributed enterprise with a
multitenant hierarchy, you can now move a tenant that is part of your tenant
hierarchy to a different location. You can do this by moving an internal tenant. Any tenant is
considered an internal tenant if it's within your tenant hierarchy, and you have
superuser access to the source and target tenants. It's possible to move tenants
within the same top-most, root-level, parent tenant or intermediate tenants of your
hierarchy. You would move an internal tenant primarily in the case of testing,
demonstrations, reorgs, correcting mistakes, and more.
If you're a managed security service provider (MSSP) or distributed enterprise with a
multitenant hierarchy, you can also acquire and manage tenants that are not part of
your current tenant hierarchy. You can do this by acquiring an external tenant. Any tenant
is considered an external tenant if it isn’t within your current tenant hierarchy.
You can only acquire a top-most, root-level, parent tenant through an external
tenant acquisition. You would acquire an external tenant primarily in the case of
corporate acquisitions or mergers or reorgs.
What's new in December 2023
The following new items were released in December 2023.
FedRAMP High "In Process" Support
The Federal Risk and Authorization Management Program (FedRAMP) is a United States
government-wide program that provides a standardized approach to security
assessment, authorization, and continuous monitoring for cloud products and services
for government users. Palo Alto Networks has demonstrated FedRAMP compliance.
To ensure FedRAMP High "In Process" compliance, Prisma SASE FedRAMP High In Process introduces support
for additional Prisma SASE apps, add-ons, and certain features.
License Activation Changes
- Prisma SD-WAN: Now all stand-alone Prisma SD-WAN sales orders come with an activation email regardless if the subscription is brand new or for an existing tenant. You'll see this when you activate a license for Prisma SD-WAN.
- Prisma SD-WAN: Now you can choose a different Customer Support Account than you chose during first-time activation. You'll see this during return visit license activation for Prisma SD-WAN.
- Software NGFW Credits: Now you can activate a Software NGFW Credits License using Strata Cloud Manager (AIOps for NGFW Premium) for Panorama Managed VM-Series.
After you receive an email from Palo Alto Networks identifying the new product
license you're activating, including all your add-ons and capacities, use the
activation link to begin the activation process. You can activate and manage all
your available licenses, device associations, tenants, and identity and access from
Common Services. As existing app instances transition to
tenants and tenant service groups you can
also use Common Services to manage those as well. After activation or transition,
you can find Common Services in the tenant view of the hub or in a variety of ways.
What's new in November 2023
The following new items were released in December 2023.
App Tile Name Change
You'll notice the following change in various license activation scenarios. For
example, if you activate a license for the app formerly
known as AIOps for NGFW Premium, after the activation status is
complete, you can launch the app from a variety of places including the hub
Strata Cloud Manager app tile.
The application tile names on the hub for Prisma Access, Prisma SD-WAN, and
AIOps for NGFW (the premium app only) are now changed to Strata Cloud
Manager. With this update, the application URL has also changed to stratacloudmanager.paloaltonetworks.com, and
you’ll also now see the Strata Cloud Manager logo on the left navigation
pane.
Moving forward, continue using the Strata Cloud Manager app to manage and
monitor your deployments.
License Activation Changes
- IOT add-on for Prisma Access: Now you can use Common Services to activate the IoT Security add-on when you enable available add-ons for Prisma Access (Managed by Strata Cloud Manager)
- SaaS Security Inline: Now you can use Common Services to activate Saas Security Inline licenses and then get started with SaaS Security Inline.
After you receive an email from Palo Alto Networks identifying the new product
license you're activating, including all your add-ons and capacities, use the
activation link to begin the activation process. You can activate and manage all
your available licenses, device associations, tenants, and identity and access from
Common Services. As existing app instances transition to
tenants and tenant service groups you can
also use Common Services to manage those as well. After activation or transition,
you can find Common Services in the tenant view of the hub or in a variety of ways.
Remote Browser Isolation
Now you can use Common Services to activate a license for Remote Browser Isolation
(RBI).
Browser and web-based attacks are continuously evolving, resulting in security
challenges for many enterprises. Web browsers, being a major entry point for malware
to penetrate networks, pose a significant security risk to enterprises, prompting
the increasing need to protect networks and devices from zero day attacks. Highly
regulated industries, such as government and financial institutions, also require
browser traffic isolation as a mandatory compliance requirement.
While most enterprises want to block 100% of attacks by using network security and
endpoint security methods, such a goal might not be realistic. Most attacks start
with the compromise of an endpoint that connects to malicious or compromised sites
or by opening malicious content from those sites. An attacker only needs one miss to
take over an endpoint and compromise the network. When this happens, the
consequences of that compromise and the impact to your organization can be
damaging.
Remote Browser Isolation (RBI) creates a no-code
execution isolation environment for a user's local browser, so that no website code
and files are executed on their local browser. Unlike other isolation solutions, RBI
uses next-generation isolation technologies to deliver near-native experiences for
users accessing websites without compromising on security.
RBI is a service that isolates and transfers all browsing activity away from the
user's managed devices and corporate networks to an outside entity such as Prisma
Access, which secures and isolates potentially malicious code and content within
their platform. Natively integrated with Prisma Access, RBI allows you to apply
isolation profiles easily to existing security policies. Isolation profiles can
restrict many user controls such as copy and paste actions, keyboard inputs, and
sharing options like file uploading, downloading, and printing files to keep
sensitive data and information secure. All traffic in isolation undergoes analysis
and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as
Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security,
and SaaS Security.
What's new in October 2023
The following new items were released in October 2023.
New Features in October 2023 | |
---|---|
Prisma Access China Cloud Managed License Activation |
You can now activate a license through Common Services for
Cloud Managed
, an offering that
allows you to onboard Prisma Access locations in
mainland China.
|
What's new in August 2023
The following new items were released in August 2023.
New Features in August 2023 | |
---|---|
CIE Sharing |
Now you can use Common Services to activate and share Cloud Identity
Engine.
|
What's new in July 2023
The following new items were released in July 2023.
New Features in July 2023 | |
---|---|
Unified License Activation |
The separate single tenant license activation flow and
multitenant license activation flow have been unified into one.
The following pages are updated to reflect the changes:
|
What's new in June 2023
The following new items were released in June 2023.
New Features in June 2023 | |
---|---|
Strata Cloud Manager | Depending on your licensed products, and if you have received information about the migration of your tenant, you might begin to manage and monitor your network and security infrastructure through Strata Cloud Manager. You still use the same Common Services for license activation and tenant management, but you access them through Settings. |
VM Flex License Agreement |
Now you can use Common Services to Activate a VM Flex
License Agreement for IoT Security and AIOps for
NGFW.
|
Service Provider Backbone License Activation |
Now you can use Common Services to activate a license for
Service Provider
Backbone, an offering that allows you more control of
your Prisma Access egress traffic.
|
What's new in May 2023
The following new items were released in May 2023.
New Features in May 2023 | |
---|---|
IOT Security subscriptions |
Now that IoT Security is
compatible with tenants and tenant service groups (TSGs), you
can use Common Services to activate IoT Security
subscriptions.
|
What's new in April 2023
The following new items were released in April 2023.
New Features in April 2023 | |
---|---|
Enterprise License Agreement add-on |
Now that IoT Security is
compatible with tenants and tenant service groups (TSGs), you
can use Common Services to activate an
Enterprise License Agreement for IoT Security.
|
Extend or renew subscriptions |
Extend or Renew a Subscription is
updated to show additional steps to follow in shared license
scenarios.
|
What’s New in March 2023
The following new items were released in March 2023.
New Features in March 2023 | |
---|---|
Prisma Access China License Activation | You can now activate a license through Common Services for Panorama Managed Prisma Access, an offering that allows you to onboard
Prisma Access locations in mainland China. |
What’s New in February 2023
The following new items were released in February 2023.
New Features in February 2023 | |
---|---|
Enterprise License Agreement add-on | Now that AIOps for NGFW is compatible with
tenants and tenant service groups (TSGs), you can use Common Services to activate an
Enterprise License Agreement of AIOps for NGFW
Premium or AIOps for NGFW Free. |
AIOps for NGFW | Now that AIOps for NGFW is compatible with
tenants and tenant service groups (TSGs), you can use Common Services to activate AIOps for
NGFW. |
Saas Security Posture Management | Now that Saas Security Posture
Management (SSPM) is compatible with tenants and
tenant service groups (TSGs), you can use Common Services
to activate a SSPM license. |
What’s New in January 2023
The following new items were released in January 2023.
New Features in January 2023 | |
---|---|
Singapore and Australia region changes | When you Activate a License for in a single tenant or
multitenant hierarchy using the Singapore or Australia region,
all tenant data (such as configuration, telemetry logs, system
logs, and stats) is now stored in the selected location. The new
behavior is available only for new licenses and new tenant
activations. |
What’s New in December 2022
The following new items were released in December 2022.
New Features in November 2022 | |
---|---|
Location add-on changes | If you have a local edition license, the Location add-on is now available for enabling more than
5 regions, and for sharing additional locations with your
tenants during Activate a License
for Cloud-managed . |
What’s New in November 2022
The following new items were released in November 2022.
New Features in November 2022 | |
---|---|
CASB-X license activation | Next Generation CASB
License on Cross Platforms (CASB-X) can be applied on
both Prisma Access and Next Generation Firewall (NGFW)
devices in a single tenant environment. |
What’s New in October 2022
The following new items were released in October 2022.
New Features in October 2022 | |
---|---|
CASB license sharing | When you share a license for that
includes the Cloud Access Security Broker (CASB) add-on, you can
enable CASB on the root tenants or child tenants where the
Prisma Access license is shared. |
Deselect add-ons | When you share a Prisma Access license, you can now deselect add-ons such as
Autonomous Digital Experience Management (ADEM) and Service
Connection. |
What’s New in September 2022
The following new items were released in September 2022.
New Features in September 2022 | |
---|---|
Multi-DLP Additional Workflows | Data Loss Prevention (DLP) is now also available in single tenant Activate a License
for Cloud-managed .
In a single tenant Prisma Access Enterprise
environment, you have the option to activate multiple individual
DLPs against different single tenants or to consolidate multiple
DLP instances (such as CASB, NGFW, and Prisma Cloud) under one
Customer Support Portal (CSP) ID and one single tenant.
|
Panorama-managed License Activation | When you Activate a License
for Panorama-managed , the
button label is now updated to Single Tenant /
Panorama to indicate that the button is for both
single tenant Prisma Access license activation and also
for Panorama-managed Prisma Access license activation,
regardless of single or multitenant status in Panorama. |
What’s New in August 2022
The following new items were released in August 2022.
New Features in August 2022 | |
---|---|
Prisma Access License Activation Enhancements | Activate and manage all your in one place. |
Subscription Modification | Request to modify a subscription for
your production tenant. |
Evaluation to Production Conversion | Request evaluation license
to production conversion, specifying the licenses you would
like on your production tenant. |
License Diagnostics | You can now diagnose license activation issues and
open support cases in one location. |
CASB Bundle | CASB add-on bundle allows you to activate the following capabilities all at once during Activate a License
for Cloud-managed :
SaaS Security Inline and API, Enterprise DLP, SaaS Security
Posture Management (SSPM). |
Multi-DLP Support | Data Loss Prevention (DLP) is no longer restricted to one DLP instance per CSP ID. Depending on
your license, you can now activate multiple DLPs per CSP ID.
This makes it possible to activate the DLP add-on against
multiple tenants, including child tenants, in your multitenant
hierarchy during Activate a License
for Cloud-managed . |