Agentless: How Organization Scan option works in Prisma Cloud Console

Agentless: How Organization Scan option works in Prisma Cloud Console

1976
Created On 01/22/25 00:09 AM - Last Modified 04/30/25 20:41 PM


Symptom


Incorrect setup of member accounts regarding Agentless scanning under an organization account.

Environment


Prisma Cloud Runtime Security: SAAS Console

Resolution


GUI Path: Settings > Manage > Providers > Edit Cloud Account > Agentless Workload Scanning > Organization Scan

 

The “Organization Scan” toggle indicates whether agentless scanning will be enabled for all members of the organization/tenant or not. It allows you to enable or disable agentless scanning for all members with a single switch.

 

1- Enabled Behavior: When “Organization Scan” is enabled,  any new member accounts will automatically have agentless workload scanning enabled. When the switch is toggled from disabled to enabled, all member accounts will have their settings changed to enable agentless workload scanning.  

 

2- Disabled Behavior: When “Organization Scan” is disabled, any new member accounts will automatically have agentless workload scanning disabled. When the switch changes from enabled to disabled, all member accounts will have their settings changed to disable agentless workload scanning. 

In both scenarios, you have an option to modify the settings of an individual member account. To do this, simply click on the name of the organization/tenant from the Cloud Providers page (highlighted in red) to access the complete list of member accounts.

 

GUI Path: Settings > Manage > Providers > Organization/Tenant Account Name

 

Click the "Edit" button under "Actions" for the account you wish to modify. This will bring up the following screen, which allows you to independently enable or disable Agentless Workload Scanning for the selected member account.

GUI Path: Settings > Manage > Providers > Organization/Tenant Account Name >> Edit Member Account

Additional Information


Note: If the “Organization Scan” toggle changes after the configuration, then Agentless Workload Scanning will either be enabled or disabled for all member accounts regardless of the previous configuration.

For AWS Organization Onboarding, please follow this documentation

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HEs3CAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail