ADEM Access Experience is missing Data Security component

ADEM Access Experience is missing Data Security component

1299
Created On 10/24/24 02:33 AM - Last Modified 10/28/25 08:10 AM


Symptom


  • End User Coaching is configured to deliver data security violation alerts to end user.
  • The end user alerts were showing up for sometime along with the data security tab on the access experience as below.

Data security tab visible

 

  • The alerts and data security tab have now disappeared after some changes were made.

Screenshot 2024-10-29 at 9.58.46 AM.png 

 

 

Environment


  • Prisma Access Mobile users.
  • GlobalProtect 6.3 or later
  • Enterprise Data Loss Prevention (E-DLP) license

Cause


  • This is caused by either of below factors.
  • The configuration is changed on the E-DLP app where the notification has been disabled.
  • The user Not directly logged in to the end user machine but is connected via RDP (Remote Desktop Protocol)
  • The palo_alto_networks_dem logs under GlobalProtect App logs provides more information to determine the cause. 

Resolution


  1. Validate the complete configuration as per this document Including licenses.
  2. The access experience end user coaching is supported only via direct login and it is not supported for the users who login via RDP.
  3. Make sure the Globalprotect App and ADEM agent is able to communicate to the ADEM Service Destination FQDNs so the agent can fetch which feature are enabled.

Additional Information


  • Check the palo_alto_networks_dem_agent.log from GlobalProtect App logs bundle for following. 
    [default] [info] Received a data security incident notification -- posting to Analytics...
[default] [warning] Ignoring data security incident as EUC is not enabled.
  • The logs above indicates the data security alerts are being received by the agent but not displayed because EUC (End User Coaching) is not enabled.
  • Check the palo_alto_networks_dem_update_service.log rom GlobalProtect App logs bundle for following. 
    Received response from https://features.dem.prismaaccess.com/features/v1/instances?subtenant-id=xxxxxxx: {"enabled_features":[1,2]}
  • The logs above indicates that the feature EUC (End User Coaching) is not enabled. 
  • If the  EUC feature is enabled, the above log response will have code 4 in it as below. 
    Received response from https://features.dem.prismaaccess.com/features/v1/instances?subtenant-id=xxxxxxx: {"enabled_features":[1,2,4]}
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQlGCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language