Machine Tunnel Questions

If a user is logged into a Windows machine with the screen locked and their ZPA authentication expires, does the Machine Tunnel automatically activate? If so, what happens when the user unlocks their screen? Will the Machine Tunnel stay connected until the user re-authenticates to ZPA? Just trying to understand how/if machine tunnel functions if a user is logged into the machine.

Also, if Machine Tunnel is active pre-login, and a user who is NOT enrolled in ZPA logs in to Windows, does the Machine tunnel stay connected?

Thanks.

Hi Joe,

Some good questions !
Under your ‘Service Entitlement’ do you have ‘Enable Machine Tunnel For All’ enabled ?
My understanding is it has no relation ZPA authentication because it runs in system context and not user.

“Also, if Machine Tunnel is active pre-login, and a user who is NOT enrolled”, do you mean you have ‘Machine Authentication Required’ enabled ?

G