Machine Tunnel Use Cases

Can anyone describe on what are the major use cases for Machine Tunnels?

A machine tunnel allows a user’s Windows device to establish a connection to a service before the user is logged in to Zscaler Client Connector.

Windows login with AD authentication, GPO update etc can happen before the user login to the machine.


Reset your Windows session remotely since you need to access AD infrastructure before opening your session.


We use it to allow our users to log into their brand new laptops for the first time as there wouldn’t be any cached creditials at this point.


Thanks all! this is all what i understood so just wanted to confirm if there are any other use cases for MT.

Another really good use case in this hybrid world is that with the machine tunnel and the “always on” AD connection, the computer is aware of user expired passwords, lockouts, disablements, etc before the user logs in and can take appropriate action, including using the native password changing to prompt the user for a new password when theirs is expired.
It can also be used by SCCM to allow communications from the client to the infrastructure with no users logged in, which is also nice for hybrid workers or full remote workers.