ZPA Up Before Windows Login

We are also awaiting more information regarding 3.2 and machine groups.

Hi guys

do we have any updates on this?
we are at the exact same stage ( deploying windows 10 laptops remotely with autopilot) and need ZPA to be logged on before the user logs in.

Also waiting for news on this.

ZCC v3.2.0.87 just got released yesterday

See https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021

The link said it released “in limited availability.”
What does that mean? Who is it available to and who is it not available for?
Is that documented anywhere?

not sure if thats officially documented anywhere but ZCC versions in ‘limited availability’ can be whitelisted for your tenant by your ZScaler TAM

maybe there are some prereqs to be fulfilled, TAM should know

They have updated the ZPA release page as well.


You can also always check the beta cloud if you have one provisioned :slight_smile:

Has anyone got this setup successfully? Within ZPA portal, the machine group and machine provisioning key has been configured, however, it doesn’t show up in the ZIA portal App Profile Machine Token drop down. It’s empty…

Yes for us is working you have to add the key in the appprofile und add an access policy as well.

Yeah, it’s the key not showing up in the App Profile which is the issue. Our SE is looking into it but wanted to see if any others ran into this same issue and how it was resolved. Thanks


No it was directly working on my site. Your cloud also zscloud?

No, we are on zscalertwo.net cloud.

Have you try to add a new profile?

Yes we have and still no luck. Waiting for our SE to find out what could be causing the issue. Thanks

We finally got this working, ended up being something on the backend which is now fixed. Able to see Active Machine tunnels along with the new Zscaler Diagnostics on the lock screen.

1 Like

Limited Availability is simply a way new releases are rolled out slowly in case of major issues. The first GA phase is always limited availability which means it doesn’t show up in the app store of the ZCC Portal on all cloud instances. Shortly after LA starts, it is rolled to all clouds. As Kevin noted, you can go to your beta instance (if you have one) well before GA and download it, or ask your TAM to forward the distribution link after it is in the limited availability stage of GA, or finally, set your upgrade option to “Always Latest Version” and wait for it to hit your app store.

Hi Raj,

I am also trying to achieve this but not getting the option machine token while deploying client getting error “Unknown option --machineToken”.

We are using zscalertwo.net cloud. Could you please help us with detailed steps taken to make this scenario work.

Hi Satyam,

First be sure you have the 3.2.x client installed. Within ZPA, create your machine provisioning key and machine group. From ZIA client connector portal, open the App Profile and drop down machine token and select the key you created. If it doesn’t show up, I suggest contacting your SE to see what needs to be done on the backend to enable that for your account.

Hope this helps.

Hi folks,
I’ve opened a thread on Machine Tunnel Implementation, found at the link below. I started new because this thread is more about “when will it be available”, and is rather long. I hope to get some good discussion, as I’ve got a security concern I’d appreciate perspectives on.

1 Like