End-of-Life (EoL)
Install with a Unified Configuration Profile for MDMs
Use the Palo Alto Networks unified configuration profile
for MDMs to seamlessly install the Cortex® XDR™ agent on macOS endpoints.
You install the Cortex XDR agent by deploying
an installation package on the endpoint. When you install the Cortex
XDR agent for macOS, the operating system requires the user to approve
extensions and notifications and to grant full disk access permissions.
For a seamless installation that does not require end user interaction,
Palo Alto Networks provides a unified configuration profile that
you can upload to any third-party deployment software of your choice.
This unified configuration profile is compatible with all supported
macOS versions and all supported Cortex XDR agent versions.
The
following payloads are included in the unified configuration profile:
- Kernel ExtensionsType:com.apple.syspolicy.kernel-extension-policyPrerequisites: macOS 10.15.3 and earlier
- System ExtensionsType:com.apple.system-extension-policyPrerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
- Content FilterType:com.apple.webcontent-filterPrerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
- Privacy Preferences Policy ControlType:com.apple.TCC.configuration-profile-policyPrerequisites: macOS 10.15.0 and later
- NotificationsType:com.apple.notificationsettingsPrerequisites: macOS 10.15.0 and later
If you prefer to use individual
configuration profiles, refer to Install the Cortex® XDR™ Agent Using JAMF
Due
to changes of certification, signed profiles need to be renewed
every year. The existing signed Configuration Profiles have expired
and we recommend you replace them with the updated profiles attached
here. While using an expired profile is not recommended, no functional
impact is expected at this point.
It is very important that
you first upload the new profiles before replacing the expired profiles.
To ensure there are no disruptions to your endpoint profiles, make
sure to:
- Upload the profiles following the steps described below ensuring you add the profiles to the same scope as the expired profiles. For example, same groups and dynamic groups.
- Ensure all endpoints have both the expired profiles and new profiles.
- Only after all endpoints in your environment have the new profiles can you delete the expired profiles.
To
deploy the Cortex XDR agent on Mac endpoints using the Palo Alto
Networks unified configuration profile file:
- Upload the signed unified configuration profile to your MDM tool.
- Download the signed configuration fileCortexXDR_UnifiedConfigProfile_Intel_V3_SignedPANW(MD5=7b1c8a63d888bae56a47a681c174fa09). If you prefer or are required to sign the configuration file using your own signing certificate, download the unsigned configuration fileCortexXDR_UnifiedConfigProfile_Intel_V3_Unsigned(MD5=50a4e179eec78f6d8b35f794333cd206) and sign it.
- Upload the file to your MDM and save the profile.
Palo Alto Networks recommends you upload only a signed configuration profile file to your MDM, and avoid uploading the unsigned file directly to your MDM. - Upload the Cortex XDR agent installation package to your MDM tool.
- Create a new agent installation package in the Cortex XDR management console.
- Upload the agent installation ZIP package to your MDM.
- Proceed to distribute the Cortex XDR agent package across your endpoints.
Recommended For You
Recommended Videos
Recommended videos not found.