Install with a Unified Configuration Profile for MDMs

Use the Palo Alto Networks unified configuration profile for MDMs to seamlessly install the Cortex® XDR™ agent on macOS endpoints.
You install the Cortex XDR agent by deploying an installation package on the endpoint. When you install the Cortex XDR agent for macOS, the operating system requires the user to approve extensions and notifications and to grant full disk access permissions. For a seamless installation that does not require end user interaction, Palo Alto Networks provides a unified configuration profile that you can upload to any third-party deployment software of your choice. This unified configuration profile is compatible with all supported macOS versions and all supported Cortex XDR agent versions.
The following payloads are included in the unified configuration profile:
  • Kernel Extensions
    Type:
    com.apple.syspolicy.kernel-extension-policy
    Prerequisites: macOS 10.15.3 and earlier
  • System Extensions
    Type:
    com.apple.system-extension-policy
    Prerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
  • Content Filter
    Type:
    com.apple.webcontent-filter
    Prerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
  • Privacy Preferences Policy Control
    Type:
    com.apple.TCC.configuration-profile-policy
    Prerequisites: macOS 10.15.0 and later
  • Notifications
    Type:
    com.apple.notificationsettings
    Prerequisites: macOS 10.15.0 and later
If you prefer to use individual configuration profiles, refer to Install the Cortex® XDR™ Agent Using JAMF
To deploy the Cortex XDR agent on Mac endpoints using the Palo Alto Networks unified configuration profile file:
  1. Upload the signed unified configuration profile to your MDM tool.
    1. Download the signed configuration file
      CortexXDR_UnifiedConfigProfile_V2_SignedPANW.mobileconfig
      (MD5=
      3b3f8fbe27a64d57de0beedd8ddc009d
      ). If you prefer or are required to sign the configuration file using your own signing certificate, download the unsigned configuration file
      CortexXDR_UnifiedConfigProfile_V2_Unsigned.mobileconfig
      (MD5=
      55f2cc1b32d38916c56f56c21a76752c
      ) and sign it.
    2. Upload the file to your MDM and save the profile.
    Palo Alto Networks recommends you upload only a signed configuration profile file to your MDM, and avoid uploading the unsigned file directly to your MDM.
  2. Upload the Cortex XDR agent installation package to your MDM tool.
    1. Create a new agent installation package in the Cortex XDR management console.
    2. Upload the agent installation ZIP package to your MDM.
    3. Proceed to distribute the Cortex XDR agent package across your endpoints.

Recommended For You