1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ Agent Administrator's Guide
    5. Cortex® XDR™ Agent 7.3 for Mac
    6. Install the Cortex® XDR™ Agent for Mac
    7. Install with a Unified Configuration Profile for MDMs
    End-of-Life (EoL)

    Install with a Unified Configuration Profile for MDMs

    Use the Palo Alto Networks unified configuration profile for MDMs to seamlessly install the Cortex® XDR™ agent on macOS endpoints.
    You install the Cortex XDR agent by deploying an installation package on the endpoint. When you install the Cortex XDR agent for macOS, the operating system requires the user to approve extensions and notifications and to grant full disk access permissions. For a seamless installation that does not require end user interaction, Palo Alto Networks provides a unified configuration profile that you can upload to any third-party deployment software of your choice. This unified configuration profile is compatible with all supported macOS versions and all supported Cortex XDR agent versions.
    The following payloads are included in the unified configuration profile:
    • Kernel Extensions
      Type:
      com.apple.syspolicy.kernel-extension-policy
      Prerequisites: macOS 10.15.3 and earlier
    • System Extensions
      Type:
      com.apple.system-extension-policy
      Prerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
    • Content Filter
      Type:
      com.apple.webcontent-filter
      Prerequisites: macOS 10.15.4 and later for Cortex XDR agent 7.0 or later
    • Privacy Preferences Policy Control
      Type:
      com.apple.TCC.configuration-profile-policy
      Prerequisites: macOS 10.15.0 and later
    • Notifications
      Type:
      com.apple.notificationsettings
      Prerequisites: macOS 10.15.0 and later
    If you prefer to use individual configuration profiles, refer to Install the Cortex® XDR™ Agent Using JAMF
    Due to changes of certification, signed profiles need to be renewed every year. The existing signed Configuration Profiles have expired and we recommend you replace them with the updated profiles attached here. While using an expired profile is not recommended, no functional impact is expected at this point.
    It is very important that you first upload the new profiles before replacing the expired profiles. To ensure there are no disruptions to your endpoint profiles, make sure to:
    1. Upload the profiles following the steps described below ensuring you add the profiles to the same scope as the expired profiles. For example, same groups and dynamic groups.
    2. Ensure all endpoints have both the expired profiles and new profiles.
    3. Only after all endpoints in your environment have the new profiles can you delete the expired profiles.
    To deploy the Cortex XDR agent on Mac endpoints using the Palo Alto Networks unified configuration profile file:
    1. Upload the signed unified configuration profile to your MDM tool.
      1. Download the signed configuration file
        CortexXDR_UnifiedConfigProfile_Intel_V3_SignedPANW
         (MD5=
        7b1c8a63d888bae56a47a681c174fa09
        ). If you prefer or are required to sign the configuration file using your own signing certificate, download the unsigned configuration file
        CortexXDR_UnifiedConfigProfile_Intel_V3_Unsigned
         (MD5=
        50a4e179eec78f6d8b35f794333cd206
        ) and sign it.
      2. Upload the file to your MDM and save the profile.
      Palo Alto Networks recommends you upload only a signed configuration profile file to your MDM, and avoid uploading the unsigned file directly to your MDM.
    2. Upload the Cortex XDR agent installation package to your MDM tool.
      1. Create a new agent installation package in the Cortex XDR management console.
      2. Upload the agent installation ZIP package to your MDM.
      3. Proceed to distribute the Cortex XDR agent package across your endpoints.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo