Cortex® XDR™ License Allocation

Cortex® XDR™ regulates agent licenses according to the available license quota and revocation clean-up policy.

Enforcement of Cortex XDR Pro Agent Licenses

For the Cortex XDR Pro per Endpoint license, Cortex XDR limits the number of Pro agents and associated Pro capabilities to the number of agents allocated by the license. Pro agent features include:
  • Enhanced Data Collection on the endpoint
  • Remediation analysis
  • Host Insights including Vulnerability Assessment, Host Inventory, and File Search and Destroy
You can further refine the endpoints on which you enable Pro features in your agent settings profiles.
After utilizing all available Pro licenses, Cortex XDR falls back to a Cortex XDR Prevent policy that protects the endpoint but does not include Pro-specific capabilities. When you exceed the permitted number of Pro agents, Cortex XDR displays a notification in the notification area. Cortex XDR permits a small grace over the permitted number but begins enforcing the number of agents after 14 days. If additional Pro agents are required, increase your Cortex XDR Pro per Endpoint license capacity.
To view the Pro license status for specific endpoints, see the View Details About an Endpoint.

License Revocation

With Cortex XDR Prevent and Cortex XDR Pro per Endpoint licenses, Cortex XDR manages licensing for all endpoints in your organization. Each time you install a new Cortex XDR agent on an endpoint, the Cortex XDR agent registers with Cortex XDR to obtain a license. In the case of non-persistent VDI, the Cortex XDR agent registers with Cortex XDR as soon as the user logs in to the endpoint.
Cortex XDR issues licenses until you exhaust the number of license seats available. Cortex XDR also enforces a license cleanup policy to automatically return unused licenses to the pool of available licenses. The time at which a license returns to the license pool depends on the type of endpoint:
Endpoint Type
License Return
Agent Removal from Cortex XDR console
Agent Removal from Cortex XDR Database
Standard and mobile devices
After 30 days
After 180 days
After 180 days
(Non-Persistent) VDI and Temporary Session
Immediately after log-off for VDI, otherwise after 90 minutes
After 6 hours
After 7 days
After a license is revoked, if the agent connects to Cortex XDR, reconnection will succeed as long as the agent has not been deleted.
If a deleted agent tries to connect to Cortex XDR during the 180 days period, the agent can resume connection and maintain its agent ID. After the 180 days period, the agent ID is deleted alongside all the associated data. In order to reconnect the agent, you must use Cytool to reconnect it or reinstall it on the endpoint, and the agent will be assigned a new ID and a fresh start.
It can take up to an hour for Cortex XDR to display revived endpoints.

Recommended For You