1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ Pro Administrator’s Guide
    5. Cortex® XDR™ Overview
    6. Cortex® XDR™ Licenses
    7. Cortex® XDR™ License Allocation

    Cortex® XDR™ License Allocation

    Cortex® XDR™ regulates agent licenses according to the available license quota and revocation clean-up policy.

    Enforcement of Cortex XDR Pro Endpoint Licenses

    For the Cortex XDR Pro per Endpoint license, Cortex XDR limits the number of Pro agents and associated Pro capabilities to the number of agents allocated by the license. Pro agent features include:
    • Enhanced Data Collection on the endpoint
    • Remediation analysis
    • Host Insights including Vulnerability Assessment, Host Inventory, and File Search and Destroy
    You can further refine the endpoints on which you enable Pro features in your agent settings profiles.
    After utilizing all available Pro licenses, Cortex XDR falls back to a Cortex XDR Prevent policy that protects the endpoint but does not include Pro-specific capabilities. When you exceed the permitted number of Pro agents, Cortex XDR displays a notification in the notification area. Cortex XDR permits a small grace over the permitted number but begins enforcing the number of agents after 14 days. If additional Pro agents are required, increase your Cortex XDR Pro per Endpoint license capacity.
    To view the Pro license status for specific endpoints, see the View Details About an Endpoint.

    Enforcement of Cortex XDR Cloud per Host License

    For the Cortex XDR Cloud per Host license, Cortex XDR auto-identifies if a host is running in a public cloud and assigns the Cloud per Host license accordingly.

    License Revocation

    With Cortex XDR Prevent and Cortex XDR Pro per Endpoint licenses, Cortex XDR manages licensing for all endpoints in your organization. Each time you install a new Cortex XDR agent on an endpoint, the Cortex XDR agent registers with Cortex XDR to obtain a license. In the case of non-persistent VDI, the Cortex XDR agent registers with Cortex XDR as soon as the user logs in to the endpoint.
    Cortex XDR issues licenses until you exhaust the number of license seats available. Cortex XDR also enforces a license cleanup policy to automatically return unused licenses to the pool of available licenses. The time at which a license returns to the license pool depends on the type of endpoint:
    Endpoint Type
    License Return
    Agent Removal from Cortex XDR console
    Agent Removal from Cortex XDR Database
    Standard and mobile devices
    After 30 days
    After 180 days
    After 180 days
    (Non-Persistent) VDI and Temporary Session
    Immediately after log-off for VDI, otherwise after 90 minutes
    After 6 hours
    After 7 days
    After a license is revoked, if the agent connects to Cortex XDR, reconnection will succeed as long as the agent has not been deleted.
    If a deleted agent tries to connect to Cortex XDR during the 180 days period, the agent can resume connection and maintain its agent ID. After the 180 days period, the agent ID is deleted alongside all the associated data. In order to reconnect the agent, you must use Cytool to reconnect it or reinstall it on the endpoint, and the agent will be assigned a new ID and a fresh start.
    It can take up to an hour for Cortex XDR to display revived endpoints.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo