Directly from the portal—Download the app software to the firewall hosting the portal, and then activate it so that end users can install the updates when they connect to the portal. This option provides flexibility by allowing you to control how and when end users receive updates based on the agent configuration settings you define for each user, group, and/or operating system. However, if you have a large number of apps that require updates, it could put extra load on your portal. See Host App Updates on the Portal for instructions.

From a web server—If you have a large number of endpoints that need to upgrade the app simultaneously, consider hosting the app updates on a web server to reduce the load on the firewall. See Host App Updates on a Web Server for instructions.

Transparently from the command line—For Windows endpoints, you can deploy app settings automatically using the Windows Installer (Msiexec). However, to upgrade to a later app version using Msiexec, you must first uninstall the existing app. In addition, Msiexec allows for deployment of app settings directly on the endpoints by setting values in the Windows registry. Similarly, you can also deploy app settings to macOS endpoints, by configuring settings in the macOS plist. See Deploy App Settings Transparently.

Using group policy rules—In Active Directory environments, the GlobalProtect app can also be distributed to end users through an Active Directory group policy. AD Group policies allow for automated modification of Windows endpoint settings and software. Refer to the article at http://support.microsoft.com/kb/816102 for more information on how to use Group Policy to automatically distribute programs to endpoints or users.

From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, to manage your mobile endpoints, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.

From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, that supports Windows 10 endpoints, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.

From the Microft Store—The end user can also download and install the GlobalProtect app directly from the Microsoft Store. For instructions on how to download and test the GlobalProtect app installation, see Download and Install the GlobalProtect Mobile App.

From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.

From an app store—The end user can also download and install the GlobalProtect app directly from the Apple App Store (iOS endpoints) or from Google Play (Android endpoints). For instructions on how to download and test the GlobalProtect app installation, see Download and Install the GlobalProtect Mobile App.

From the Google Admin console—The Google Admin console enables you to manage Chromebook settings and apps from a central, web-based location. To deploy the GlobalProtect app for Android on managed Chromebooks using the Google Admin console, see Deploy the GlobalProtect App for Android on Managed Chromebooks Using the Google Admin Console.

From Workspace ONE—You can deploy the GlobalProtect app for Android on managed Chromebooks that are enrolled with Workspace ONE. After you deploy the app, configure and deploy a VPN profile to set up the GlobalProtect app for end users automatically. To deploy the GlobalProtect app for Android on managed Chromebooks using Workspace ONE, see Deploy the GlobalProtect App for Android on Managed Chromebooks Using Workspace ONE.