Agent Configurations Based on Software and App Settings

Use the following steps to push agent configurations to connecting endpoints based on the presence of specific software and app settings on the endpoint:
  1. The Windows Registry and macOS plist enable you to deploy app settings directly to endpoints.
  2. Define the data that the GlobalProtect app collects from connecting endpoints after users successfully authenticate to the portal.
    • To collect registry data from Windows endpoints, select
      Windows
      and then
      Add
      the
      Registry Key
      and corresponding
      Registry Value
      .
      portal-data-collection-custom-checks-windows.png
    • To collect plist data from macOS endpoints, select
      Mac
      and then
      Add
      the
      Plist
      key and corresponding
      Key
      value.
      portal-data-collection-custom-checks-mac.png
  3. Add custom config selection criteria for your agent configuration.
    The portal can determine whether an endpoint is managed or unmanaged by verifying the presence of specific software and app settings on the endpoint, as defined in the Windows Registry and macOS plist (Step 1). After the GlobalProtect app collects data from connecting endpoints (as defined in Step 3), it sends this data to the portal to match against the custom checks that you specify in the config selection criteria for each agent configuration. If an endpoint matches all config selection criteria for an agent configuration, the portal pushes that agent configuration to the endpoint.
    To deliver your agent configuration to connecting endpoints based on custom host information, use the following steps:
    1. Select
      Config Selection Criteria
      Custom Checks
      .
    2. Enable
      Custom Checks
      and then define any of the following registry and plist data to match:
      • To check Windows endpoints for a specific registry key, use the following steps:
        1. Add
          a new registry key (
          Custom Checks
          Registry Key
          ).
        2. When prompted, enter the
          Registry Key
          to match.
        3. (
          Optional
          ) To deliver this configuration only if the endpoint does not have the specified registry key or key value, select
          Key does not exist or match the specified value data
          .
        4. (
          Optional
          ) To deliver this configuration based on specific registry values,
          Add
          the
          Registry Value
          and corresponding
          Value Data
          . To deliver this configuration only if the endpoint does not have the specified
          Registry Value
          or
          Value Data
          , select
          Negate
          .
        custom-checks-registry-key.png
      • To check macOS endpoints for a specific entry in the plist, use the following steps:
        1. Add
          a new plist (
          Custom Checks
          Plist
          ).
        2. When prompted, enter the
          Plist
          name.
        3. (
          Optional
          ) To deliver this configuration only if the endpoint does not have the specified plist, select
          Plist does not exist
          .
        4. (
          Optional
          ) To deliver this configuration based on specific key-value pairs within the plist, click
          Add
          and then enter the
          Key
          and corresponding
          Value
          . To match only if endpoints do not have the specified key or value, select
          Negate
          .
        custom-checks-plist.png
  4. Save the portal configuration.
    1. Click
      OK
      twice.
    2. Commit
      your changes.

Recommended For You