Agent Configurations Based on Software and App Settings

Use the following steps to push agent configurations to connecting endpoints based on the presence of specific software and app settings on the endpoint:
  1. (Optional) Deploy app settings using the Windows Registry or macOS plist.
    The Windows Registry and macOS plist enable you to deploy app settings directly to endpoints.
  2. Set up access to the GlobalProtect portal.
  3. Define the data that the GlobalProtect app collects from connecting endpoints after users successfully authenticate to the portal.
    • To collect registry data from Windows endpoints, select Windows and then Add the Registry Key and corresponding Registry Value.
      portal-data-collection-custom-checks-windows.png
    • To collect plist data from macOS endpoints, select Mac and then Add the Plist key and corresponding Key value.
      portal-data-collection-custom-checks-mac.png
  4. Define an agent configuration on the portal.
  5. Add custom config selection criteria for your agent configuration.
    The portal can determine whether an endpoint is managed or unmanaged by verifying the presence of specific software and app settings on the endpoint, as defined in the Windows Registry and macOS plist (Step 1). After the GlobalProtect app collects data from connecting endpoints (as defined in Step 3), it sends this data to the portal to match against the custom checks that you specify in the config selection criteria for each agent configuration. If an endpoint matches all config selection criteria for an agent configuration, the portal pushes that agent configuration to the endpoint.
    To deliver your agent configuration to connecting endpoints based on custom host information, use the following steps:
    1. Select Config Selection CriteriaCustom Checks.
    2. Enable Custom Checks and then define any of the following registry and plist data to match:
      • To check Windows endpoints for a specific registry key, use the following steps:
        1. Add a new registry key (Custom ChecksRegistry Key).
        2. When prompted, enter the Registry Key to match.
        3. (Optional) To deliver this configuration only if the endpoint does not have the specified registry key or key value, select Key does not exist or match the specified value data.
        4. (Optional) To deliver this configuration based on specific registry values, Add the Registry Value and corresponding Value Data. To deliver this configuration only if the endpoint does not have the specified Registry Value or Value Data, select Negate.
        custom-checks-registry-key.png
      • To check macOS endpoints for a specific entry in the plist, use the following steps:
        1. Add a new plist (Custom ChecksPlist).
        2. When prompted, enter the Plist name.
        3. (Optional) To deliver this configuration only if the endpoint does not have the specified plist, select Plist does not exist.
        4. (Optional) To deliver this configuration based on specific key-value pairs within the plist, click Add and then enter the Key and corresponding Value. To match only if endpoints do not have the specified key or value, select Negate.
        custom-checks-plist.png
  6. Save the portal configuration.
    1. Click OK twice.
    2. Commit your changes.

Related Documentation