For ease of deployment, you can use a mobile device management (MDM) system such as Workspace ONE (formerly AirWatch), MobileIron, or Google Workspace (formerly Google Admin Console), to deploy the Cortex XDR app to your managed Android devices.
Before you start deploying the Cortex XDR app using an MDM:
Review the mandatory and optional managed configuration parameters:
Field
Description
Value type
Example
referrer
(required)
The distribution ID. To obtain the distribution ID, Create an Agent Installation Package from the Cortex XDR management console and copy the download link. This link contains the distribution ID required to associate the app with your Cortex XDR tenant.
String
123456789...firstName
Dynamic field for the user's first name. Used for specific user identification in the Cortex XDR management console.
String
JohnlastName
Dynamic field for they user's last name. Used for specific user identification in the Cortex XDR management console.
String
Doeemail
Dynamic field for the user’s email. Used for specific user identification in the Cortex XDR management console.
String
jd@gmail.commdm_group_tag
An optional string that you can add as a prefix to the device name that is displayed in the Cortex XDR management console. Used to group and easily identify all devices that were installed using this managed configuration.
String
JFK_Schoolmdm_auto_registration
Flag to enforce automatic registration that does not prompt the end user. The Cortex XDR app relies on the available information from the MDM and the device operating system for device and user identification information.
When enabled, it is recommended to select either Force-install + Pin or Force install when you determine how the Cortex XDR app is installed on the device, and if possible allow all permissions before installation.
Boolean
true | falseChoose a Personal or Group managed configuration setup.
Using the managed configuration parameters, you can choose to set a Personal managed configuration for each end user, or a Group managed configuration for multiple devices at once:
Personal managed configuration—Use this option if you want to enter the user name and email of each user. To require each end user to fill in their own name, use only the referrer tag and do not use the names and email tags in the managed configuration file:
{ "referrer" : "26218751f5bb4671b92c8c428bfa4a6c", "firstName" : "John", "lastName" : "Doe", "email" : "jdoe@gmail.com" }Group managed configuration—Use this option if you want to deploy the Cortex XDR app to multiple devices without requiring the end user to enter data:
{ "referrer":"26218751f5bb4671b92c8c428bfa4a6c", "mdm_group_tag":"JFK_School", "mdm_auto_registration":true }
Note
When
"mdm_auto_registration":true, if the Cortex XDR app starts for the first time and no user information is available, the app identifies the current account that is in use and provides the associated user information to Cortex XDR.Proceed to Deploy Cortex XDR for Android from Workspace ONE, or Deploy Cortex XDR for Android on Chromebooks Managed by Google Workspace.
Deploy Cortex XDR for Android from Workspace ONE
To deploy Cortex XDR for Android from Workspace ONE:
In Workspace ONE, add Cortex XDR for Android to your app list.
Assign Cortex XDR for Android to a deployment group.
Edit the Application Configuration to provide value string pairs using the lookup value option or enter in the values.
For the referrer, you can paste the entire download link associated with your installation package. Or you can extract the referrer from the link and paste only the distribution ID.
Add and then publish the configuration to your devices.
Deploy Cortex XDR for Android on Chromebooks Managed by Google Workspace
Before you deploy the app, ensure your devices meet the following requirements and refer to these known limitations:
Verify the device is controlled by Google Workspace (can be sometimes referred to as a managed or enterprise-enrolled device).
For Chromebooks, verify the device is a Chromebook 2019 or later.
The Cortex XDR app scans Android apps only, and does not scan Chrome OS native apps.
To deploy Cortex XDR for Android from Google Workspace:
Add the Cortex XDR app to Google Workspace App list.
Log in to the Google Workspace as an administrator.
Select → → .
Search for the Cortex XDR app and add (+) it.
Verify that you can see the app in your available applications for Users and browsers.
Determine how you want Google Workspace to install the Cortex XDR app on the endpoint.
After you approve the Cortex XDR app, you must specify how the app is installed. To prevent users from bypassing the Cortex XDR Agent by uninstalling the app, force all devices to install the app automatically when users log on.
Select the Cortex XDR app from the App list ( → → .
Select your organizational unit from the list on the left edge of the page.
Select any of the following options:
(Recommended) Force install + pin—Enable and pin the force-installed Cortex XDR app to the taskbar. If you select this option, all the application permissions are automatically granted and users will not have the option to Sign Out of the app.
Force install—Use this option if you want to ensure that the Cortex XDR app is automatically installed on each device when users log on. If you select this option, all the application permissions are automatically granted and users will not have the option to sign out of the app.
Allow install—Install this app manually from the Google Play Store. This option also allows users to uninstall the Cortex XDR app from their devices.
Block—Block users from installing this app.
Save your changes.
Apply a managed configuration to the Cortex XDR app.
Click Upload from file on the right edge of the page to select and upload your managed configuration file, or enter the name of the key value in JSON format. For the available options, refer to Step 2.
Save your changes.
Your managed configuration is ready and will be deployed when the end user logs on to the managed device.
Launch the Cortex XDR app on the endpoint.
For the Cortex XDR agent app to start its normal operation after deployment, the end user must launch it once on the device.