Prepare for Installation (Administrator Task) - Administrator Guide - 8.4 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent iOS App

Product
Cortex XDR
Cortex XDR Agent
Version
8.4
Creation date
2024-02-26
Last date published
2024-06-27
Category
Administrator Guide
Abstract

Learn about the Administrator’s tasks required to prepare for installation of the Cortex XDR Agent app for iOS.

Prepare your organization's systems for deploying the Cortex XDR agent app on iOS devices.

  1. Perform the configurations that are required for supervised devices.

  2. On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.

  3. On the Cortex XDR or XSIAM tenant, create the agent installation package.

    1. Select EndpointsAgent Installations.

    2. Click Create to create a new installation package.

    3. Enter a unique Name and an optional Description to identify the installation package.

      The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.

    4. For Package Type, select Standalone Installers.

    5. For Platform, select iOS, and optionally, add a Description.

    6. Click Create to create the package.

  4. From EndpointsAgent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.

  5. Click Copy to copy the link and registration code, and save it for use in the next step.

  6. On your organization's MDM solution, prepare the configuration required for pushing the Cortex XDR agent app to the iOS endpoints, and for managing them. Include the parameters for the Network Shield module in the payload configuration profile.

  7. Use the MDM to push the Cortex XDR app to the device.

    The device runs the Cortex XDR app in the background. If, and when, the device user opens the app, inactive security modules are presented to the user, and the app asks the user to activate them.

    When organization-managed devices have an active Network Shield module configured for automatic background registration, the onboarding process is skipped entirely when the device user opens the app for the first time.

Note

When organization-managed devices have an active Network Shield module configured for automatic background registration, no onboarding process is presented when the device user opens the app for the first time.

  1. For supervised devices, perform the required configurations.

  2. On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.

  3. On the Cortex XDR or XSIAM tenant, create the agent installation package.

    1. Select EndpointsAgent Installations.

    2. Click Create to create a new installation package.

    3. Enter a unique Name and an optional Description to identify the installation package.

      The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.

    4. For Package Type, select Standalone Installers.

    5. For Platform, select iOS, and optionally, add a Description.

    6. Click Create to create the package.

  4. From EndpointsAgent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.

  5. Click Copy to copy the link and registration code, and save it for use in the next step.

  6. On your organization's MDM solution, prepare the configuration required for pushing the Cortex XDR agent app to the iOS endpoints, and for managing them. Optionally, include the parameters for the Network Shield module in the payload configuration profile.

  7. Send onboarding instructions to the device user. The user must open the app, and follow the on-screen instructions. Inactive security modules are presented to the user, and the app asks the user to activate them.

The Cortex XDR or Cortex XSIAM administrator prepares the installation package, and then sends a link with installation instructions to the endpoint iOS device user.

  1. On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.

  2. Create the agent installation package.

    1. Select EndpointsAgent Installations.

    2. Click Create to create a new installation package.

    3. Enter a unique Name and an optional Description to identify the installation package.

      The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.

    4. For Package Type, select Standalone Installers.

    5. For Platform, select iOS, and optionally, add a Description.

    6. Click Create to create the package.

    Cortex XDR or Cortex XSIAM prepares the installation package, and makes it available on the Agent Installations page.

  3. Prepare the information for the endpoint user.

    1. Prepare an email or text message for the endpoint user.

    2. From EndpointsAgent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.

    3. Click Copy to copy the link and registration code and paste it in the email message.

      For example:

      App Store download link: https://apps.apple.com/app/cortex-xdr/idXXXXXXXXXX

      Activation link:

      https://distributions.traps.palotaltonetworks.com/operations/provision/ios/?distributionId=f91dd2af13894a57b1dbda8528XXXXXX

      Registration code:

      f91dd2af13894a57b1dbda8528XXXXXX

  4. Copy the following instructions to the email message, and send the email to the endpoint user.

    Note

    These are generic instructions. Only the onboarding phases that are relevant to the device (and the defined security policy) are presented during the onboarding process.

    1. On your iOS device, open the download link for the Cortex XDR Agent app.

      Note

      This link accesses the Cortex XDR Agent app in the App Store.

    2. Install the app.

    3. Enter the Distribution ID if it has not been prefilled, and enter your username.

    4. Select Register Agent to continue.

    5. Follow the onboarding wizard instructions to confirm permissions and enable modules.

    6. For iPhones, configure the following:

      1. From Settings, select PhoneCall Blocking & Identification.

      2. Return to the Phone options, and select SMS/Call Reporting.

      3. Return to Settings, and select MessagesUnknown & Spam.

      4. For Message Filtering, enable Filter Unknown Senders.

      5. For SMS Filtering, select Cortex XDR, and then tap Enable.

    Note

    Manual startup of the Cortex XDR Agent app is required after every restart of the iOS device.