Deploy Cortex XDR Agent App for Android Using an MDM - Administrator Guide - 8.4 - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR App for Android Administrator Guide

Product
Cortex XDR
Cortex XDR Agent
Version
8.4
Creation date
2024-02-26
Last date published
2024-05-05
Category
Administrator Guide
Abstract

For ease of deployment, you can use a mobile device management (MDM) system such as Workspace ONE, to deploy Cortex XDR agent on your managed Android devices.

For ease of deployment, you can use a mobile device management (MDM) system such as Workspace ONE (formerly AirWatch), MobileIron, or Google Workspace (formerly Google Admin Console), to deploy Cortex XDR agent on your managed Android devices.

Before you start deploying Cortex XDR agent using an MDM:

  1. Review the mandatory and optional managed configuration parameters:

    Field

    Description

    Value type

    Example

    referrer

    (required)

    The Distribution ID. To obtain the Distribution ID, Create an Agent Installation Package from the Cortex XDR management console and copy the download link. This link contains the Distribution ID required to associate the app with your Cortex XDR tenant.Create an Agent Installation Package

    String

    123456789...

    firstName

    Dynamic field for the user's first name. Used for specific user identification in the Cortex XDR management console.

    String

    John

    lastName

    Dynamic field for the user's last name. Used for specific user identification in the Cortex XDR management console.

    String

    Doe

    email

    Dynamic field for the user’s email. Used for specific user identification in the Cortex XDR management console.

    String

    jd@gmail.com

    username

    An optional string that can be used to predefine a username in order to register Cortex XDR agent.

    String

    john-doe

    mdm_group_tag

    An optional string that you can add as a prefix to the device name that is displayed in the Cortex XDR management console. Used to group and easily identify all devices that were installed using this managed configuration.

    String

    JFK_School

    mdm_auto_registration

    Flag to enforce automatic registration that does not prompt the end user. Cortex XDR agent relies on the available information from the MDM and the device operating system for device and user identification information.

    When enabled, we recommend that you select either Force-install + Pin or Force install when you determine how the app is installed on the device, and if possible, allow all permissions before installation.

    Boolean

    true | false

  2. Choose a Personal or Group managed configuration setup.

    Using the managed configuration parameters, you can choose to set a Personal managed configuration for each end user, or a Group managed configuration for multiple devices at once:

    • Personal managed configuration—Use this option if you want to enter the user name and email of each user. To require each end user to fill in their own name, use only the referrer tag and do not use the names and email tags in the managed configuration file. For example:

      {
        "referrer"  : "26218751f5bb4671b92c8c428bfa4a6c",
        "firstName" : "John",
        "lastName"  : "Doe",
        "email"     : "jdoe@gmail.com"
        "username"  : "john-doe"
      }
    • Group managed configuration—Use this option if you want to deploy the app to multiple devices without requiring the end user to enter data. For example:

      {
        "referrer":"26218751f5bb4671b92c8c428bfa4a6c",
        "mdm_group_tag":"JFK_School",
        "mdm_auto_registration":true
      }

    Note

    When "mdm_auto_registration":true, if Cortex XDR agent starts for the first time and no user information is available, the app identifies the current account that is in use and provides the associated user information to Cortex XDR.

  3. (Optional) Prepare variables which can be used to edit parameters in managed configurations.

    • When a variable is used to fill in parameters, Cortex XDR agent will resolve it by getting the information from the Android device.

    • The supported variables are: $FIRSTNAME, $LASTNAME, and $EMAIL.

    • The supported variables can be used in all managed configuration parameters except for Referrer and MDM Auto Registration.

    • Note that if variables are used in the username parameter, and Cortex XDR agent is not able to resolve it locally, username will fall back to the default username generated by the system. For example, the following code is resolved as shown below:

      {
        "referrer"  : "26218751f5bb4671b92c8c428bfa4a6c",
        "firstName" : "$FIRSTNAME",
        "lastName"  : "$LASTNAME",
        "email"     : "$EMAIL",
        "username"  : "$LASTNAME-$EMAIL"
      }

      Sample resolved code:

      {
        "referrer"  : "26218751f5bb4671b92c8c428bfa4a6c",
        "firstName" : "John",
        "lastName"  : "Doe",
        "email"     : "jdoe@gmail.com",
        "username"  : "Doe-jdoe@gmail.com"
      }
  4. Proceed to Deploy Cortex XDR Agent App for Android from Workspace ONE, or Deploy Cortex XDR Agent App for Android on Chromebooks from Google Workspace.

Deploy Cortex XDR Agent App for Android from Workspace ONE

To deploy Cortex XDR agent for Android from Workspace ONE:

  1. In Workspace ONE, add Cortex XDR agent for Android to your app list.

  2. Assign Cortex XDR agent for Android to a deployment group.

  3. Edit the Application Configuration to provide value string pairs using the lookup value option or enter in the values.

    airwatch-config.png

    For the referrer, you can paste the entire download link associated with your installation package. Or you can extract the referrer from the link and paste only the Distribution ID.

  4. Add and then publish the configuration to your devices.

Deploy Cortex XDR Agent App for Android on Android Devices from Google Workspace

Before you deploy the app, ensure your devices meet the following requirements:

  • Verify that the device is controlled by Google Workspace (can be sometimes referred to as a managed or enterprise-enrolled device).

  • Verify that the device is running on Android 8 or later.

To deploy Cortex XDR agent for Android from Google Workspace:

  1. Add Cortex XDR agent for Android to Google Workspace App list.

    1. Log in to the Google Workspace as an administrator.

    2. Select AppsWeb and mobile appsAdd appsSearch for apps.

    3. Type "Cortex XDR Agent".

    4. Find the app, and click Select.

  2. Determine how you want Google Workspace to install the app on the endpoint.

    After you approve the app, you must specify how the app is installed. To prevent users from bypassing Cortex XDR agent by uninstalling the app, force all devices to install the app automatically when users log on.

    1. From Web and mobile apps, click the app.

    2. Select Settings.

    3. Select the intended organizational units.

    4. Under Access Method, select the options required by your organization:

      1. Force install: Enable force-installed Cortex XDR agent app. This option will automatically install the app on the users' devices.

      2. Available: Install this app manually from the Google Play Store. This option also allows users to uninstall the app from their devices.

  3. Apply a managed configuration to Cortex XDR agent for Android.

    1. Select Web and mobile appsManaged configurationsAdd Managed Configuration.

    2. Name the configuration.

    3. Configure the values for available fields. For the available options, see Step 2.

    4. From Web and mobile apps, click the app.

    5. Select Settings.

    6. Select the intended organizational units.

    7. Under Managed configuration, select the configuration required by your organization.

  4. Automatically grant runtime permissions.

    1. Select DevicesMobile & endpointsSettingsAndroidApps and data sharing.

    2. Select the intended organizational units.

    3. Set the default option for Runtime permissions to Allow automatically.

    4. Select Web and mobile appsRuntime permissions.

    5. For Contacts permissions, select Allow.

  5. Save your changes.

    Your managed configuration is ready, and will be deployed when the end user logs in to the managed device.

  6. Launch Cortex XDR agent for Android on the endpoint.

    Note

    For the app to start its normal operation after deployment, the end user must launch it once on the device.

Deploy Cortex XDR Agent App for Android on Chromebooks from Google Workspace

Before you deploy the app, ensure your devices meet the following requirements and refer to these known limitations:

  • Verify that the device is controlled by Google Workspace (can be sometimes referred to as a managed or enterprise-enrolled device).

  • Verify that the device is a Chromebook 2019 or later.

To deploy Cortex XDR agent for Android from Google Workspace:

  1. Add Cortex XDR agent for Android to Google Workspace App list.

    1. Log in to the Google Workspace as an administrator.

    2. Select DevicesChromeApps & extensions.

    3. Search for Cortex XDR agent for Android and add (+) it.

    4. Verify that you can see the app in your available applications for Users and browsers.

  2. Determine how you want Google Workspace to install the app on the endpoint.

    After you approve the app, you must specify how the app is installed. To prevent users from bypassing Cortex XDR agent by uninstalling the app, force all devices to install the app automatically when users log on.

    1. Select Cortex XDR agent from the App list (DevicesChromeApps & extensions.

    2. Select your organizational unit from the list on the left edge of the page.

    3. Select any of the following options:

      • (Recommended) Force install + pin—Enable and pin the force-installed Cortex XDR agent app to the taskbar. If you select this option, all the application permissions are automatically granted and users will not have the option to Sign Out of the app.

      • Force install—Use this option if you want to ensure that the app is automatically installed on each device when users log on. If you select this option, all the application permissions are automatically granted and users will not have the option to sign out of the app.

      • Allow install—Install this app manually from the Google Play Store. This option also allows users to uninstall the app from their devices.

      • Block—Block users from installing this app.

    4. Save your changes.

  3. Apply a managed configuration to Cortex XDR agent for Android.

    Click Upload from file on the right edge of the page to select and upload your managed configuration file, or enter the name of the key value in JSON format. For the available options, refer to Step 2.

  4. Save your changes.

    Your managed configuration is ready and will be deployed when the end user logs on to the managed device.

  5. Launch Cortex XDR agent for Android on the endpoint.

    Note

    For the app to start its normal operation after deployment, the end user must launch it once on the device.