Learn about the Administrator’s tasks required to prepare for installation of the Cortex XDR Agent app for iOS.
Prepare your organization's systems for deploying the Cortex XDR agent app on iOS devices.
Perform the configurations that are required for supervised devices.
On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.
Note
By default, though the Messaging & Telephony module is optional, it is set as required by the default iOS Malware policy. This module requires manual user steps to enable it, so if you want a fully Zero-Touch user experience, you must disable it in the policy (set the action as Disabled in the Call and Messages Blocking section of the Malware profile). This cannot be set remotely using an MDM, so it should be disabled if using the Network Shield feature for zero touch onboarding.
On the Cortex XDR or XSIAM tenant, create the agent installation package.
Select Endpoints → Agent Installations.
Click Create to create a new installation package.
Enter a unique Name and an optional Description to identify the installation package.
The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.
For Package Type, select Standalone Installers.
For Platform, select iOS, and optionally, add a Description.
Click Create to create the package.
From Endpoints → Agent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.
Click Copy to copy the link and registration code, and save it for use in the next step.
On your organization's MDM solution, prepare the configuration required for pushing the Cortex XDR agent app to the iOS endpoints, and for managing them. Include the parameters for the Network Shield module in the payload configuration profile.Configure Network Filtering on Supervised Devices (Administrator Task)
Use the MDM to push the Cortex XDR app to the device.
The device runs the Cortex XDR app in the background. If, and when, the device user opens the app, inactive security modules are presented to the user, and the app asks the user to activate them.
When organization-managed devices have an active Network Shield module configured for automatic background registration, the onboarding process is skipped entirely when the device user opens the app for the first time.
Note
When organization-managed devices have an active Network Shield module configured for automatic background registration, no onboarding process is presented when the device user opens the app for the first time.
For supervised devices, perform the required configurations.
On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.
On the Cortex XDR or XSIAM tenant, create the agent installation package.
Select Endpoints → Agent Installations.
Click Create to create a new installation package.
Enter a unique Name and an optional Description to identify the installation package.
The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.
For Package Type, select Standalone Installers.
For Platform, select iOS, and optionally, add a Description.
Click Create to create the package.
From Endpoints → Agent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.
Click Copy to copy the link and registration code, and save it for use in the next step.
On your organization's MDM solution, prepare the configuration required for pushing the Cortex XDR agent app to the iOS endpoints, and for managing them. Optionally, include the parameters for the Network Shield module in the payload configuration profile.Configure Network Filtering on Supervised Devices (Administrator Task)
Send onboarding instructions to the device user. The user must open the app, and follow the on-screen instructions. Inactive security modules are presented to the user, and the app asks the user to activate them.
The Cortex XDR or Cortex XSIAM administrator prepares the installation package, and then sends a link with installation instructions to the endpoint iOS device user.
On the Cortex XDR or XSIAM tenant, prepare malware and agent settings profiles and policies for iOS endpoints.
Create the agent installation package.
Select Endpoints → Agent Installations.
Click Create to create a new installation package.
Enter a unique Name and an optional Description to identify the installation package.
The package Name must be no more than 100 characters and can contain letters, numbers, hyphens, underscores, commas, and spaces.
For Package Type, select Standalone Installers.
For Platform, select iOS, and optionally, add a Description.
Click Create to create the package.
Cortex XDR or Cortex XSIAM prepares the installation package, and makes it available on the Agent Installations page.
Prepare the information for the endpoint user.
Prepare an email or text message for the endpoint user.
From Endpoints → Agent Installations, when the status of the package shows Completed, right-click, and click View Installation Links.
Click Copy to copy the link and registration code and paste it in the email message.
For example:
App Store download link:
https://apps.apple.com/app/cortex-xdr/idXXXXXXXXXX
Activation link:
https://distributions.traps.palotaltonetworks.com/operations/provision/ios/?distributionId=f91dd2af13894a57b1dbda8528XXXXXX
Registration code:
f91dd2af13894a57b1dbda8528XXXXXX
Copy the following instructions to the email message, and send the email to the endpoint user.
Note
These are generic instructions. Only the onboarding phases that are relevant to the device (and the defined security policy) are presented during the onboarding process.
On your iOS device, open the download link for the Cortex XDR Agent app.
Note
This link accesses the Cortex XDR Agent app in the App Store.
Install the app.
Enter the Distribution ID if it has not been prefilled, and enter your username.
Select Register Agent to continue.
Follow the onboarding wizard instructions to confirm permissions and enable modules.
For iPhones, configure the following:
From Settings, select Phone → Call Blocking & Identification.
Return to the Phone options, and select SMS/Call Reporting.
Return to Settings, and select Messages → Unknown & Spam.
For Message Filtering, enable Filter Unknown Senders.
For SMS Filtering, select Cortex XDR, and then tap Enable.
Note
Manual startup of the Cortex XDR Agent app is required after every restart of the iOS device.