Cortex XDR iOS Agent

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR iOS Agent

L1 Bithead

Does anyone have any information on creating an App Configuration Policy in Intune to push the Distribution ID and Username to the iOS XDR Agent on an iPhone/iPad?

1 accepted solution

Accepted Solutions

L1 Bithead

After starting a support case, the site provided the following: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.0/Cortex-XDR-Agent-iOS-App/Get-Started

 

This resolved my issue.

View solution in original post

8 REPLIES 8

L1 Bithead

After starting a support case, the site provided the following: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.0/Cortex-XDR-Agent-iOS-App/Get-Started

 

This resolved my issue.

L4 Transporter

Hi @Chris_BrownWPG,

 

I'm glad support was able to get you on the right track!

 

LIVEcommunity will be here if you have any other questions.

L1 Bithead

@Chris_BrownWPG How did you go about deploying the XDR for iOS agent via Intune?  According to MS, the best we could come up with was deploying two web clips which are basically URL links, one to the hidden app store install and the other with the distribution ID.  This isn't optimal because it requires the end user to tap each link and manually complete the process.  Were you able to find a better way?

We had to deploy the Cortex XDR App using Apple Business Manager. Because we have a VPP token connected from ABM to Intune, once this was added to ABM, the App synced with Intune and from there I was able to create an App Configuration Policy in Intune with the following XML file:
<dict>
<key>distributionId</key>
<string>***Place your distributionID here***</string>
<key>mdmVendor</key>
<string>Intune</string>
<key>udid</key>
<string>{{UDID}}</string>
<key>serialNumber</key>
<string>{{SERIALNUMBER}}</string>
<key>username</key>
<string>{{partialupn}}</string>
<key>fullName</key>
<string>{{FULLNAME}}</string>
</dict>

L1 Bithead

Thanks @Chris_BrownWPG How did you go about getting it added to ABM?  We have the VPP connected to Intune but we couldn't figure out how to get it in ABM since it's listed as a private app.

In ABM under Apps and Books on the Search bar, we used the URL from the app download link from the Cortex Console -> Agent Installations page. When the URL is pated into the search, it should show the Cortex XDR App.

L1 Bithead

@Chris_BrownWPG Thank you. This is very helpful.  I noticed that this app needs to be kept running in the background to ensure it can communicate with the XDR cloud.  Did you find a way to ensure it's always running on iOS with Intune?

No, we have not been able to enforce that the users keep it running with Intune. We did ask that they do so, and explained the benefits, namely the SMS and Spam Call blocking, most users were receptive to that.  I haven't looked into it any further, if I find a solution, I'll be sure to post it.

  • 1 accepted solution
  • 2185 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!