cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deploying XDR Agent for Mac with InTune

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
m455954
L0 Member
‎12-03-2020 02:05 PM
‎12-03-2020 02:05 PM

Deploying XDR Agent for Mac with InTune

Hi all,

 

We're trying to bring our few Macs into the systems management fold, and being a Microsoft shop we want to use InTune to manage them.

 

Most Mac packages install files and then are configured in a separate set of commands after install. The XDR Mac client needs the config.xml file in place beside the Cortex XDR.pkg file when installing. I've tried creating a package (using the 'Packages' app) with the xml and pkg files in it and then running a postinstall script as part of that package to kick off the Cortext install using 'installer' as a bash command - but although the files get deployed the Coretex client never gets installed.

 

Am I going about this the wrong way? Is there a way of modifying the Coretex XDR.pkg file to embed the Config.xml bits inside it so I can just deploy that package directly?

 

Has anyone successfully deployed this client using InTune?

 

Any help would be gratefully received.

 

Mark.

0 Likes
Reply

Accepted Solutions
gjenkins
L3 Networker
‎12-04-2020 10:18 AM
‎12-04-2020 10:18 AM

Hi Mark,

 

That is completely understandable! I am glad to hear that you were able to install the Cortex XDR Agent without InTune successfully. Let's hope that someone comments soon with a solution from their experiences.

--gjenkins

View solution in original post

0 Likes
Reply

All Replies
gjenkins
L3 Networker
‎12-03-2020 02:49 PM
‎12-03-2020 02:49 PM

Hi Mark,

I would start by confirming that the Mac endpoint meets the Mac requirements. Also, confirm that the MacOS version is compatible with the version of Cortex XDR Agent installed by viewing this Compatibility Matrix

Assuming that your device meets the requirements, the installation logs would be needed to determine why the installation is failing. Depending on your version of MacOS, that location could vary as listed below and documented here: Troubleshooting Resources for the Cortex XDR Agent for Mac

 

  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/
  • macOS 10.12 and later releases—View logs from the Console application in /Library/Logs/PaloAltoNetworks/Cortex XDR/.

My recommendation would be to confirm that you are indeed meeting the requirements, as stated previously. And due to the sensitive nature of the logs on your system, the next step would be to open a case with Support at the Customer Support Portal so that they could further analyze the logs.

--gjenkins
0 Likes
Reply
m455954
L0 Member
‎12-03-2020 04:40 PM
‎12-03-2020 04:40 PM

Thanks for the reply, but I don't have a problem with the client not installing correctly if I run it manually, it's more about how I can deploy it.

 

The deployment within InTune allows me to deploy a single .pkg file, and if I deploy the standard Cortex XDR.pkg file in that way it installs fine, but can't connect as it has no config. I can't deploy the Config.xml file alongside the .pkg file when done like that.

 

So I tried to package up the Cortex XDR.pkg and the corresponding Config.xml into  another package using the Packager app, and have a postinstall.sh file which runs the installer command line to kick off the installation of the Cortex XDR.pkg file now that it will have the Config.xml file with it - but that's not working at present - and I'm not sure why.

 

What I was aksing was if there's a way to embed the config info into the pkg file directly rather than needing to have the Config.xml file, as then I could use the single .pkg file and it should just work.

 

The documentation for deploying the Mac client shows either the manual installation, of for the Jamf deployment shows how to set up the extension policy, but nothing else - so I'm a bit in the dark about if I'm even trying to do this right. I've learnt more than I ever wanted to know about Mac packaging in the last week and am really none the wiser

 

Hoping someone else on here has already been through this pain and has a simple method to get it working.

 

Cheers,

 

Mark.

 

0 Likes
Reply
gjenkins
L3 Networker
‎12-04-2020 10:18 AM
‎12-04-2020 10:18 AM

Hi Mark,

 

That is completely understandable! I am glad to hear that you were able to install the Cortex XDR Agent without InTune successfully. Let's hope that someone comments soon with a solution from their experiences.

--gjenkins

View solution in original post

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks