# Cortex XDR Deployment > Deploy Cortex XDR silently to macOS Devices using Applivery MDM — configure Profiles, activation Scripts, and silent install. Source: https://docs.applivery.com/en/device-management/apple/macos/app-management/cortex-xdr-deployment/ • Last updated: 2026-06-09 **Key topics:** Cortex XDR deployment, macOS MDM, Applivery configuration, Endpoint security, Cortex XDR, macOS, Applivery, Palo Alto Networks, MDM --- **TL;DR:** Deploy Cortex XDR on macOS silently using Applivery MDM by uploading the package, configuring a policy with an activation script, and applying a custom .mobileconfig profile. [Cortex XDR by Palo Alto Networks](https://www.paloaltonetworks.es/cortex/cortex-xdr) is an advanced endpoint protection platform that integrates detection, prevention, and response capabilities. Installing Cortex XDR on macOS Devices via your MDM solution enables centralized deployment and ensures all endpoints are secured without requiring manual installation. ## Requirements Before deploying Cortex XDR on macOS Devices through Applivery, make sure you have the following: - **Cortex XDR client package** (`.pkg`). - **Distribution ID** and **Cloud ELB Address** (from your Cortex XDR dashboard). - **Activation Script** (for agent licensing). - **Full Disk Access policy** (via configuration profile). - **Custom Cortex XDR** `.mobileconfig` **profile**. - **1 Applivery license** for App Distribution. **Prepare Cortex XDR** To deploy Cortex XDR using Applivery, you will need to upload the compressed app package (`.zip`) to your App Distribution section and configure it with a pre-installation activation script. First, download the Cortex XDR `.pkg` installer from your **Cortex XDR Dashboard** and make sure to copy your **Distribution ID** and **Cloud ELB Address**, as you’ll need these later for the activation script. Once downloaded, compress the `.pkg` file by right-clicking on it and selecting **Compress**, which will generate a `.zip` file. Next, log in to the [**Applivery Dashboard**](https://dashboard.applivery.io) and navigate to the **App Distribution** section. From there, follow the steps outlined in our documentation: 1. [Create your first App](https://docs.applivery.com/en/app-distribution/getting-started/create-first-app/). 2. [Upload your first Build](https://docs.applivery.com/en/app-distribution/getting-started/upload-first-build/). ![app distribution](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/ae4cc3a4-bfa2-4904-9b6e-d6d42544f6b1.png) **Configure your Cortex XDR Policy** Next, head to the **Device Management** section and select any of your **Policies** 1 or [create a new one](https://docs.applivery.com/en/device-management/general-settings/create-device-policies/). From the left-hand menu, select the **Apps** 2 section and click the **\+ Add App** 3 button. ![add app](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/574db999-782f-45a1-b794-89631e0407e9.png) In the modal view, navigate to the **Applivery** tab. Set the platform to **macOS**, choose **Your Workspace** as the App origin, and search for the **Cortex XDR** App you previously created. For the Build selection, choose **Last** to ensure the latest version is always deployed. ![cortex xdr](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/ac813cb1-b3b1-4cc8-9942-50ab636d4929.png) Continue to the next step and select your preferred **install mode**—**Force Install**, **Required for setup**, or **Available**—depending on your deployment strategy. In the **Configuration** section, select **Pre-install** and paste your Activation Script, making sure to replace the placeholder values with your actual **Distribution ID** and **Cloud ELB Address**. ![cortex pre install](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/32e89e42-a7a8-45f0-8176-f81a975859fc.png) ``` #!/bin/bash # Get current session user currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }') #Cortex XDR Distribution ID and Cloud Address <---- MODIFY VARIABLES WITH YOURS distribution="DISTRIBUTION_ID" cloud="CLOUD_ADDRESS" # https:// format # Path where Config.xml will be saved folderPath="/Users/$currentUser/Library/Application Support/auditApps" filePath="$folderPath/Config.xml" # Ensure auditApps folder exists and adjust permissions sudo mkdir -p "$folderPath" sudo chown "$currentUser" "$folderPath" sudo chmod 700 "$folderPath" # Write content to Config.xml using cat sudo cat << EOF > "$filePath" $distribution $cloud EOF # Adjust file permissions sudo chown "$currentUser" "$filePath" sudo chmod 600 "$filePath" sudo installer -applyChoiceChangesXML "/Users/$currentUser/Library/Application Support/auditApps/Config.xml" -pkg "/Users/$currentUser/Library/Application Support/auditApps/Cortex XDR.pkg" -target / # Verify if the file was created successfully if [[ -f "$filePath" ]]; then echo "Config.xml created at $filePath" else echo "Error creating Config.xml" exit 1 fi ``` **Custom Cortex XDR .mobileconfig** To apply the custom configuration, navigate to the desired Policy and click + Add configuration from the menu on the left-hand side. Then, select the + Import button and paste the provided .xml content into the editor: ```xml PayloadContent PayloadDisplayName Cortex XDR Privacy Preferences Policy Control PayloadIdentifier com.apple.TCC.configuration-profile-policy.7388C706-49BA-4067-BADE-8D031B084B69 PayloadType com.apple.TCC.configuration-profile-policy PayloadUUID 7388C706-49BA-4067-BADE-8D031B084B69 PayloadVersion 1 Services Accessibility Allowed CodeRequirement identifier "com.paloaltonetworks.cortex.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77 Identifier com.paloaltonetworks.cortex.agent IdentifierType bundleID StaticCode SystemPolicyAllFiles Allowed CodeRequirement identifier "com.paloaltonetworks.traps.securityextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77 Identifier com.paloaltonetworks.traps.securityextension IdentifierType bundleID StaticCode Allowed CodeRequirement identifier pmd and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77 Identifier /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd IdentifierType path StaticCode AllowUserOverrides AllowedSystemExtensions PXPZ95SK77 com.paloaltonetworks.traps.securityextension com.paloaltonetworks.traps.networkextension PayloadDisplayName Cortex XDR System Extensions PayloadIdentifier com.apple.system-extension-policy.93526FBD-2421-4402-9CAF-210780E2D0FF PayloadType com.apple.system-extension-policy PayloadUUID 93526FBD-2421-4402-9CAF-210780E2D0FF PayloadVersion 1 FilterDataProviderBundleIdentifier com.paloaltonetworks.traps.networkextension FilterDataProviderDesignatedRequirement identifier "com.paloaltonetworks.traps.networkextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77 FilterGrade firewall FilterPacketProviderBundleIdentifier com.paloaltonetworks.traps.networkextension FilterPacketProviderDesignatedRequirement identifier "com.paloaltonetworks.traps.networkextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77 FilterPackets FilterSockets FilterType Plugin PayloadDescription Content Filter for the Cortex XDR agent network extension PayloadDisplayName Cortex XDR Network Content Filter PayloadIdentifier com.apple.webcontent-filter.CA9C208A-EC6D-4565-864D-02B30DE9D56A PayloadType com.apple.webcontent-filter PayloadUUID CA9C208A-EC6D-4565-864D-02B30DE9D56A PayloadVersion 1 PluginBundleID com.paloaltonetworks.cortex.app UserDefinedName Cortex XDR Network Filter NotificationSettings AlertType 1 BadgesEnabled BundleIdentifier com.paloaltonetworks.traps-agent CriticalAlertEnabled GroupingType 0 NotificationsEnabled PreviewType 0 ShowInCarPlay ShowInLockScreen ShowInNotificationCenter SoundsEnabled AlertType 1 BadgesEnabled BundleIdentifier com.paloaltonetworks.cortex.agent CriticalAlertEnabled GroupingType 0 NotificationsEnabled PreviewType 0 ShowInCarPlay ShowInLockScreen ShowInNotificationCenter SoundsEnabled PayloadDisplayName Cortex XDR Notifications PayloadIdentifier com.apple.notificationsettings.FE495ADF-1E68-4486-9BB6-0E75D6C3177E PayloadType com.apple.notificationsettings PayloadUUID FE495ADF-1E68-4486-9BB6-0E75D6C3177E PayloadVersion 1 PayloadDisplayName Cortex XDR Managed Login Items PayloadIdentifier com.apple.servicemanagement.1645DB60-CBC6-4AE2-A679-BC52DD4C85CE PayloadType com.apple.servicemanagement PayloadUUID 1645DB60-CBC6-4AE2-A679-BC52DD4C85CE PayloadVersion 1 Rules Comment Allows Cortex XDR launch daemons and launch agents RuleType LabelPrefix RuleValue com.paloaltonetworks.cortex TeamIdentifier PXPZ95SK77 PayloadDescription Cortex XDR Config: PPPC + SE + Content Filter + Notifications + BTM PayloadDisplayName Cortex XDR Agent Unified Config Profile v5 PayloadIdentifier com.paloaltonetworks.cortex.AA16E926-D153-4B2E-B4CC-342BB PayloadOrganization Palo Alto Networks PayloadRemovalDisallowed PayloadScope System PayloadType Configuration PayloadUUID AA16E926-D153-4B2E-B4CC-342BB PayloadVersion 1 TargetDeviceType 5 ``` Once done, make sure to **Save changes** to apply the configuration.