# CrowdStrike Falcon Deployment > Deploy and configure CrowdStrike Falcon sensor on macOS Devices using Applivery for enhanced endpoint protection and security management. Source: https://docs.applivery.com/en/device-management/apple/macos/app-management/crowdstrike-falcon-deployment/ • Last updated: 2026-06-19 **Key topics:** CrowdStrike Falcon deployment, macOS configuration, Applivery MDM, Endpoint security, Full Disk Access policy, CrowdStrike Falcon, Applivery, macOS, CID, Grouping Tag --- **TL;DR:** Deploy and configure CrowdStrike Falcon on macOS using Applivery by uploading the package, configuring policies, and setting up full disk access for enhanced endpoint security. **CrowdStrike Falcon** is a powerful, cloud-native security platform designed to deliver industry-leading antivirus and endpoint protection for macOS and Windows Devices. Leveraging cutting-edge technologies such as **artificial intelligence (AI)** and **machine learning (ML)**, Falcon proactively detects, prevents, and responds to threats before they can impact your systems. Whether you’re managing a fleet of endpoints or securing a hybrid work environment, CrowdStrike Falcon offers real-time protection, minimal system impact, and robust integration capabilities. ## Requirements To successfully deploy CrowdStrike Falcon on macOS through Applivery, make sure you have the following: - **CrowdStrike Falcon client package** (`.pkg`). - **Customer Identification (CID)** and **Grouping Tag** provided by CrowdStrike. - **Activation Script** (for agent licensing). - **Full Disk Access policy** (via configuration profile). - **Custom** `.mobileconfig` **profile**. - **Web Content Filter Configuration** to ensure full protection coverage. - **1 Applivery license** for App Distribution. **Prepare your CrowdStrike Falcon** To deploy CrowdStrike Falcon using Applivery, you will need to upload the compressed App package (`.zip`) to your App Distribution section and configure it with a post-installation activation script. First, download the CrowdStrike Falcon `.pkg` installer from your **CrowdStrike Dashboard** and make sure to copy your **CID** and **Grouping Tag**, as you’ll need these later for the activation script. Once downloaded, compress the `.pkg` file by right-clicking on it and selecting **Compress**, which will generate a `.zip` file. Next, log in to the [**Applivery Dashboard**](https://dashboard.applivery.io) and navigate to the **App Distribution** section. From there, follow the steps outlined in our documentation: 1. [Create your first App](https://docs.applivery.com/en/app-distribution/getting-started/create-first-app/). 2. [Upload your first Build](https://docs.applivery.com/en/app-distribution/getting-started/upload-first-build/). ![app distribution](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/ae4cc3a4-bfa2-4904-9b6e-d6d42544f6b1.png) **Configure your CrowdStrike Falcon policy** Next, head to the **Device Management** section and select any of your **Policies** 1 or [create a new one](https://docs.applivery.com/en/device-management/general-settings/create-device-policies/). From the left-hand menu, select the **Apps** 2 section and click the **\+ Add App** 3 button. ![add app](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/574db999-782f-45a1-b794-89631e0407e9.png) In the modal view, navigate to the **Applivery** tab. Set the platform to **macOS**, choose **Your Workspace** as the App origin, and search for the **Falcon Sensor** App you previously created. For the Build selection, choose **Last** to ensure the latest version is always deployed. ![falcon sensor](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/d09c789d-ce9c-453f-a9de-d50effd7dbcc.png) Continue to the next step and select your preferred **install mode**—**Force Install**, **Required for setup**, or **Available**—depending on your deployment strategy. In the **Configuration** section, select **Post-install** 9 and paste your Activation Script, making sure to replace the placeholder values with your actual **CID** and **Grouping Tag**. ![falcon sensor post install](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/1e55f53d-4292-4393-aedd-01bfb445a602.png) ``` #!/bin/bash # Configure CID and Grouping Tag <----- MODIFY WITH YOUR VARIABLES CID="CID" GROUPING_TAG="TAG" #OPTIONAL # Apply CID license sudo /Applications/Falcon.app/Contents/Resources/falconctl license "$CID" # Set Grouping Tag. Comment it if you will not use tags. sudo /Applications/Falcon.app/Contents/Resources/falconctl grouping-tags set "$GROUPING_TAG" # Restart the service to apply changes sudo /Applications/Falcon.app/Contents/Resources/falconctl unload sudo /Applications/Falcon.app/Contents/Resources/falconctl load echo "Configuration successfully updated." ``` **Full Disk Access Policy** To ensure the proper functioning of the App after installation, we must grant it **Full Disk Access** permissions. Within the Policy, select **+Add Configuration** from the left-hand menu, then choose **Privacy Preferences Policy Control**. ![privacy preferences](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/3d322909-6c49-44dc-a842-e313d8c6f036.png) Next, we’ll add **two entries related to System Policy All Files**. For each element added to this configuration, set the access to **Allowed**. The first configuration should include the following params: - **Code requirement**: `identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = X9E956P446` - **Identifier**: `com.crowdstrike.falcon.Agent`. - **Identifier Type**: Bundle ID. - **Static Code**: Disabled. For the second configuration: - **Code requirement**: `identifier "com.crowdstrike.falcon.App" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = X9E956P446` - **Identifier**: `com.crowdstrike.falcon.App`. - **Identifier Type**: Bundle ID. - **Static Code**: Disabled. **Custom CrowdStrike Falcon .mobileconfig** To apply the custom configuration, navigate to the desired Policy and click **\+ Add configuration** from the menu on the left-hand side. Then, select the **\+ Import** button and paste the provided `.xml` content into the editor: ```xml PayloadDescription Network Content Filter, System Extensions, and Privacy Preferences PayloadDisplayName Crowdstrike Settings PayloadEnabled PayloadIdentifier com.applivery.crowdstrike PayloadOrganization Applivery, Inc. PayloadRemovalDisallowed PayloadScope System PayloadType Configuration PayloadUUID bbc888dc-6f2c-479d-9f3a-ce0593e6420e PayloadVersion 1 PayloadContent FilterBrowsers FilterDataProviderBundleIdentifier com.crowdstrike.falcon.Agent FilterDataProviderDesignatedRequirement identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "X9E956P446" FilterGrade inspector FilterPacketProviderBundleIdentifier com.crowdstrike.falcon.Agent FilterPacketProviderDesignatedRequirement identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "X9E956P446" FilterPackets FilterSockets FilterType Plugin Organization CrowdStrike Inc. PayloadDisplayName Web Content Filter PayloadIdentifier io.applivery.crowdstrike.2C5CBFD0-7CFE-41CB-95BC-A681F4D293B8 PayloadType com.apple.webcontent-filter PayloadUUID 2C5CBFD0-8CFE-41CB-95BC-A681F4D293B8 PayloadVersion 1 PluginBundleID com.crowdstrike.falcon.App UserDefinedName Falcon AllowUserOverrides AllowedSystemExtensionTypes X9E956P446 EndpointSecurityExtension NetworkExtension AllowedSystemExtensions X9E956P446 com.crowdstrike.falcon.Agent NonRemovableFromUISystemExtensions X9E956P446 com.crowdstrike.falcon.Agent PayloadDescription Configures System Extensions Policy settings PayloadDisplayName System Extensions PayloadIdentifier 20258B06-5889-4424-8893-A3AF1AFAAEDC PayloadOrganization CrowdStrike Inc. PayloadType com.apple.system-extension-policy PayloadUUID 20258B06-5889-4424-8893-A3AF1AFAAEDC PayloadVersion 1 NotificationSettings BundleIdentifier com.crowdstrike.falcon.UserAgent NotificationsEnabled PayloadDisplayName Notifications PayloadIdentifier 61090B22-3DCD-435E-ABB2-BE997B3CB78D PayloadType com.apple.notificationsettings PayloadUUID 61090B22-3DCD-435E-ABB2-BE997B3CB78D PayloadVersion 1 PayloadDescription Configures Privacy Preferences Policy Control settings PayloadDisplayName Privacy Preferences PayloadIdentifier 9A10BE5D-5E57-4C22-89C9-20597A04B616 PayloadOrganization CrowdStrike Inc. PayloadType com.apple.TCC.configuration-profile-policy PayloadUUID 9A10BE5D-5E57-4C22-89C9-20597A04B616 PayloadVersion 1 Services SystemPolicyAllFiles Allowed CodeRequirement identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "X9E956P446" Comment Identifier com.crowdstrike.falcon.Agent IdentifierType bundleID StaticCode Allowed CodeRequirement identifier "com.crowdstrike.falcon.App" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446 Comment Identifier com.crowdstrike.falcon.App IdentifierType bundleID StaticCode PayloadDescription PayloadDisplayName Crowdstrike Falcon Content Filter PayloadEnabled PayloadRemovalDisallowed PayloadScope System PayloadType Configuration PayloadVersion 1 ``` Once done, make sure to **Save changes** to apply the configuration.