EDR Onboarding for Mac
EDR onboarding is supported for Mac-based assets, expanding protection to macOS devices. You can onboard Intel-based and Apple Silicon (ARM) Macs through the standard onboarding workflow and deploy the EDR agent directly.
Once onboarded, EDR events, detections, and telemetry from Mac assets are fully integrated and visible in the EDR UI.
Mac Prerequisites for EDR
Ensure you meet the following requirements while onboarding Mac Cloud Agent for EDR 3.7.0 or for EDR.
Supported Operating Systems
The following table lists the supported operating systems for architecture ARM and Intel:
OS Distribution | Code Name | Qualys EPP |
15.x | Sequoia | ![]() |
14.x | Sonoma | ![]() |
Mac Hardware Requirements
The following table lists the supported hardware requirements for architecture ARM and Intel:
Mac Cloud Agent Version | CPU | Memory | Disk Space |
6.1.0. (ARM) | 8 Core Processor | 8 GB of RAM | 1024 MB |
6.0.0 (Intel) | 8 Core Processor | 8 GB of RAM | 1024 MB |
Mac Software Requirements
The following are the software requirements for architecture ARM and Intel:
- Root Access- Mac Agent requires sudo or root access.
- The system should be SIP [System Integrity Protection] enabled.
You can check the SIP status using the Terminal command: csrutil status
131808MBP15:~ root# csrutil status
System Integrity Protection status: enabled
Installation Prerequisites
Ensure the following are enabled in the EDR Configuration Profile of the Cloud Agent application:
- Enable Endpoint Detection and Response (EDR) for this profile
- Enable Qualys Anti-malware Protection (EPP) for this profile