After upgrading to Symantec Endpoint Detection and Response (SEDR) 4.6, you are unable to get Mac endpoint to enroll.

EDR 4.6

SEPM 14.3 RU2

The SEDR was upgraded to prior to the SEPM being upgraded.

A connect token is generated immediately after you install or upgrade to Symantec EDR 4.6, and that token is pushed to SEPM 14.3 RU1 as part of the private cloud policy.  But SEPM 14.3 RU1 doesn't support the connect token.  So the token is dropped.  After you upgrade to SEPM 14.3 RU2, the Mac agent won't have the connect token needed to enroll with Symantec EDR.

If you install or upgrade to Symantec EDR 4.6 before you upgrade to SEPM 14.3 RU2 or make changes to SEPM Controller group inclusions, you must run the following command-line command to ensure that connection token is pushed to the SEPM private cloud settings and Mac endpoints can enroll with Symantec EDR.

generate_new_connect_token