Skip to content

MacOS - Installation with MDM Tools

SentinelOne officially tests the installation and management of the macOS Agent only with Jamf and Workspace ONE. If you use a different MDM solution, make sure that the MDM solution supports these features:

  • Deployment of macOS .pkg.
  • Deployment of macOS system configuration profiles.
  • Deployment of admin-configured tool/script.

Agent Installation#

You will likely need to push a script to deploy the MacOS SentinelOne agent, since a site token is required. Please refer to your MDM documentation, or contact the vendor support for guidance on the best way to install the agent. Below is a sample script.

bash
#!/bin/bash
SITE_TOKEN="YOUR_TOKEN_HERE"
DOWNLOADURL=YOUR_URL_HERE
# No changes are needed below this line
NAME="/tmp/sentinelone_install"
FILENAME="SentinelAgent_macos.pkg"
mkdir "/tmp/sentinelone_install"
curl -s -L -o "$NAME/$FILENAME" "$DOWNLOADURL"
echo "$SITE_TOKEN" > "$NAME/com.sentinelone.registration-token"
/usr/sbin/installer -pkg "$NAME/$FILENAME" -target / && if [ "$?" -eq 0 ]; then
echo "Install Complete Successfully!"; fi
rm -rf "$NAME"

Full Disk Access Policy#

Grant Full Disk Access to these SentinelOne components:

  • com.sentinelone.sentineld

    • Identifier: com.sentinelone.sentineld

    • Identifier Type: Bundle ID

    • Code Requirements:

      text
      anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")
  • com.sentinelone.sentineld-helper

    • Identifier: com.sentinelone.sentineld-helper

    • Identifier Type: Bundle ID

    • Code Requirements:

      text
      anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")
  • com.sentinelone.sentineld-shell.

    • Identifier: com.sentinelone.sentineld-shell

    • Identifier Type: Bundle ID

    • Code Requirements:

      text
      anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] or certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "4AYE5J54KN")

SentinelOne provides a Privacy Control mobileconfig profile that can be used with some MDMs.

Network Monitoring Extension Policy#

The SentinelOne Agent Network Extension is used for Deep Visibility™ IP networks events, Firewall Control, and Network Quarantine capabilities.

Grant access to this policy for Firewall Control and Network Quarantine capabilities and for Deep Visibility™ network event features:

  • Display Name: SentinelOne Network Monitoring Extension
  • System Extension Types: Allowed System Extensions
  • Team Identifier:4AYE5J54KN
  • Allowed System Extensions: com.sentinelone.network-monitoring

SentinelOne provides a Network Monitoring Extension mobileconfig file that can be used with some MDMs.

Network Filter Validation Policy#

Use the Network Filter Validation policy to pre-authorize the usage of the SentinelOne Network Filter by the Network Monitoring Extension.

Grant access to this policy for Firewall Control and Deep Visibility™ network events features:

  • Filter Type: Plugin

  • Plugin bundle identifier: com.sentinelone.extensions-wrapper

  • Filter data provider bundle identifier: com.sentinelone.network-monitoring

  • Filter data provider designated requirement:

    text
    anchor apple generic and identifier "com.sentinelone.network-monitoring" and (certificate leaf[field.1.2.840.113635.100.6.1.9] or certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "4AYE5J54KN")

  • Filter sockets: true

SentinelOne provides a Network Filter Validation mobileconfig file that can use used with some MDMs.

Notification Settings#

Use these parameters to configure the Notification settings and to allow the Agent to show system native notifications:

Payload Type: com.apple.notificationsettings

Bundle Identifier: com.sentinelone.SentinelAgent

Please note that the Notification Settings are not required for the SentinelOne agent to operate.