Skip to main content
All CollectionsSentinelOne & GuardzManaged SentinelOne (Ultimate Plan)Deploying the SentinelOne Agent
Installing SentinelOne Windows Agents with Intune
Installing SentinelOne Windows Agents with Intune
Updated this week

Objective:

Microsoft Intune is a Mobile Device Management (MDM) tool to build packages, manage inventory and images, and run remote updates. You can use Intune, or other MDM tools, to install the SentinelOne Windows Agent. This article will show you how to install the Agent with an Intune Win32 App Package.

Important

This is an example of deployment with Intune. This method was not tested with all Agent versions and each organization has its own requirements and considerations for bulk Agent deployment.

To install the Windows Agent with Intune:

  1. Get the Site or Group Token

  2. Create an Intune Win32 package

  3. Upload and deploy the Intune Win32 Package

Create an Intune Win32 package

Objective: Create an Intune Win32-compatible installation package to install the Agent.

  1. In the Sentinels toolbar, click Packages.

  2. Download the latest Windows Agent package to install.

  3. Create a new batch file named install.cmd with this command:

    1. MSI installer

      msiexec /i "<AgentPackage>" SITE_TOKEN="<sitetoken>" /q

      Parameters:

      • AgentPackage is the full package name.

        Example:

        msiexec /i "SentinelInstaller_windows_64bit_v21_7_5_1080.msi"

      • SITE_TOKEN=״<sitetoken>״ is the site token.

      • /q Silent installation (no UI, no user interaction, no reboot).

      • /NORESTART Optional. Prevent automatic reboot.

        Example:

        msiexec /i "<AgentPackage>" SITE_TOKEN="<sitetoken>" /q /NORESTART

    2. SentinelOneInstaller

      SentinelOneInstaller.exe -t sitetoken -q

      Parameters:

      • SentinelOneInstaller.exe is the full package name.

        Example:

        SentinelOneInstaller_windows_64bit_v22_2_1_200.exe

      • -t site_Token or -t group_Token is the site token or group token.

      • -b, --reboot_on_need

        Optional

        Automatically reboot the endpoint when required to continue with the installation.

      • /q Silent installation (no UI, no user interaction, no reboot).

      • For more information on , see SentinelOneInstaller Arguments.

  4. Create a new folder with the latest package and the install.cmd file.

  5. Open the IntuneWinAppUtill.exe application. (Requires admin permissions)

  6. Enter the file path to the folder created in step 4, and click Enter.

    Please specify the source folder: E:\Intune\EA

  7. Enter the path to the install.cmd file created in step 3, and click enter.

    Please specify the setup file: E:\Intune\EA\Install.cmd

  8. Enter the path to the output folder, and click enter.

    Please specify the output folder: E:\Intune\Done\S1_agent\EA

  9. When prompted Do you want to specify catalog folder (Y/N)?, enter N and click enter.

    Do you want to specify catalog folder (Y/N)?n

  10. Open the output folder and make sure the install.intunewin file is created.

Uploading the Intune Win32 Package

Objective: Upload and deploy the Intune Win32 Package

  1. Open a Web browser, and log in to https://endpoint.microsoft.com/.

  2. In Apps, click Windows.

  3. Click + Add to add the Intune Win32 package.

  4. In the Select app type window, select Windows app (Win32).

  5. In App information tab, click Select app package file.

  6. In App package file, select the install.intunewin file created, and click Open.

  7. Click OK.

  8. In App information tab, update the application details. Click Next.

    • Name: SentinelOne Agent

    • Description:SentinelOne Agent version AgentVersion

    • Publisher: SentinelOne

    • Optional - App Version: AgentVersion

  9. In the Program tab, enter the install and uninstall command, and set the install behavior. Click Next.

    • Install Command: install.cmd

    • Uninstall Command: install.cmd

      Note: As the Agent cannot be uninstalled without the passphrase or approval from the Management Console, the uninstall command must be the same as the install command.

    • Install behavior: System

  10. In the Requirements tab, select the Operating system architecture and Minimum operating system. Click Next

    • Operating system architecture: Select the system architecture 32 bit or 64 bit.

    • Minimum operating system: Select the minimum operating system version that can install the Agent.

  11. In the Detection rules tab, select the Rules format, and click Manually configure detection rules.

  12. Click + Add to create an new detection rule.

  13. In the Detection Rule sidebar, create a new detection rule. Click OK.

    • Rule Type: File

    • Path: C:\Program Files\

    • File or folder: SentinelOne

    • Detection method: File or folder exists

    • Associated with a 32 bit a or 64 bit clients: No

  14. Click Next.

  15. In Assignments, add the required Active Directory groups to receive the Agent and click Select.

  16. In Review + create, click Create.

    The Agent is installed the next time the selected endpoints connect with Intune.

These KB articles might be helpful:

Related Articles
Guardz Device Agent Installation Instructions: Intune Deployment
SentinelOne Installation - macOS
SentinelOne Installation - Windows
SentinelOne Installation - Linux
Installing SentinelOne Windows Agents on VM or VDI
Did this answer your question?