Skip to main content

Deploying SentinelOne via Guardz: Best Practices & Installation Guide

Updated over a week ago

Deploying SentinelOne via Guardz: Best Practices & Installation Guide

Introduction

Deploying SentinelOne through Guardz is slightly different from deploying it directly from the SentinelOne Console. Guardz simplifies the process by providing:

  • Pre-configured installation packages for different OS types

  • Deployment scripts for mass rollout via MDM/RMM tools

  • Guidance on installation & troubleshooting per OS

Before deploying, it's important to choose the right package and install method based on your environment.


Phase 1: Enabling the Feature

Step 1: Activate SentinelOne Security Control

  • Log into Guardz

  • Navigate to Security Controls (left sidebar) > Endpoint Security

  • If required, click "Get Started" to enable the SentinelOne Security Control

Step 2: Select & Enable SentinelOne Managed Deployment

  • Under SentinelOne, click "Select" for the Managed SentinelOne option.

  • Click "Continue" to provision the SentinelOne account.

  • Once the SentinelOne account is provisioned, click "Deploy".

Please note:

  • A customer cannot use both Managed-S1 and BYO-S1 at the same time.

  • It is possible to mix and match SentinelOne deployment types across different customers.


Phase 2: Deploying SentinelOne Agents

Step 1: Choosing the Right Installation Method

SentinelOne offers two primary installation methods:

  1. Installer-based deployment (EXE, MSI, PKG, RPM)

  2. Script-based deployment (MDM, RMM, GPO, Intune, SCCM)

Which method should you choose?

Scenario

Recommended Method

Small-scale deployment

Installer-based (EXE, MSI, PKG, RPM)

Large-scale rollout (100+ devices)

Script-based (MDM, RMM, GPO, SCCM, Intune)

Remote installation

Script-based (MDM, RMM)

Multi-OS environment

Combination of both methods

*Mass deployment via script is recommended for large organizations.


Step 2: Downloading Installation Packages & Scripts

Guardz provides pre-configured SentinelOne installation packages along with deployment scripts that work out-of-the-box.

How to Get the Installation Files

  1. Log into Guardz.

  2. Navigate to Security Controls > Endpoint Security > SentinelOne Managed.

  3. Click "Deploy" to enable the SentinelOne integration.

  4. Select the appropriate OS and architecture (Windows, macOS, Linux).

  5. Download the installer package or deployment script.


Step 3: Deploying SentinelOne Using Mass Deployment Scripts

Why Use Deployment Scripts?

Script-based deployment is recommended for MDM, RMM, and remote installation across multiple devices.

Guardz provides pre-built scripts with all necessary variables included.

Deployment best practices:

  • Group devices by OS/Architecture/Version before running mass deployments.

  • Use MDM/RMM tools (Intune, Jamf, SCCM, GPO) for script execution.

  • Ensure devices have the correct permissions applied before deployment (e.g., Full Disk Access for macOS).

Disclaimer: The provided scripts are for guidance only and should be tested in a non-production environment before deployment.


Step 4: Deploying SentinelOne Per OS

Windows Deployment (EXE/MSI or Script)

Option 1: Installer Deployment (EXE/MSI)

  1. Download the MSI package from Guardz.

  2. Open Command Prompt (Admin) and run:

msiexec /i SentinelOneInstaller.msi /qn /norestart

3. Verify the agent installation in Control Panel > Programs.


Option 2: Script Deployment via MDM/RMM

  1. Deploy the Windows script via GPO, Intune, or SCCM.

  2. Ensure Windows Defender policies are properly configured.

  3. Verify that the SentinelOne agent appears in Guardz > Devices.


macOS Deployment (PKG or Script)

Option 1: Installer Deployment (PKG)

  1. Download the PKG file from Guardz.

  2. Open Terminal and run:

sudo installer -pkg SentinelOneInstaller.pkg -target /

3. Grant Full Disk Access permissions to SentinelOne.


Option 2: Script Deployment via MDM (Jamf, Intune)

  1. Deploy the macOS script via MDM (Intune, Jamf).

  2. Ensure Full Disk Access and System Extension Approval are enabled.

  3. Confirm the SentinelOne agent is running via:

sudo launchctl list | grep sentinelone

Linux Deployment (RPM/DEB or Script)

Option 1: Installer Deployment (RPM/DEB)

  1. Download the Linux package (RPM or DEB).

  2. Open Terminal and install:

sudo dpkg -i SentinelOneInstaller.deb # For Debian-based systems sudo rpm -i SentinelOneInstaller.rpm # For RHEL-based systems

3. Confirm the installation via:

systemctl status sentinelone


Option 2: Script Deployment via SSH or Automation Tool

  1. Deploy the Linux script via Ansible, Puppet, or SSH-based automation.

  2. Ensure the agent registers with Guardz successfully.


Step 5: Post-Deployment Configuration

Verify Device Enrollment in Guardz

After installing SentinelOne:

  1. Log into Guardz.

  2. Navigate to Security Controls > Endpoint Security > Devices.

  3. Check that all endpoints report correctly in Guardz.

Adjust SentinelOne Security Policies

  1. Navigate to Security Controls > Endpoint Security > SentinelOne Managed.

  2. Click the edit icon to modify SentinelOne Policy Settings.

  3. If required, override the global policy settings per customer.

Your SentinelOne agents are now fully deployed & managed via Guardz!


Troubleshooting Deployment Issues

Issue: "Installer Failed to Execute"
Fix:

  • Verify the installer matches the OS architecture (32-bit vs. 64-bit).

  • Run the installer as Administrator (Windows) or with sudo (macOS/Linux).

Issue: "SentinelOne Agent Not Appearing in Guardz"
Fix:

  • Ensure the agent is installed correctly on the endpoint.

  • Verify that the correct Site Token was used during installation.

Issue: "macOS Agent Does Not Have Full Disk Access"
Fix:

  • Deploy an MDM profile that grants Full Disk Access to SentinelOne.

Issue: "Linux Agent Not Running After Installation"
Fix:

  • Run:

    systemctl restart sentinelone
  • Verify SentinelOne logs for errors.

Issue: "Managed SentinelOne is not provisioning."
Fix:

  • Ensure your Guardz account is enabled for the Ultimate Plan.

  • Retry provisioning after a few minutes.

Issue: "SentinelOne installer fails to deploy."
Fix:

  • Verify the correct Site Token is being used.

  • Ensure the endpoint has internet access during installation.

Issue: "Devices not appearing in Guardz."
Fix:

  • Confirm that the SentinelOne agent is successfully installed on the device.

  • Check if the correct SentinelOne site is linked to the Guardz customer.

Issue: "Threats detected in SentinelOne are not showing in Guardz Detection & Response."
Fix:

  • Verify that the SentinelOne Security Control is active in Guardz.

  • Check if the SentinelOne API connection is functioning properly.


Best Practices for SentinelOne Deployment

  • Test deployment in a small group before mass rollout.

  • Use script-based deployment for large-scale installations.

  • Ensure required permissions (e.g., Full Disk Access for macOS) are applied.

  • Monitor Guardz > Devices to ensure proper agent enrollment.


Did this answer your question?