SentinelOne Deployment and Best Practices

Overview

Addigy Security Suite powered by SentinelOne offers advanced endpoint protection for macOS devices. This guide provides step-by-step instructions and best practices for deploying SentinelOne agents using Addigy’s integrated workflows, ensuring optimal security posture for managed Apple devices.

Requirements

Make sure to meet the following requirements before starting deployment:

• Security Suite enabled for your Addigy Organization.
• Access to the Threats Dashboard in Addigy.
• Administrator permissions and access to the appropriate device Policies in Addigy.
• Supported devices: macOS Ventura (13.x) and higher are supported.
• Pre-deployment assessment: Check for any existing Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), antivirus (AV) software or VPNs deployed on target devices. Remove or disable those that may conflict with SentinelOne to avoid interference and ensure a smooth rollout. If multiple solutions are needed, please test appropriately for compatibility review.

Deployment Steps

1. Review Your Environment
   • Audit devices targeted for deployment.
   • Confirm no existing security or VPN tools will conflict with SentinelOne.
2. Prepare a Test Policy
   • Use an existing policy or create a new one in Addigy specifically for initial testing.
   • Add a test device to this policy for staged rollout.
3. Enable SentinelOne Integration
   • Enable the Security Suite integration within the policy.
   • During setup, review the default SentinelOne configuration called, Standard Configuration, which follows best practices. Adjust configurations for site-specific needs via the "Change Configuration" option.

   • 

4. Deploy SentinelOne
   • Add SentinelOne to your chosen test (or production) policy in Addigy.
   • Devices within the policy will receive the SentinelOne agent along with required MDM configuration profiles for automatic and silent deployment.
     • Configuration profiles include necessary permissions, such as Full Disk Access, System/Network Extensions, and Content Filter.
     • Deployment of a Network Extension (Content Filter) is required to allow SentinelOne to monitor network activity and provide complete protection.
       • Note: Temporary network disruption may occur during installation if multiple content filters (from VPNs, Content Filter apps, or other EDRs) are present. Test thoroughly before wide deployment. Please see this article on how to Disable SentinelOne Network Filtering.

1. Verify Assignment
   • Check the policy within Addigy to ensure SentinelOne shows as ‘enabled’ and verify assignment timestamps against deployment activities.
2. Confirm Deployment Success
   • Navigate to the "Sentinels > Endpoints" section in your SentinelOne management console to view enrolled devices and their protection status.
   • Alternatively, refer to Addigy’s Activity Log to review deployment progress and confirm successful installations.
3. Post-Deployment Actions (Optional)
   • Explore advanced SentinelOne features such as Policy-based alerts, custom reports, and remediation workflows through the SentinelOne Portal dashboard.
   • For additional configuration, visit Addigy/Support documentation or contact Addigy Support.

Additional Notes

Only the above steps are required to enable and verify the SentinelOne integration through Addigy.

• For ongoing management, monitor health, alerts, and perform upgrades using the Addigy Threats Dashboard or SentinelOne’s dedicated interface as needed.
• For information on disabling Content Filtering or resolving deployment issues, refer to Addigy Support documentation or contact support.