Deploying SentinelOne Agent to Windows Machines via Intune Endpoint Manager

This guide will serve as a general walkthrough for configuring the SentinelOne agent to deploy from Intune.

First, you will want to grab your site token, you could also use a group token.

Next, grab the latest .msi package of SentinelOne available for Windows, this can be done from the SentinelOne portal.

Now we are going to create a bash file named install.cmd, and paste the command below inside:

msiexec /i “<AgentPackage>” SITE_TOKEN=“<sitetoken>” /q 

You will want to replace AgentPackage with the full name of the installer file, and fill in the site token (or replace with group_token). The /q parameter will keep the installation silent, and you can also add /norestart if desired.

Move the bash script to a folder along with the latest SentinelOne package, and run IntuneWinAppUtil.exe.

Enter the path to the folder:

Please specify the source folder:

Point it to the install.cmd we created:

Please specify the setup file: 

Add an output path:

Please specify the output folder:

Do not need to specify catalog folder.

Upload the Win32 .intunewin file to Intune as a Win32 app and use the settings below:

Install command: Install.cmd
Uninstall command: Install.cmd
Install behavior: system
Device restart behaviour: App install may force a device restart

For detection rules, choose “Manually configure detection rules” and use the following settings:

Rule Type: File
Path: C:\Program Files\
File or folder: SentinelOne
Detection method: File or folder exists
Associated with a 32 bit a or 64 bit clients: No

Assign to your users, and allow some time for the app to push out.