# How to deploy SentinelOne on macOS devices using Endpoint Central? This document will guide you through the steps involved in deploying Sentinelone to multiple computers running Mac operating system using Endpoint Central's Software Deployment feature. ## Table of Contents 1. [Prerequisites](#prerequisites) - [Custom Configuration Profile](#custom-configuration-profile) 2. [Package Creation for SentinelOne](#package-creation-for-sentinelone) 3. [Deploy SentinelOne to Target Computers](#deploy-sentinelone-to-target-computers) 4. [Upgrading SentinelOne Software](#upgrading-sentinelone-software) ## Prerequisites Mac devices must be enrolled in MDM because configuration profiles, an MDM payload which is used to manage settings and permissions, can only be deployed to enrolled devices. This is essential for remotely installing the SentinelOne and applying the necessary permissions, including PPPC (Privacy Preferences Policy Control), Web Content Filter, and System Extension configurations. Before you install the SentinelOne on macOS devices, deploying PPPC, Web Content Filter and System Extensions configurations is essential. You can deploy them as a single configuration as a [Custom Configuration Profile](#custom-configuration-profile). If your Mac is not enrolled, refer to this [link](https://www.manageengine.com/products/desktop-central/help/computer_configuration/mdm-profile-configuration.html#mac) to complete the MDM enrollment process. **Note:** Kindly ensure that these configurations are successfully deployed on the end machines before deploying the SentinelOne. ## Custom Configuration Profile Follow the steps below to deploy the Custom Configuration Profile. This profile includes the necessary permissions for macOS, such as PPPC, System Extensions, and Network/Web Content Filters. ![Mac Custom Configuration Navigation](https://www.manageengine.com/products/desktop-central/images/custom-config-mac-falcon-navigation.png) 1. In the Endpoint Central console navigate to **Configurations > Configuration > Mac > Custom Configurations Computer Configurations**. ![Mac Custom Configuration Console view](https://www.manageengine.com/products/desktop-central/images/sentinelone-custom-config.png) 2. Specify a **Name** and **Description** for the configuration. 3. Download the [custom configuration profile](https://workdrive.zohoexternal.com/external/c02d1f1f01eb9bb4cc12e8aeb05a39a493ffe438697cf0c6bb106b0bdb62d78c) in the **.mobileconfig** format and upload this file in the **Custom Configuration profile** field using the **Browse** option. 4. Define the target computers to which you are deploying the SentinelOne. 5. Enable the **Execution Settings** if required. 6. Click **Deploy/Deploy Immediately** to deploy your configuration. ## Package Creation for SentinelOne Follow the steps below to create the manual package: 1. Download the SentinelOne installer package for macOS from your SentinelOne management portal. ![Manual Mac Package Creation Navigation](https://cdn.manageengine.com/products/desktop-central/images/mac-package-creation-navigation.png) 2. In the Endpoint Central Console, navigate to *Software Deployment tab > Package Creation > Packages > Add Package > Mac*. ![SentinelOne Software Package Creation](https://www.manageengine.com/products/desktop-central/images/sentinelone-package-creation.png) 3. Enter a name for your package in the **Package Name** field. 4. Provide appropriate license type for the software under **License Type**. 5. Under Installation, upload the following: 1. The file registration token file named **com.sentinelone.registration-token** 2. The SentinelOne installer package file. Example file name: `Sentinel-Release-23-4-1-7125.pkg` 6. Under the **Advanced Options**, provide the below commands in the **Installation Command** field. ```bash sudo cp com.sentinelone.registration-token /tmp && sudo installer -pkg "./[SentinelOne Package File Name].pkg" -target / ``` For example: ```bash sudo cp com.sentinelone.registration-token /tmp && sudo installer -pkg "./Sentinel-Release-23-4-1-7125.pkg" -target / ``` Kindly note that the SentinelOne package file name should be replaced with the installer file downloaded by you in the above given command. 7. Click **Add Package** to create your package. 8. You can view the created package under **Packages**. ## Deploy SentinelOne to Target Computers 1. Under **Packages**, select the package created and click on *Install/Uninstall Software > Mac > Computer Configuration*. 2. Configure the Deployment Policies, as per your requirement. 3. Define the target computers to which you are deploying the SentinelOne application. 4. Configure Execution Settings, as per your requirement. 5. Select Enable notifications and Scheduler settings as per your requirements. 6. Click **Deploy/Deploy Immediately** to deploy the SentinelOne application. ## Upgrading SentinelOne Software To update the SentinelOne software for macOS follow the below steps: 1. Create a software package using the **SentinelOne upgrader package**. 2. Under the **Advanced Options**, provide the below commands in the **Installation Command** field. ```bash sudo /usr/local/bin/sentinelctl upgrade-pkg "./[package file name].pkg" ``` For example: ```bash sudo /usr/local/bin/sentinelctl upgrade-pkg "./Sentinel-Release-25-1-2-8039_macos_v25_1_2_8039.pkg" ``` Kindly ensure to provide the correct `.pkg` file name in the installation command. 3. After creating the SentinelOne upgradation package, [deploy](#deploy-sentinelone-to-target-computers) it to the target computers.