sentinelone-mobile-threat-defense-connector.md

title	titleSuffix	description	keywords	author	ms.author	manager	ms.date	ms.topic	ms.service	ms.subservice	ms.localizationpriority	ms.assetid	ms.reviewer	ms.suite	search.appverid	ms.custom	ms.collection
SentinelOne MTD connector with Microsoft Intune	Intune on Azure	How to set up SentinelOne Mobile Threat Defense with Microsoft Intune to control mobile device access to your corporate resources.		brenduns	brenduns	dougeby	01/10/2024	how-to	microsoft-intune	protect	high		aanavath	ems	MET150	intune-azure	tier3 M365-identity-device-management

SentinelOne Mobile Threat Defense connector with Intune

You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by SentinelOne, a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the SentinelOne app.

You can configure Conditional Access policies based on SentinelOne risk assessment enabled through Intune device compliance policies for enrolled devices, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.

Supported platforms

• Android 5.0 and later
• iOS 10.0 and later

Prerequisites

• Microsoft Entra ID P1
• Microsoft Intune Plan 1 subscription
• SentinelOne Mobile Threat Defense subscription
  • For more information, see SentinelOne website.

How do Intune and SentinelOne help protect your company resources?

The SentinelOne app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, then sends the telemetry data to the SentinelOne cloud service to assess the device's risk for mobile threats.

• Support for enrolled devices - Intune device compliance policy includes a rule for Mobile Threat Defense (MTD), which can use risk assessment information from SentinelOne. When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the SentinelOne app installed in their devices to resolve the issue and regain access to corporate resources. To support using SentinelOne with enrolled devices:

  • Add MTD apps to devices
  • Create a device compliance policy that supports MTD
  • Enable the MTD connector in Intune

• Support for unenrolled devices - Intune can use the risk assessment data from the SentinelOne app on unenrolled devices when you use Intune app protection policies. Admins can use this combination to help protect corporate data within a Microsoft Intune protected app, Admins can also issue a block or selective wipe for corporate data on those unenrolled devices. To support using SentinelOne with unenrolled devices:

  • Add the MTD app to unenrolled devices
  • Create a Mobile Threat Defense app protection policy
  • Enable the MTD connector in Intune for unenrolled devices

Sample scenarios

See below a few scenarios when integrating SentinelOne with Intune:

Control access based on threats from malicious apps

When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:

• Connecting to corporate e-mail
• Syncing corporate files with the OneDrive for Work app
• Accessing company apps

Block when malicious apps are detected:

:::image type="content" source="./media/sentinelone-mtd-connector/malicious-apps-blocked-sentinelone.png" alt-text="Product flow for blocking access due to malicious apps.":::

Access granted on remediation:

:::image type="content" source="./media/sentinelone-mtd-connector/malicious-apps-unblocked-sentinelone.png" alt-text="Product flow for granting access when malicious apps are remediated.":::

Control access based on threat to network

Detect threats like Man-in-the-middle in network, and protect access to Wi-Fi networks based on the device risk.

Block network access through Wi-Fi:

:::image type="content" source="./media/sentinelone-mtd-connector/network-wifi-blocked-sentinelone.png" alt-text="Product flow for blocking access through Wi-Fi due to an alert.":::

Access granted on remediation:

:::image type="content" source="./media/sentinelone-mtd-connector/network-wifi-unblocked-sentinelone.png" alt-text=" Product flow for granting access through Wi-Fi after the alert is remediated.":::

Control access to SharePoint Online based on threat to network

Detect threats like Man-in-the-middle in network, and prevent synchronization of corporate files based on the device risk.

Block SharePoint Online when network threats are detected:

:::image type="content" source="./media/sentinelone-mtd-connector/network-spo-blocked-sentinelone.png" alt-text="Product flow for blocking access to the organizations files due to an alert.":::

Access granted on remediation:

:::image type="content" source="./media/sentinelone-mtd-connector/network-spo-unblocked-sentinelone.png" alt-text="Product flow for granting access to the organizations files after the alert is remediated.":::

Control access on unenrolled devices based on threats from malicious apps

When the sentinelone Mobile Threat Defense solution considers a device to be infected:

:::image type="content" source="./media/sentinelone-mtd-connector/mobile-app-policy-block-sentinelone.png" alt-text="Product flow for App protection policies to block access due to malware.":::

Access is granted on remediation:

:::image type="content" source="./media/sentinelone-mtd-connector/mobile-app-policy-remediated-sentinelone.png" alt-text="Product flow for App protection policies to grant access after malware is remediated.":::

Next steps

• Integrate sentinelone with Intune

• Set up sentinelone apps

• Create sentinelone device compliance policy

• Enable sentinelone MTD connector

• Create an MTD app protection policy