SentinelOne is launching a ready-to-use integration in Azure Active Directory (AD). The so-called Singularity App for Azure AD allows administrators to have user policies in Azure AD automatically changed when SentinelOne detects an endpoint threat.

To understand how the introduction works, an understanding of SentinelOne’s security approach is of importance.

The organization develops and delivers the means required to protect endpoints from malware. SentinelOne requires a software installation on the endpoints to be protected, ranging from Windows servers, PCs, macOS and Linux devices to Kubernetes containers, virtual machines in the cloud and IoT devices. Once present on an endpoint, SentinelOne signals relevant data to its so-called Singularity Platform. This platform runs in the cloud and includes SentinelOne’s functionality. Endpoints are held against AI models to identify malware. Devices can be controlled from the Singularity Platform, enabling organizations to address encountered threats from a centralized environment. Lastly, the platform points out vulnerabilities in endpoints and the entire network.

In short: SentinelOne aims for complete endpoint security by analyzing data, making endpoints centrally controllable and presenting the weaknesses of an environment. The latter creates visibility into vulnerabilities. Therefore, threats can not only be remedied, but prevented as well. At least, that is the goal. The Singularity Platform remains a guest in an organization’s environment. Functionality depends on gaining access to endpoints. SentinelOne requests, an organization answers by configuring the software on an endpoint and the system can get to work. SentinelOne has limited control over the authorization of other users and applications. An obstacle, because it is precisely this control that is of serious value for threat prevention.

The introduction of the SentinelOne App for Azure Active Directory (AD) bridges the challenge.

How so?

Azure AD is currently responsible for authenticating every user who logs into a Microsoft 365, Office 365 application, Azure or Dynamics environment. Microsoft also makes the technology available to developers and organizations that want to control access to their proprietary environments and applications. The market calls it cloud-based identity and access management (IAM).

The SentinelOne App for Azure AD describes an official, ready-to-use integration of SentinelOne into Azure AD. With the integration, SentinelOne receives authorization to flexibly adjust user access to endpoints according to threats found. Suppose an organization uses SentinelOne and the new SentinelOne App for AD. An employee logs into a Microsoft 365 app and opens a malicious file. As described earlier, the malware can be fought from the Singularity Platform. Now, a key process unfolds simultaneously: SentinelOne signals the problem to Azure Directory, from where the user’s access is blocked or restricted, depending on the configuration an organization chooses. The problem can no longer be exacerbated by a user’s action, which is especially essential in cases where the user is not the person he or she claims to be.

The Singularity App for Azure Active Directory is available immediately for organizations that use SentinelOne’s endpoint security.