Enforcing Zero-Trust on macOS via Jamf and SentinelOne

Overview Managing Apple devices in a predominantly Windows-centric MSP environment is often treated as an afterthought. However, relying on basic MDM profiles is no longer sufficient. To achieve true Zero-Trust, macOS fleets require the same stringent Endpoint Detection and Response (EDR) and identity controls as their Windows counterparts. This guide details the architectural implementation of enforcing Zero-Trust on macOS using Jamf Pro for orchestration, SentinelOne for threat hunting, and Keeper for MFA-backed identity management. ...

May 3, 2026 · 2 min · Alfred van Ster

SecOps: SentinelOne Global Threat Scraper

When a new 0-day vulnerability or a suspicious file hash is identified, waiting for a scheduled scan is not an option. This PowerShell tool utilizes the SentinelOne Management API to “scrape” the entire fleet for specific indicators of compromise (IOCs). 1. The Workflow The script performs the following steps: Authentication: Connects via API Token to the S1 Management Console. Query: Requests a list of all endpoints where a specific file hash or process has been detected in the last 24 hours. Reporting: Generates a CSV list of infected Hostnames, IP addresses, and the “Detection State” (Mitigated vs. Active). 2. The Implementation # S1 API Configuration $ApiToken = "YOUR_API_TOKEN" $BaseUrl = "[https://your-console.sentinelone.net/web/api/v2.1](https://your-console.sentinelone.net/web/api/v2.1)" $Header = @{ "Authorization" = "Token $ApiToken" } # Define the Threat Hash to hunt for $TargetHash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" # Search for the hash across the site $Response = Invoke-RestMethod -Uri "$BaseUrl/threats?contentHashes=$TargetHash" -Method Get -Headers $Header if ($Response.data) { Write-Host "ALERT: Threat detected on $($Response.data.count) endpoints!" -ForegroundColor Red $Response.data | Select-Object computerName, lastActiveDate, threatName | Export-Csv -Path "./ThreatReport.csv" } else { Write-Host "Clear: No matches found for the target hash." -ForegroundColor Green }

January 10, 2026 · 1 min · Alfred van Ster