SentinelOne + Google Workspace Compliance
Ensure every Google Workspace user has a SentinelOne agent deployed, checked daily.
Overview
Uses Google Workspace as the authoritative user/device directory and validates that every device has a running SentinelOne agent. Outputs a daily Slack report of non-compliant users.
Who this is for: Google Workspace-first organizations using SentinelOne as their EDR
Why automate this
The same EDR visibility gap that Google Workspace users face with CrowdStrike applies to SentinelOne. This playbook gives SentinelOne shops on Google Workspace the same daily compliance coverage.
How it works
- 01
Scheduled daily trigger
- 02
Query the Google Workspace Admin SDK for users and their devices
- 03
Query SentinelOne for all managed endpoints
- 04
Find devices present in Workspace but missing in SentinelOne
- 05
Post a compliance report to Slack
Impact
Closes the Google Workspace EDR visibility gap
Daily automated compliance reporting
Maintains SentinelOne coverage baselines
Zero manual effort per check
Related playbooks
Keep automating
CrowdStrike + Google Workspace EDR Compliance
Validate CrowdStrike Falcon is installed on every Google Workspace user's device, reported daily.
SentinelOne + Okta EDR Compliance Validation
Daily check that every Okta user has a SentinelOne agent running on their device.
CrowdStrike + Okta EDR Compliance Validation
Daily check that every Okta-enrolled employee has a CrowdStrike agent running on their device.
Bring this playbook into your SOC
See Deployer Workflows in action with a live walkthrough of this playbook. We'll show you how to connect your SIEM, EDR, and ticketing tools in under 15 minutes.