Feature Spotlight: Announcing Native Support for Apple M1

SentinelOne is pleased to announce the early availability (EA) of our Sentinel agent v5.0, the first endpoint security agent with native support for the Apple M1 CPU. Recently, Apple made the strategic decision to switch its Mac design architecture from an Intel x86 over to its own Apple M1, an 8-core CPU built upon the ARM architecture. Apple has already begun shipping product with the M1 in volume and, for reasons related to cost and user experience, are keen to accelerate and complete that transition fully. So, what does this mean for endpoint security customers?

Native Support for M1

Let’s begin by clarifying what native M1 support means. “Native” means that our Sentinel agent has been ported, validated, and compiled on the M1 architecture and does not run under the Rosetta 2 emulation layer. The Rosetta 2 translater lets apps developed on the x86 architecture run on the M1 architecture. Apple released the Rosetta 2 emulation layer as a stop-gap measure, to allow developers time to port their apps to M1 and to enable customers to use their apps during the transition period from x86 to M1.

Unlike alternative endpoint security solutions, our Sentinel agent does not rely upon Rosetta 2 emulation at all. This is an important customer consideration for a couple of reasons.

First, there is performance: all things being equal, natively-developed applications simply perform better. Secondly, according to recent reporting based upon inspection of macOS 11.3 code, the future of Rosetta 2 support is very much in question, as the code suggests Apple may stop support for it in certain countries. Naturally, this is unwelcome news for global enterprises. Apps that rely upon Rosetta 2 emulation would no longer work on macOS 11.3 in certain regions. The net effect is that until vital apps like endpoint security are natively compiled on the M1, Macs in certain countries may be unable to upgrade to macOS 11.3. Admins will have to manage regional rollouts and relentlessly pursue their security vendors to finish their native support of the M1 platform. And of course, Security teams will be forced to upgrade their macOS 11.3 endpoint security agent when it becomes available. Not the case for SentinelOne customers.

SentinelOne has abstracted away all this complexity by having completed the necessary work of M1-native development. Our customers do not have to worry about a future agent upgrade forced upon them when Rosetta 2 goes EOL.

Also, SentinelOne does not force customers to upgrade agents. When SentinelOne customers decide the benefits of the latest agent version outweigh the incremental effort of an automated upgrade at a time that is convenient for them (e.g., within maintenance windows), they simply schedule it, right in the management console.

A Single Installer

Recognizing that most customers likely still have a mixed fleet of macOS endpoints, we provide a single installer package that includes the universal binary of our Sentinel agent compiled on both Intel and M1 architectures. There is no change to the installation flow, regardless of platform. That’s one less thing to think about. Again, just another small way we seek to make endpoint security easier for our customers.


Native support for the Apple M1 CPU architecture means our endpoint security customers enjoy the performance, flexibility, and security advantages that only the SentinelOne Singularity Platform provides natively to the Apple M1.

And, there are many other reasons to like what is available with our kextless macOS Sentinel agent 5.0 – capabilities like network quarantine and autonomous AI-powered detection of macOS-specific threats such as Silver Sparrow and XcodeSpy.

Want to learn more? See why more customers are choosing SentinelOne, speak with an expert, or arrange a demo of the latest capabilities. At SentinelOne, we never stop innovating and we always remember – our customers come first.