top of page
Copy of data center.jpg

Welcome to ECS LEAD

Your Trusted Microsoft Partner

5 min read

Mastering MSI Silent Installation for FortiClient and SentinelOne in Intune

The Importance of Silent Installations in Modern IT

Why Silent Installations Are a Game-Changer

Silent installations have become a crucial tool in modern IT management, especially for businesses deploying software across multiple devices. A silent installation allows software to be installed without requiring any user interaction, which means users aren't prompted with installation screens, questions, or options. This can save time for IT administrators, ensure consistency across installations, and avoid potential user errors during the setup process.


Key Benefits for IT Admins and End-Users

For IT administrators, silent installations reduce manual intervention and streamline deployment across large networks. For the end-users, silent installs mean they don’t have to pause their work or click through installation wizards. The software is deployed behind the scenes, and the user experience remains uninterrupted, which is especially important when pushing essential security software like FortiClient and SentinelOne.


Common Pitfalls to Avoid During Silent Installations

While silent installations are efficient, there are a few common challenges:

  • Wrong command-line parameters: Using incorrect arguments in the installation command can lead to failed deployments.

  • User configuration errors: Failing to configure software properly for each user can cause functionality issues.

  • Lack of monitoring: Without post-installation checks, some installations may fail without notice.

Addressing these issues in your planning can ensure smoother silent installations.


A person wearing a green jacket and holding a smartphone is waiting at a counter while someone hands over a food package. The individual appears to be a food delivery worker, with a green delivery bag slung over their shoulder.

Preparing for MSI Silent Installation

What You Need Before You Begin

Before starting your silent installation, gather the following:

  • The MSI installation files for FortiClient and SentinelOne.

  • A site token for SentinelOne, which is required to authenticate the installation with your company’s security policy.

  • Access to Intune or another deployment tool to distribute the MSI packages across your network.


Gathering the Right Files: FortiClient and SentinelOne MSI

Download the MSI files directly from Fortinet and SentinelOne’s official portals. Ensure that you are using the correct version of the MSI files compatible with your environment. For SentinelOne, confirm that you have the appropriate site token, as it will be needed for the command line during installation.


Configuring Intune for Smooth Deployment

Make sure your Intune environment is ready for deployment:

  1. Navigate to the Apps section in Intune.

  2. Upload the MSI files for both FortiClient and SentinelOne.

  3. Use the command-line arguments during the app configuration stage to ensure a silent installation.

Ensure that your App Configuration Policies in Intune are correctly set to target the right user groups or devices. This will help you manage software deployment more effectively.


FortiClient Silent Installation: Step-by-Step Guide

Essential Command-Line Arguments for FortiClient

For a basic silent installation of FortiClient, you can use the following command:

msiexec /i "FortiClient.msi" /quiet /norestart ADDLOCAL=ALL

This command ensures that FortiClient is installed without user prompts (/quiet), and the system will not reboot automatically (/norestart). The ADDLOCAL=ALL option specifies that all components of FortiClient will be installed.


Customizing Installations with Additional Parameters

If you need to customize the installation, such as integrating FortiClient with an EMS server, you can add parameters like:

msiexec /i "FortiClient.msi" /quiet /norestart ADDLOCAL=ALL SERVERADDR="ems.yourdomain.com"

This additional parameter allows the client to automatically connect to your EMS server during installation, streamlining the configuration for network security.


Verifying the FortiClient Installation in Intune

Once FortiClient has been deployed via Intune, you can verify the success of the installation:

  • Check the Intune Deployment Status to ensure no errors occurred.

  • Confirm that the software is functional on user devices.

  • Use Fortinet’s diagnostic tools or Intune’s reporting features to track installation issues.


Common Issues and How to Fix Them

Debugging Installation Failures

If the FortiClient installation fails, it’s usually related to:

  • Incorrect command-line arguments.

  • Missing permissions on user devices. Check Intune’s logs for error codes, and review the MSI logs on the client machines for specific troubleshooting details.


Troubleshooting Configuration Errors

In cases where the software installs but fails to connect to your EMS server, ensure that the SERVERADDR is correct, and that the required network ports are open on the user’s device.


Deploying SentinelOne with a Site Token

Understanding the Site Token Requirement

The site token is a unique identifier that SentinelOne uses to authenticate installations within your organization’s environment. This token ties the installation to your security policies and ensures the endpoint is properly enrolled.


Command Syntax for SentinelOne Silent Installation

To install SentinelOne silently with a site token, use this command:

msiexec /i "SentinelOneInstaller.msi" /quiet /norestart SITE_TOKEN="your-site-token-here"

Replace "your-site-token-here" with your actual site token provided by SentinelOne.


Ensuring the Token Is Correctly Applied

The SITE_TOKEN must be correct, or the installation will fail. Ensure that you retrieve the token from the SentinelOne console and double-check that no characters are missing when you apply it to the command line.


A close-up shot of a silver laptop, partially open, with a soft gradient of pink and orange light reflecting off its surface. The laptop's sleek design is highlighted in the image.

Testing and Validating SentinelOne Installations

Post-Installation Checks for SentinelOne

After deploying SentinelOne, confirm that it is fully functional:

  • Use the SentinelOne Management Console to check if the devices have been successfully enrolled.

  • Confirm that the real-time protection is activated on user devices.


Ensuring Proper Integration with Intune

Ensure that Intune recognizes the installation, and use Intune’s reporting tools to track if any endpoints failed during the deployment process. Also, consider running compliance checks to ensure the antivirus is working correctly.


Best Practices for Intune Deployment

Automating Installations Across Multiple Devices

Automation is key when deploying across hundreds or thousands of devices. In Intune, use dynamic groups to automatically target new devices for installation based on predefined criteria like operating system or device ownership.


At ECS LEAD, we specialize in helping businesses automate and streamline their IT processes. Our team can work with you to fully configure your Intune environment, ensuring you get the most out of silent installations and other advanced deployment features. Whether you’re struggling with FortiClient, SentinelOne, or another application, we can assist you in making the process hassle-free. Reach out to us to discover how we can optimize your software deployment strategy.


Ensuring Zero-Impact on End-Users During Deployment

A smooth deployment process minimizes interruptions to end-users. Always schedule deployments during off-hours or use Intune’s maintenance window features to prevent installations from affecting productivity.


Security and Compliance Considerations

How Silent Installations Affect Your Security Policies

Silent installations ensure that security software like SentinelOne and FortiClient are installed on every device, without users opting out or skipping installation. This guarantees compliance with your organization’s security policies and reduces the risk of unprotected devices.


Keeping Deployment Logs for Audit Purposes

Always keep detailed logs of deployments, especially for security-related software. Intune provides logging tools that allow you to track which devices received the software and which installations may have failed. This ensures compliance with audit requirements and helps you troubleshoot quickly when needed.


Optimizing Your Silent Installation Strategy

Fine-Tuning Command-Line Arguments for Different Environments

Different environments may require adjustments to the command-line arguments used during installation. For instance, certain user groups might need fewer features of FortiClient, or some devices might require a deferred restart. Fine-tuning your installation commands can ensure compatibility across diverse devices.


Continuous Monitoring and Updates for Installed Software

After the initial deployment, continuously monitor and update the software to ensure it’s running the latest versions. Both FortiClient and SentinelOne regularly release updates that patch vulnerabilities and improve performance, so configure Intune to automatically push updates as needed.

A sleek and modern office environment with a cool blue tone, featuring rows of clean white workstations and comfortable office chairs. The floor has a glossy finish that reflects the light streaming in from the large windows, creating a bright and airy atmosphere. The office is currently empty, highlighting the organized and minimalistic design aesthetic.

Find Your Cloud Fit

Looking for the ideal cloud solution that elevates your business? Our experts are ready to guide you to the perfect match. Whether it’s clarifying options or addressing specific needs, we’re here to streamline your journey to the cloud.

bottom of page