CrowdStrike Falcon gives you real-time threat detection and endpoint security visibility and can be integrated with the Deel platform, surfacing insights to your Deel IT suite. Protect your organization from advanced threats, whether you want Deel's team to keep an eye on your instance or you prefer to maintain full control yourself.
In This Article
- What Is CrowdStrike On-Platform?
- How CrowdStrike Falcon Works
- Packages
- Step-By-Step Setup
- Usage and Tracking
- About CrowdStrike Falcon Sensor
- Renewal or Cancellation
- Frequently Asked Questions
- Resources
What is CrowdStrike On-Platform?
CrowdStrike Falcon is an AI-powered endpoint protection platform that monitors your organization's devices for threats, malware, and suspicious activity. It's now integrated directly into Deel so you can manage your endpoint security without switching between platforms, providing an integrated experience.
CrowdStrike Falcon includes:
- Real-time threat detection across all your devices
- Device and sensor management with policy enforcement
- Threat hunting and response (available only with Enterprise plan)
- Detailed reporting on detections, tactics, and severity levels
- Cloud-protected uninstall to prevent tampering with security tools
How CrowdStrike Falcon Works
CrowdStrike Falcon uses a lightweight agent (Sensor) installed on each endpoint to monitor activity in real-time. When suspicious behavior is detected, the platform analyzes it using AI and expert rules, then escalates critical threats as alerts.
Key operational rules:
- One instance per organization: You can connect one CrowdStrike instance to each Deel organization
- Managed vs. self-managed: With managed plans, Deel handles configuration and updates. With self-managed plans, you maintain full control
- API-based connection: Your CrowdStrike instance connects via Client ID and Client Secret - no complex setup required
- Real-time sync: Detection and device data updates automatically as your environment changes
Packages
Choose between managed and unmanaged plans. With managed plans, Deel's security team handles CrowdStrike for you. With unmanaged plans, you control everything while Deel provides the license and platform integration.
| Plan | Managed | Self-managed |
| Pro | Deel manages your Pro instance, handling all configuration, policy updates, and ongoing optimization | You manage your Pro instance with full control. Deel provides the license and platform integration |
| Enterprise | Deel manages your Enterprise instance plus 24/7 managed threat hunting with expert analysts | You manage your Enterprise instance. Deel provides the license and platform integration, including a dedicated Adversary Overwatch section |
Enterprise offers you more functionalities and a more robust security package, backed by AI intelligence and active escalation management. Speak to our team to know more.
Step-By-Step Setup
Prerequisites
Before you start, you'll need:
- Admin access to your Deel organization
- For self-managed plans: An active CrowdStrike account with a valid subscription which has been purchased through Deel. For clients which already have existing CrowdStrike accounts, reach out to your Deel IT sales representative to learn more about the steps required to transfer.
- CrowdStrike API credentials (Client ID and Client Secret).
Step 1 - Navigate to Endpoint Protection
In the Deel platform, go to IT > Endpoint Protection.
Step 2 - Connect your instance
- Click the Connect button
- Enter your CrowdStrike Client ID and Client Secret
- Click Connect
- Your CrowdStrike dashboard will appear in Deel within moments
For more detailed information on how to integrate Deel <> CrowdStrike, follow the complete CrowdStrike Integration Guide.
If you do not have a CrowdStrike Pro or Enterprise plan, use the Book a Call button to get in touch with our team in order to find out more about this solution.
Usage and Tracking
Overview Tab
The overview tab shows you the security status of your organization's devices at a glance. Let’s walk through its sections.
[ACCORDION] CrowdStrike Falcon Adversary OverWatch
This Falcon Enterprise feature provides 24/7 threat hunting by CrowdStrike's security team.
Threats hunted: Whether suspicious activity was detected during proactive threat hunts and actions performed.
Threats escalated: Whether any threats required escalation to a Falcon alert, actively triggered by the CrowdStrike team.
If you're on Falcon Pro and want to learn more about upgrading, reach out to your Deel account team or use the Upgrade to Premium button.
[ACCORDION] Security Metrics
Detections: New security threats identified on your devices by CrowdStrike’s Sensor installed in each machine.
Prevented attacks: The percentage of detected threats that were blocked.
Contained devices: Devices isolated to prevent threats from spreading.
Total devices: Total active endpoints monitored by Falcon.
Cloud-protected uninstall: Percentage of devices that could be uninstalled without protection. This functionality blocks the device’s user from self-uninstalling Falcon Sensor. Aim for 0%.
- Open the CrowdStrike Falcon Console: Go to Configuration > Sensor Update Policies
- Select the policy assigned to your devices
- Scroll to Uninstall Protection and toggle it On
-
Choose your protection mode:
- a. Bulk Maintenance Mode: One password for all devices
- b. Individual Mode: Unique password per device
- Click Save to push the policy update across your fleet
Sensor status: How many devices are currently online and reporting data via the installed Falcon Sensor.
[ACCORDION] Other sections
Platform distribution: Operating system breakdown across your monitored devices (Windows, macOS, or Linux).
Detections by Tactic: Shows the detected threats broken down by attack method. These can include Machine Learning, Defense evasion, Lateral movement, Malware, Post-Exploit, and others.
Version compliance: Which Falcon sensor versions are running. Ensure you keep all devices on the latest optimized version. More information on Falcon Sensor is in the section below.
Severity breakdown: Once threats appear, this shows them by severity level (critical, high, medium, low, informational).
Recent detections: Table of latest threats, sortable by device, severity, time, and status.
[/ACCORDION]
Device Management Tab
The device management tab lists all your managed devices with details, including:
- Device ID
- Device name
- Sensor version
- Last reported activity
- Platform (OS)
- OS version
- Device groups
- Local IP
- MAC address.
Use the filter buttons to narrow results by sensor version, last reported date, platform, or OS version. Export the device list as CSV for sharing with your IT team, compliance audits, or asset management. For questions about device management, contact your Deel support team.
About CrowdStrike Falcon Sensor
The Falcon sensor is a lightweight program installed on your devices that monitors security events and reports them to CrowdStrike. It provides real-time threat detection, prevention, and detailed endpoint visibility. You can download it from the Deel platform using the 3 dots button in the upper right on the Overview page, or via the CrowdStrike console.
Sensors are regularly updated with the latest security patches and threat intelligence. Each version is labeled with a release number (for example, 7.35.20704.0). The optimized version is the latest and recommended version for all devices.
The Version compliance section tracks which sensor versions are running across your devices. We recommend keeping all devices on the latest version to ensure maximum security protection.
Renewal or Cancellation
Contract Renewals
Your CrowdStrike subscription will auto-renew according to your contract terms.
Disconnecting or Canceling
To disconnect CrowdStrike from Deel:
- Navigate to IT > Endpoint Protection
- Click the settings menu and select Disconnect
- You'll retain all data in your CrowdStrike account; disconnection only removes the Deel integration
- To fully cancel your CrowdStrike subscription, contact your account manager or Deel support
Frequently Asked Questions
[ACCORDION] Where do I find my Client ID and Client Secret?
Log in to your CrowdStrike console and navigate to Settings > API Clients and Keys. If you don't have access, ask your CrowdStrike admin or account manager. You can find more information on setting up your integration in the <CrowdStrike Integration Guide>.
[ACCORDION] Can I connect multiple CrowdStrike instances?
Currently, you can connect one CrowdStrike instance per Deel organization. Contact support if you need guidance for managing multiple environments.
[ACCORDION] What's the difference between Pro and Enterprise?
Pro provides standard threat detection and sensor management. Enterprise includes advanced threat hunting (with managed plans), so you get expert analysts proactively investigating suspicious activity 24/7.
[ACCORDION] What does managed vs. unmanaged mean?
With managed, Deel's team supports the CrowdStrike configuration, policy updates, and optimization. With unmanaged, you maintain full control - Deel just provides the license and the Deel platform integration.
[ACCORDION] Can I switch from unmanaged to managed?
Yes. Contact your account manager to discuss switching plans. They'll help you transition and answer any questions you might have.
[ACCORDION] Is my data secure?
Absolutely. Deel uses industry-standard encryption and follows applicable data protection regulations, including SOC2 and ISO27001. Your CrowdStrike data is transmitted securely and never accessed without explicit permission. More information in our Trust Center.
[ACCORDION] What devices does the Deel IT CS On-Platform functionality support?
Windows, Mac and Linux. No mobile devices are supported at this point. Speak to one of our representatives to know more.
[/ACCORDION]
Resources
Below are some self-serve resources you can use to get started as you begin your journey:
Deel IT resources on endpoint protection
If you run into any issues during this process, please contact CrowdStrike support via:
- phone
- web portal OR
- contact JumpCloud support if deploying via JumpCloud