The Tanium Client is a service installed on endpoint computers that discovers and reports data from those endpoints. Deploy the Tanium Client using the Tanium Client Management shared service, an installation wizard (Windows and macOS endpoints only), or the client command-line interface. You can monitor client health using Client Management.

If you plan to deploy the Tanium Client using third-party software distribution tools, this guide provides useful information but does not describe tool-specific procedures. Some tools that you can use are System Center Configuration Manager (SCCM), Altiris, LANDESK, Puppet, and Casper. For details on using a third-party tool with Tanium installers, refer to the documentation for that tool.

For an illustrated example of a Tanium Client deployment, see Network connectivity, ports, and firewalls.

Tanium Client

In response to your questions in Tanium™ Interact, the Tanium Client discovers both static and dynamic real-time data pertaining to the endpoint and reports within seconds. This data can include the following information:

  • Hardware and software inventory
  • Software configuration
  • Local or domain user details
  • Installed applications or services, startup programs, and running processes
  • Existence of Windows registry keys and values
  • Windows Management Instrumentation (WMI) data elements
  • File system details, including identification of files by hash or contents
  • Event log results
  • Network configuration settings and state

With similar speed, you can use the Tanium Client to execute commands, actions, scripts, or other executable programs, as if an authorized administrator were taking actions from the command line on the target endpoint. For example, you can send the Tanium Client an instruction to take the following actions:

  • Install or uninstall applications or services
  • Update or patch installed applications, services, hardware drivers, or firmware
  • Manage installed applications or services
  • Add, remove, or modify the Windows Registry settings or other configuration stores
  • Add, remove, or modify files or the contents of files
  • Start or stop services

These powerful features enable large, geographically distributed organizations to identify and respond to a zero-day exploit, security breach, or application outage in seconds or minutes rather than days and weeks.

For information about how the Tanium Client registers with Tanium™ Cloud the Tanium Server or Zone Server, peers with other Tanium Clients, and distributes files, see Tanium Client concepts.

Tanium Client Management service

The Tanium Client Management service provides tools to help deploy and manage the Tanium Client in your environment. With Client Management, you can rapidly deploy the Tanium Client to targeted sets of endpoints, and you can upgrade or reinstall existing clients as needed.With Client Management, you can easily download installation packages to install the Tanium Client on endpoints. You can also continuously monitor the health of all installed clients to help quickly identify, diagnose, and resolve issues with clients.

Client download

Download installation packages to install the Tanium Client to Windows, Linux, or macOS endpoints.

Client deployment

Deploy the Tanium Client to targeted sets of Windows, Linux, macOS, Solaris, or AIX endpoints.

Before you begin the deployment process, determine the set of endpoints that you are going to target. You can target by single IP, computer name, IP or CIDR range, or label that you define in Tanium™ Discover.

To deploy clients, create client configurations and credentials. Then use those configurations to create deployments, which are targeted at specific sets of unmanaged endpoints. The Tanium Module Server installs the Tanium Client on the targeted endpoints. Depending on the results, you can reuse the configurations to try deployments again or target different sets of endpoints.

If you are deploying the Tanium Client to endpoints that cannot be reached directly from the Tanium Module Server, such as those connected to a Zone Server, you can configure client settings, and then download and manually deploy an installation bundle.

Client configurations

Create client configurations that are specific to a deployment. The settings in a client configuration include the version of the Tanium Client to deploy and the Tanium Server or Zone Server with which to associate the client. Client configurations can also contain tags, which identify the endpoints after the client is installed.


Configure a list of credentials that the Module Server uses to sign in to endpoints for installation of the Tanium Client. The Module Server attempts to install the Tanium Client on endpoints using each set of credentials in the order in which you defined them.


Create and run a deployment that defines the targeted endpoints and deploys the Tanium Client to those endpoints. You can also choose whether to upgrade or reinstall existing clients that are in the targeted group.

Client health monitoring

After clients are installed, you can use Client Management to continuously monitor client health. Quickly identify outliers and issues by viewing aggregated information for clients on supported operating systems. Diagnose specific issues with Windows, Linux, and macOS clients by directly connecting and exploring individualized client health information.

Client settings management

Use the Client Management service to create client settings configurations that apply client settings (such as logging level and cache size) to different groups of clients.

Client upgrade

Use client upgrades in Client Management to upgrade the Tanium Client on endpoints that have earlier versions installed. A client upgrade targets specific computer groups and upgrades any endpoints in those groups to the specified version as the endpoints become available. Create a one-time upgrade to upgrade clients within a specified window of time. Create an ongoing upgrade to keep clients upgraded to the latest version of the Tanium Client or to upgrade clients that are later added to the targeted group to a selected version.

Interoperability with other Tanium products


You can apply labels to the unmanaged interfaces that are identified with Discover and then target endpoints using those labels. You can also configure a deployment to re-run automatically when a selected Discover label is updated.


You can manage Index exclusions and blockout windows in Client Management.


Client Management features Trends boards that provide data visualization of Client Management concepts, including successful and failed deployments, and the versions of the Tanium Client that were deployed. The following panels are in the Tanium Client Management board:

  • Tanium Client versions deployed
  • Tanium Client versions deployed - latest
  • Successful installations
  • Deployment failures

The Successful installations and Deployment failures panels apply only to deployments using Client Management.

Though the Successful installations and Deployment failures panels appear in the Tanium Client Management board in Trends, they do not apply in Tanium Cloud since deployment with Client Management is not available in Tanium Cloud.

For more information about how to import the Trends boards that Client Management provides, see Tanium Trends User Guide: Importing the initial gallery.