Configuring Tanium Cloud

Tanium™ Cloud automatically handles initial configuration for Tanium Cloud, but you can set up additional Tanium Cloud users.

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

Review Endpoint Configuration settings

The following default setting is configured:

Setting Default Value
Action group

The action group is set to the All Computers computer group.

For information about initially configuring Endpoint Configuration, see Tanium Endpoint Configuration User Guide: Configuring Endpoint Configuration.

Solutions cannot perform configuration changes or tool deployment through Endpoint Configuration on endpoints with action locks turned on. As a best practice, do not turn on action locks. For more information about action locks, see Tanium Console User Guide: Managing action locks.

Set up Tanium Cloud users

You can use the following set of predefined user roles to set up Tanium Cloud users.

To review specific permissions for each role, see User role requirements for Tanium Cloud.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Client Management Downloader

Assign the Client Management Downloader role to users who download installation packages for the Tanium Client.

Client Management Operator

Assign the Client Management Operator role to users who download installation packages for the Tanium Client or investigate issues with specific clients.

This role can perform the following tasks:

  • Download installation packages for the Tanium Client.

  • Directly connect to endpoints to view detailed client health information.

Client Management Upgrade Operator

Assign the Client Management Upgrade Operator role to users who manage upgrades of the Tanium Client on endpoints.

This role can perform the following tasks:

  • Upgrade the Tanium Client on endpoints.

  • manage versions of the Tanium Client that are available for upgrades.

To configure a user who can only view client health information and connect to endpoints to access detailed client health and troubleshooting information, assign the following roles:

  • Direct Connect User
  • A custom role with the following permissions:
    • Clientmanagement Show
    • Client-Management Direct Connect
    • Client-Management View Health

For information about creating a custom role, see Tanium Console User Guide: Configure a custom role, and for information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

Manage versions of the Tanium Client available for upgrades

Your Tanium Cloud instance must download and cache the installers for each version of the Tanium Client that you want to use in client upgrades. The Tanium Cloud instance caches the latest version by default. When you synchronize the manifest and a new version is available, the Tanium Cloud instance automatically caches the new version, but it does not remove the previously cached version. You can manually cache other specific versions that you want to use in client upgrades.

  1. From the Main menu, go to Administration > Shared Services > Client Management.

  2. From the Tanium Cloud menu, click Client Versions.

  3. (Optional) To download the latest manifest for Tanium Client installers from content.tanium.com, click Synchronize Manifest.

  4. Beside each version that you want to cache for client upgrades, click Cache Packages .

    To remove the cached packages for a version that is no longer needed and free up storage space, click Clear Package Cache beside that version. That version is not available for client upgrades until you cache it again. You cannot remove the cached packages for a version that is selected in an existing client upgrade.