Other resources

Release Notes

Support Knowledge Base
(login required)

Deploy overview

Deploy is a software management module that you can use to rapidly install, update, and remove software across large organizations with minimal infrastructure requirements. You can create deployments to run during a maintenance window that is convenient for your IT operations.

With Deploy, you can accomplish the following tasks:

  • Deploy applications or a group of applications to a flexible set of targets, including computer groups, user groups, departments, locations, individual computers, and individual users.
  • Update existing software installation to the latest available versions.
  • Create custom packages to install, update, and remove applications.

Deployment packages

A Tanium Deploy software package is a combination of source files, metadata, detection logic, and actions that are used to detect, install, update, and remove software from Tanium managed devices.

Each software package contains the following elements:

Package Files (install/source files)

The files needed to silently install an application on a managed device. This includes, but not limited to, msi/exe installer, resource files/folders, configuration files, custom scripts, custom registry files, license keys.

General Information

The vendor, name, and version of the software package. This information is derived automatically from source files when available.

System Requirements

The minimum requirements for this software package to run on the endpoint: minimum operating system and version, minimum disk space, and minimum RAM for the system.

Required Software (prerequisites)

The list of detection rules that are associated with prerequisite software packages. Each prerequisite software package has one or more rules associated with it.

Update Detection

The list of detection rules that are associated with previous versions of this software package. This list determines what previous software installations can be updated by this package.

Operation Type

Each software package has a number of supported operations. Each package has an installation and uninstallation operation type, and has the ability to add named custom operations to the software package.

Install Verification

The list of detection rules to determine if the package installation was complete/successful.

Deployment bundles

A Tanium Deploy software bundle is a list of Deploy software packages that can be deployed and executed in an ordered sequence. Software bundles are used to deploy a list of packages that are used by specific departments or user types.

For more information, see Managing packages and bundles.

Deployment packages gallery

The Tanium Deploy packages gallery is a collection of software packages that you can use to distribute software package templates. These templates include all of the required information for you to import and deploy third-party software.

The supported applications include:

  • 7zip (32/64-bit) - latest version
  • Adobe AIR - latest version
  • Adobe Flash Player (ActiveX/NPAPI/PPAPI) - latest version
  • Dropbox - latest version
  • FileZilla - latest version
  • Google Chrome Enterprise (32/64-bit) - latest version
  • Mozilla Firefox (32/64-bit) - latest version
  • Notepad++ (32/64-bit) - latest version
  • Oracle Java 8 (32/64-bit) - latest version
  • Wireshark (32/64-bit) - latest version
  • Zoom - latest version

For more information, see Managing the packages gallery.

Applicability scans

You can configure how often applicability scans run for the software packages that are in the Deploy software package catalog, and how frequently the applicability status cache is updated.

Applicability scans evaluate endpoints against the required operating system, minimum disk space, memory, and required software. Each software package is evaluated on a routine basis to determine if a Tanium managed device is eligible to install, is eligible for update, installed, or has failed requirements.

Install Eligible

The count of systems where the software is not installed and system requirements are met.

Update Eligible

The count of systems where one or more of the previous versions of the application are detected, and the software package can update those systems.


The count of systems where the software package is already installed.

Update Ineligible

The count of systems where one or more of the previous versions of the application are detected, but the system requirements are not met.

Not Applicable

The count of systems where the system requirements or prerequisites are not met.


A deployment is a one-time or recurring action to install, update, or remove applications on targeted endpoints. For more information, see Deploying packages and bundles.

Maintenance windows

Maintenance windows designate the permitted times that the targeted computer groups are open for deployments to run. You can have multiple maintenance windows, even with overlapping times. Maintenance windows do not interfere with each other. For a deployment to take effect, the deployment and maintenance window times must be met. For more information, see Managing maintenance windows.

Last updated: 11/13/2018 3:09 PM | Feedback