Directory Query overview

With Tanium™ Directory Query, administrators configure access to directory servers, such as Active Directory and Azure AD, for Tanium solutions that require directory access. This centralized location simplifies the administration of directory servers.

Supported directory servers

Directory Query supports the following directory servers:

• Active Directory Domain Services that are running on any version of Microsoft Windows Server that is currently supported by Microsoft
• Azure Active Directory Domain Services

For supported versions, see Microsoft: Search Product and Services Lifecycle Information.

Directory server synchronization

You can add a domain for each directory server to which you want to connect. For each domain, you can specify how Tanium synchronizes with the directory server. You can use a combination of synchronization types across the domains you add.

• Service synchronization: The Tanium Module ServerTanium Cloud connects to the Active Directory server through proxy access. If you use this type, consider the following:
  • The connection to the LDAP server must use LDAP over TLS (also referred to as secure LDAP or LDAPS). For steps to configure LDAPS in Azure Active Directory Domain Services, see Microsoft: Configure secure LDAP for an Azure Active Directory Domain Services managed domain.
  • As a best practice, restrict network traffic to flow only between the IP range for your LDAP server and Tanium Cloud over the associated ports. For port information, see Ports.
  • If you are using Azure Active Directory Domain Services, you must configure Microsoft Azure to allow network connections from Tanium Cloud. For more information, see Microsoft: Lock down secure LDAP access over the internet.
  • You must submit a Tanium Cloud proxy request to allow communication between your Active Directory (either on-premises or Azure) and the Tanium Cloud server. For more information, see Tanium Cloud User Guide: Proxy access.
• Satellite synchronization: The Tanium Module ServerTanium Cloud connects to endpoints that behave as satellites (or proxies) that enable the communication with the Active Directory server.

  The Active Directory domain must use TLS, and the satellite must trust the domain certificate. For more information about satellites, see Tanium Direct Connect User Guide: Managing satellites.

  Use Satellite synchronization to simplify the connection process.

Integration with other Tanium products

Directory Query has built in integration with Tanium™ Criticality and Tanium Direct™ Connect for additional visibility and reporting of related date.

Criticality

Criticality uses Directory Query to connect to directory servers to understand administrative rights in the directory server environment. For more information, see Tanium Criticality User Guide: Criticality overview.

Direct Connect

Use Direct Connect to create Windows satellites to use for satellite synchronization. For more information, see Tanium Direct Connect User Guide: Create satellites.