Directory Query overview
With Tanium™ Directory Query, administrators configure access to directory servers, such as Active Directory and Azure AD, for Tanium solutions that require directory access. This centralized location simplifies the administration of directory servers.
Directory Query supports the following directory servers:
- Active Directory Domain Services that are running on any version of Microsoft Windows Server that is currently supported by Microsoft
- Azure Active Directory Domain Services
For supported versions, see Microsoft: Search Product and Services Lifecycle Information.
In the Directory Query Overview page, you can add a domain for each directory server to which you want to connect. For each domain, you can specify how Tanium synchronizes with the directory server. You can use a combination of synchronization types across the domains you add.
- Service synchronization:
Tanium Cloudconnects to the Active Directory server through proxy access. If you use this type, consider the following:
- The connection to the LDAP server must use LDAP over TLS (also referred to as secure LDAP or LDAPS). For steps to configure LDAPS in Azure Active Directory Domain Services, see Microsoft: Configure secure LDAP for an Azure Active Directory Domain Services managed domain.
- As a best practice, restrict network traffic to flow only between the IP range for your LDAP server and Tanium Cloud over the associated ports. For port information, see Ports.
- If you are using Azure Active Directory Domain Services, you must configure Microsoft Azure to allow network connections from Tanium Cloud. For more information, see Microsoft: Lock down secure LDAP access over the internet.
- You must submit a Tanium Cloud proxy request to allow communication between your Active Directory (either on-premises or Azure) and the Tanium Cloud server. For more information, see Tanium Cloud User Guide: Proxy access.
- Satellite synchronization:
Tanium Cloudconnects to endpoints that behave as satellites (or proxies) that enable the communication with the Active Directory server.
The Active Directory domain must use TLS, and the satellite must trust the domain certificate. For more information about satellites, see Tanium Direct Connect User Guide: Managing satellites.
Use Satellite synchronization to simplify the connection process.
Directory Query has built in integration with Tanium™ Criticality and Tanium Direct™ Connect for additional visibility and reporting of related date.
Criticality uses Directory Query to connect to directory servers to understand administrative rights in the directory server environment. For more information, see Tanium Criticality User Guide: Criticality overview.
Use Direct Connect to create Windows satellites to use for satellite synchronization. For more information, see Tanium Direct Connect User Guide: Create satellites.
Last updated: 11/10/2022 12:22 PM | Feedback