Configuring End-User Notifications

If you did not install End-User Notifications with the Apply All Tanium recommended configurations option, you must enable and configure certain features.

(Tanium Core Platform 7.4.5 or later only) You can set the End-User Notifications action group to target the No Computers filter group by enabling restricted targeting before adding End-User Notifications to your Tanium licenseimporting End-User Notifications. This option enables you to control tools deployment through scheduled actions that are created during the import and that target the Tanium End-User Notifications action group. For example, you might want to test tools on a subset of endpoints before deploying the tools to all endpoints. In this case, you can manually deploy the tools to an action group that you configured to target only the subset. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

When you import End-User Notifications with automatic configuration, the following default settings are configured:

The following default settings are configured for End-User Notifications:

Setting Default value
Action group
  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group
Service account

The service account is set to the account that you used to import the module.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure service account.
End-User Notifications configurations
  • A default End-User Notifications configuration is created.
  • The End-User Notifications tools are distributed to endpoints.

Configure End-User Notifications

Configure service account

The service account is a user that runs background processes for End-User Notifications. This user requires the Content Administrator and End-User Notifications Administrator roles or the Tanium Administrator role.

For more information about End-User Notifications permissions, see User role requirements.

If you imported End-User Notifications with default settings, the service account is set to the account that you used to perform the import. Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization.

  1. On the End-User Notifications Home page, click Settings and open the Service Account tab.
  2. Update the service account settings and click Submit.

(Optional) Configure the End-User Notifications action group

Importing the End-User Notifications module automatically creates an action group to target specific endpoints. If you did not use automatic configuration or you enabled restricted targeting when you imported End-User Notifications, the action group targets No Computers.

If you used automatic configuration and restricted targeting was disabled when you imported End-User Notifications, configuring the End-User Notifications action group is optional.

Select the computer groups to include in the End-User Notifications action group.

Clear the selection for No Computers and make Make sure that all operating systems that are supported by End-User Notifications are included in the End-User Notifications action group.

  1. From the Main menu, go to Administration > Actions > Action Groups.
  2. Click Tanium End-User Notifications.
  3. Select the computer groups that you want to include in the action group and click Save.
    If you select multiple computer groups, choose an operator (AND or OR) to combine the groups.

Customize the End-User Self Service Client

Add a company logo and relevant information to personalize the End-User Self-Service experience.

You must create at least one End-User Notifications configuration. For more information about creating a configuration, see Create a configurationCustomizing the End-User Self Service interface.

Set up End-User Notifications users

You can use the following set of predefined user roles to set up End-User Notifications users.

To review specific permissions for each role, see User role requirements.

For more information about assigning user roles, see Tanium Core Platform User Guide: Manage role assignments for a user.

End-User Notifications Administrator

Assign the End-User Notifications Administrator role to users who manage the configuration and deployment of End-User Notifications functionality to endpoints.

End-User Notifications Endpoint Configuration Approver

Assign the End-User Notifications Endpoint Configuration Approver role to a user who approves or rejects End-User Notifications configuration items in Tanium Endpoint Configuration. This role can approve, reject, or dismiss End-User Notifications configuration changes.

End-User Notifications Endpoint Configuration Operator

Assign the End-User Notifications Operator role to users who manage most configurations and deployment of End-User Notifications functionality to endpoints.

End-User Notifications Endpoint Configuration Read Only User

Assign the End-User Notifications Read Only User role to users who need visibility into End-User Notifications settings but do not need rights to update them.

Initialize endpoints

End-User Notifications installs a set of tools on each endpoint that you have targeted. Initializing endpoints configures the End-User Notifications Tools to be installed on any compatible endpoint in the End-User Notifications action group. You must complete this procedure any time the action group is changed.

  1. On the End-User Notifications Overview page, click Help , and then click Support if needed.
  2. Click Initialize Endpoints and confirm your action.

After deploying the tools for the first time, endpoints can take up to four hours to display status.