Verifying installation of Endpoint Configuration

Tanium as a Service automatically handles installation of Tanium Client Management and Endpoint Configuration.

For information about how Endpoint Configuration is configured for Tanium as a Service (TaaS), see Configuring Endpoint Configuration.

Endpoint Configuration is installed as part of Tanium Client Management. When you install Client Management the Endpoint Configuration workbench becomes available from the Tanium Console. For more information, see Tanium Client Management User Guide: Installing Client Management.

When you import Client Management, sign in to the Tanium Console with the account that will be used as the Client Management and Endpoint Configuration service account. The Endpoint Configuration service account is set to the account that you used to import the Client Management service, regardless of whether you use automatic configuration when you import Client Management.

(Tanium Core Platform 7.4.5 or later only) Optionally, you can set the Endpoint Configuration action group to target the No Computers filter group by enabling restricted targeting before importing Client Management. This option prevents Endpoint Configuration from automatically deploying tools to endpoints. To configure an action group, see Tanium Console User Guide: Managing action groups. To enable or disable restricted targeting, see Tanium Console User Guide: Dependencies, default settings, and tools deployment.

The following default setting is configured:

When you import Client Management (regardless of whether you use automatic configuration), the following default settings are configured for Endpoint Configuration:

SettingDefault Value
Action group

The action group is set to the All Computers computer group.

  • Restricted targeting disabled (default): All Computers computer group
  • Restricted targeting enabled: No Computers computer group

If you use restricted targeting to set the Endpoint Configuration action group to target the No Computers filter group, make sure you set the action group to target the appropriate endpoints (typically All Computers) before using any modules: see Configure the Endpoint Configuration action group. Modules cannot deploy configurations or tools to endpoints that are not targeted by the Endpoint Configuration action group. Use the appropriate targeting groups within modules to control targeted deployment of configurations or tools.

If you import Client Management with restricted targeting disabled. leave Leave the Endpoint Configuration action group set to the default of All Computers. If you use restricted targeting to set the Endpoint Configuration action group to target the No Computers filter group, set the action group to target the All Computers computer group before using any modules. If you have endpoints with operating systems that are not supported by Endpoint Configuration, contact Tanium Support.

Service account

The service account is set to the account that you used to import the Client Management service.

Configuring a unique service account for each Tanium solution is an extra security measure to consider in consultation with the security team of your organization. See Configure the service account.

Verify Endpoint Configuration version

After you import or upgrade Client Management, verify that the correct version of Endpoint Configuration is installed:

  1. Refresh your browser.
  2. From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
  3. To display version information, click Info Info.

Troubleshoot problems

If you experience problems with configuring Endpoint Configuration, see Troubleshooting Endpoint Configuration.