Installing Endpoint Configuration
Tanium as a Service automatically handles module installations and upgrades.
Endpoint Configuration is installed as part of Tanium Client Management. When you install Client Management the Endpoint Configuration workbench becomes available from the Tanium Console. For more information, see Tanium Client Management User Guide: Installing Client Management.
- Automatic configuration with default settings (Tanium Core Platform 7.4.2 or later only): Endpoint Configuration is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Endpoint Configuration, see Import and configure Endpoint Configuration with default settings.
- Manual configuration with custom settings: After installing Endpoint Configuration, you must manually configure required settings. Select this option only if Endpoint Configuration requires settings that differ from the recommended default settings. For more information, see Import and configure Endpoint Configuration with custom settings.
- Read the release notes.
- Review the Endpoint Configuration requirements.
- Assign the correct roles to users for Endpoint Configuration. Review the User role requirements.
- To import the Endpoint Configuration solution, you must be assigned the Administrator reserved role or a role that has the Import Signed Content permission.
- To configure the Endpoint Configuration action group, you must be assigned the Administrator reserved role, Content Administrator reserved role, or a role that has the Write Action Group permission.
To import Endpoint Configuration without automatically configuring default settings, follow the steps in Tanium Console User Guide: Manage shared services and content. After the import, verify that the correct version is installed: see Verify Endpoint Configuration version.
The service account is a user that runs several background processes for Endpoint Configuration. This user requires one of the following combinations of roles:
- Tanium Administrator
- Endpoint Configuration Service Account and Endpoint Configuration Service Account Read All Sensors
If action approval is enabled for Tanium Core Platform, you must either use the Endpoint Configuration Service Account and Endpoint Configuration Service Account Read All Sensors roles for the service account, or, if you are using the Tanium Administrator role, grant the Bypass Action Approval permission to the Endpoint Configuration service account. For more information, see Tanium Console User Guide: Managing action approval.
For more information about Endpoint Configuration permissions, see User role requirements.
- From the Main menu, click Endpoint Configuration to open the Endpoint Configuration Overview page.
- Click Settings and open the Service Account tab.
- Update the service account settings and click Save.
- From the Main menu, click Administration > Actions > Scheduled Actions.
- From the list of action groups, click Endpoint Configuration.
- Click Edit, select computer groups to include in the action group, and click Save.
After you import or upgrade Endpoint Configuration, verify that the correct version is installed:
- Refresh your browser.
- From the Main menu, go to Administration > Shared Services > Endpoint Configuration to open the Endpoint Configuration Overview page.
- To display version information, click Info .
If you experience problems with installing Endpoint Configuration, see Troubleshooting Endpoint Configuration.
Last updated: 5/6/2021 9:59 PM | Feedback