Endpoint Configuration overview
Use Endpoint Configuration to deliver configuration information to endpoints consistently for all Tanium solutions that are available in an environment. Endpoint Configuration consolidates the configuration actions that traditionally accompany additional Tanium functionality and eliminates the potential for timing errors that occur between when a solution configuration is made and the time that configuration reaches an endpoint. Managing configuration in this way greatly reduces the time to install, configure, and use Tanium functionality, and improves the flexibility to target specific configurations to groups of endpoints.
Endpoint Configuration adds solution-specific configurations to a configuration manifest and uses one consistent action to distribute it to all endpoints. All the configuration data that reaches the endpoint is then sensitive to changes that affect the endpoint. For example, the configuration is not applied to an endpoint if the endpoint is no longer a member of the relevant targeting group.
Other Tanium solutions use Endpoint Configuration to install client extensions and any other needed tools on endpoints. You can review installed endpoint tools in Endpoint Configuration, and you can use the packages provided by Endpoint Configuration to restart, uninstall, reinstall, block, or unblock endpoint tools as necessary.
Configurations combine solution-specific data and targeting information—for example, a computer group or the results of a sensor. Examples of configurations could be a change to a Tanium Threat Response profile that targets one or more computer groups, or an updated Tanium Patch scan configuration that targets one or more endpoints that match the results of a sensor.
Solution administrators can evaluate and configure the priority for configuration items to address specific scenarios. For example, consider a patching scenario where all Windows endpoints must receive all patches but Windows servers must receive only security related patches. Since a Windows Server target is more specific than a Windows Endpoint target, a solution administrator can configure that setting as having higher priority.
Because a service account that is managed by the System User service distributes the configuration changes, these changes automatically bypass action approval at the Tanium Platform level if it is enabled.
When configuration approval is enabled, Endpoint Configuration creates an approval for each configuration that is a candidate for deployment to targeted endpoints. When an approval appears in Endpoint Configuration, a configuration approver with appropriate credentials can approve or reject the approval. Each approval displays the domain (the Tanium solution to which it applies), a category for that domain, and a description of the configuration change that would be deployed to the targeted endpoints if approved. To show the effect that deploying the configuration change to the targeted endpoints would have, each approval also displays a before-and-after comparison of the configuration change that would be made.
You can use Endpoint Configuration audit logs as a connection source. For more information, see Reviewing and exporting the audit log.
Other Tanium solutions
The following table lists solutions for which Endpoint Configuration manages configuration changes
|Tanium Solution||Configuration Changes
|Tanium™ Direct Connect|
|Tanium™ Integrity Monitor|
|Tanium™ Threat Response|
Content-only Tanium Solutions
Additionally Endpoint Configuration manages tool deployment for content-only solutions that provide content but do not have a service or workbench. For more information, see View and manage content-only solutions.
Last updated: 1/30/2023 4:46 PM | Feedback