Endpoint Configuration requirements

Review the requirements before you install and use Endpoint Configuration.

Tanium dependencies

In addition to a license for Endpoint Configuration, make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later
Tanium™ Client 7.2.314.2311 or later. Some Tanium solutions that manage the deployment of configuration changes with Tanium Endpoint Configuration might require a higher client version.
Tanium products If you selected Install with Recommended Configurations when you installed Endpoint Configuration, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules with which you are usingEndpoint Configuration, as described under Tanium Console User Guide: Manage Tanium modules.
Computer groups

When you first log into the Tanium Console after a fresh installation of Tanium Server 7.4.2 or later, the server automatically imports the computer groups that Endpoint Configuration requires.

For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups: see Create computer groups.

Tanium™ Module Server

Endpoint Configuration is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For more information, see Tanium Core Platform Installation Guide: Host system sizing guidelines.

Endpoints

Supported operating systems

The following endpoint operating systems are supported with Endpoint Configuration

  • Windows
  • macOS 
  • Linux
  • AIX
  • Solaris

For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements

Host and network security requirements

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   Endpoint Configuration security exclusions
Target Device Notes Process
Module Server   <Tanium Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

User role requirements

The following tables list the role permissions required to use Endpoint Configuration. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Each Tanium Solution features a role such as <Solution Name> Configuration Approver that grants a <solution name> endpoint configuration approve permission. This permission is required for a user to make approvals in Endpoint Configuration. For the exact names of solution-specific roles and permissions, see the user guide for the specific Tanium solution.

Table 2:   Endpoint Configuration user role permissions
Permission Endpoint Configuration Administrator Endpoint Configuration Service Account

Show Endpoint Configuration

Allows the user to see the Endpoint Configuration workbench



Show Endpointconfiguration

Allows the user to see the Endpoint Configuration workbench

Endpoint Configuration Service Account Write

Allows users to write the service account for Endpoint Configuration



Endpoint Configuration Module Use

Endpoint Configuration Read

Allows users to read endpoint configurations



Endpoint Configuration Service Account Read

Allows users to write the service account for Endpoint Configuration



Endpoint Configuration Use API

Perform Endpoint Configuration operations using the API

Endpoint Configuration Module Register

Provides the Endpoint Configuration service account permission to register Tanium solutions with Endpoint Configuration

Endpoint Configuration Service Account

Allows service account credentials to the user

Endpoint Configuration Reject

Allows the user to reject configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Dismiss

Allows the user to dismiss configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Write

Allows the user to write configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Approve

Allows the user to approve configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Bypass Approval

You can apply this permission to module service accounts, and based on the content set, it bypasses approval for solution-generated configuration items, for example tools or intel deployment.

You can apply this permission to a user account, and based on the content set, it bypasses approval for user-generated configuration items.

2 2

1 This permission is provided to a solution specific role for managing configuration approvals.

2 This permission is not provided by default to any roles.

Table 3:   Provided Endpoint Configuration Micro Admin and Advanced user role permissions
Permission Role Type Content Set for Permission Endpoint Configuration Administrator Endpoint Configuration Service Account
Read Computer Group Micro Admin  
Read Filter Group Micro Admin  
Read Action Group Micro Admin  
Read Action Advanced Endpoint Configuration
Execute Plugin Advanced Endpoint Configuration
Read Plugin Advanced Endpoint Configuration
Write Action Advanced Endpoint Configuration
Write Package Advanced Endpoint Configuration
Read Own Action Advanced Endpoint Configuration
Read Package Advanced Endpoint Configuration
Show Preview Advanced Endpoint Configuration
Read Plugin Advanced Endpoint Configuration

Last updated: 10/28/2020 1:04 PM | Feedback