Endpoint Configuration requirements
Review the requirements before you install and use Endpoint Configuration.
Tanium dependencies
In addition to a license for Endpoint Configuration, make sure that your environment meets the following requirements.
| Component | Requirement |
|---|---|
| Tanium™ Core Platform | 7.3.314.4250 or later |
| Tanium™ Client | 7.2.314.2311 or later. Some Tanium solutions that manage the deployment of configuration changes with Tanium Endpoint Configuration might require a higher client version. |
| Tanium products | If you selected Install with Recommended Configurations when you installed Endpoint Configuration, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules with which you are usingEndpoint Configuration, as described under Tanium Console User Guide: Manage Tanium modules. |
| Computer groups |
When you first log into the Tanium Console after a fresh installation of Tanium Server 7.4.2 or later, the server automatically imports the computer groups that Endpoint Configuration requires. For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups: see Create computer groups. |
Tanium™ Module Server
Endpoint Configuration is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.
For more information, see Tanium Core Platform Installation Guide: Host system sizing guidelines.
Endpoints
Supported operating systems
The following endpoint operating systems are supported with Endpoint Configuration.
- Windows
- macOS
- Linux
- AIX
- Solaris
For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements
Host and network security requirements
Security exclusions
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe |
User role requirements
Each Tanium Solution features a role such as <Solution Name> Configuration Approver that grants a <solution name> endpoint configuration approve permission. This permission is required for a user to make approvals in Endpoint Configuration. For the exact names of solution-specific roles and permissions, see the user guide for the specific Tanium solution.
| Permission | Endpoint Configuration Administrator | Endpoint Configuration Service Account |
|---|---|---|
|
Show Endpoint Configuration Allows the user to see the Endpoint Configuration workbench |
|
|
|
Show Endpointconfiguration Allows the user to see the Endpoint Configuration workbench |
|
|
|
Endpoint Configuration Service Account Write Allows users to write the service account for Endpoint Configuration |
|
|
|
Endpoint Configuration Module Use |
|
|
|
Endpoint Configuration Read Allows users to read endpoint configurations |
|
|
|
Endpoint Configuration Service Account Read Allows users to write the service account for Endpoint Configuration |
|
|
|
Endpoint Configuration Use API Perform Endpoint Configuration operations using the API |
|
|
|
Endpoint Configuration Module Register Provides the Endpoint Configuration service account permission to register Tanium solutions with Endpoint Configuration |
|
|
|
Endpoint Configuration Service Account Allows service account credentials to the user |
|
|
|
Endpoint Configuration Reject Allows the user to reject configuration changes in Endpoint Configuration |
1 | 1 |
|
Endpoint Configuration Dismiss Allows the user to dismiss configuration changes in Endpoint Configuration |
1 | 1 |
|
Endpoint Configuration Write Allows the user to write configuration changes in Endpoint Configuration |
1 | 1 |
|
Endpoint Configuration Approve Allows the user to approve configuration changes in Endpoint Configuration |
1 | 1 |
|
Endpoint Configuration Bypass Approval You can apply this permission to module service accounts, and based on the content set, it bypasses approval for solution-generated configuration items, for example tools or intel deployment. You can apply this permission to a user account, and based on the content set, it bypasses approval for user-generated configuration items. |
2 | 2 |
|
1 This permission is provided to a solution specific role for managing configuration approvals. 2 This permission is not provided by default to any roles. |
||
| Permission | Role Type | Content Set for Permission | Endpoint Configuration Administrator | Endpoint Configuration Service Account |
|---|---|---|---|---|
| Read Computer Group | Micro Admin |
|
|
|
| Read Filter Group | Micro Admin |
|
|
|
| Read Action Group | Micro Admin |
|
|
|
| Read Action | Advanced | Endpoint Configuration |
|
|
| Execute Plugin | Advanced | Endpoint Configuration |
|
|
| Read Plugin | Advanced | Endpoint Configuration |
|
|
| Write Action | Advanced | Endpoint Configuration |
|
|
| Write Package | Advanced | Endpoint Configuration |
|
|
| Read Own Action | Advanced | Endpoint Configuration |
|
|
| Read Package | Advanced | Endpoint Configuration |
|
|
| Show Preview | Advanced | Endpoint Configuration |
|
|
| Read Plugin | Advanced | Endpoint Configuration |
|
|
Last updated: 10/28/2020 1:04 PM | Feedback