Endpoint Configuration requirements

Review the requirements before you install and use Endpoint Configuration.

Tanium dependencies

In addition to a license for Endpoint Configuration, make sure that your environment meets the following requirements.

Component Requirement
Tanium™ Core Platform 7.3.314.4250 or later
Tanium™ Client Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client User Guide: Client version and host system requirements.

If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Some Tanium solutions that manage the deployment of configuration changes with Tanium Endpoint Configuration might require a higher client version.

Tanium products If you selected Install with Recommended Configurations when you installed Client Management, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules with which you are using Endpoint Configuration, as described under Tanium Console User Guide: Manage Tanium modules.
Computer groups

When you first log into the Tanium Console after a fresh installation of Tanium Server 7.4.2 or later, the server automatically imports the computer groups that Endpoint Configuration requires.

For earlier versions of the Tanium Server, or after upgrading from an earlier version, you must manually create the computer groups: see Create computer groups.

Tanium™ Module Server

Endpoint Configuration is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

For more information, see Tanium Core Platform Installation Guide: Host system sizing guidelines.

Endpoints

Supported operating systems

The following endpoint operating systems are supported with Endpoint Configuration.

Operating System Version Notes
Windows A minimum of Windows 7 SP1 or Windows Server 2008 R2 SP1 is required.  
macOS Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.  
Linux Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.  
AIX A minimum of AIX 7.1.4 is required. The IBM XL C++ runtime libraries file set (xlC.rte), version 16.1.0.0 or later, and the IBM LLVM runtime libraries file set (libc++.rte) must be installed. For installation instructions, see Tanium Client User Guide: Deploying the Tanium Client to AIX endpoints.
Solaris Same as Tanium Client support. See Tanium Client User Guide: Host system requirements.  

For Tanium Client operating system support, see Tanium Client User Guide: Host system requirements.

Some modules that work with Endpoint Configuration have more specific requirements for endpoints. For more information, see the user guide for each module.

Host and network security requirements

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   Endpoint Configuration security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

User role requirements

The following tables list the role permissions required to use Endpoint Configuration. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Each Tanium Solution features a role such as <Solution Name> Configuration Approver that grants a <solution name> endpoint configuration approve permission. This permission is required for a user to make approvals in Endpoint Configuration. For the exact names of solution-specific roles and permissions, see the user guide for the specific Tanium solution.

Table 2:   Endpoint Configuration user role permissions
Permission Endpoint Configuration Administrator Endpoint Configuration Service Account

Show Endpoint Configuration

Allows the user to see the Endpoint Configuration workbench



Show Endpointconfiguration

Allows the user to see the Endpoint Configuration workbench

Endpoint Configuration Service Account Write

Allows users to write the service account for Endpoint Configuration



Endpoint Configuration Module Use

Endpoint Configuration Read

Allows users to read endpoint configurations



Endpoint Configuration Service Account Read

Allows users to write the service account for Endpoint Configuration



Endpoint Configuration Use API

Perform Endpoint Configuration operations using the API

Endpoint Configuration Module Register

Provides the Endpoint Configuration service account permission to register Tanium solutions with Endpoint Configuration

Endpoint Configuration Service Account

Allows service account credentials to the user

Endpoint Configuration Reject

Allows the user to reject configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Dismiss

Allows the user to dismiss configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Write

Allows the user to write configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Approve

Allows the user to approve configuration changes in Endpoint Configuration

1 1

Endpoint Configuration Bypass Approval

You can apply this permission to module service accounts, and based on the content set, it bypasses approval for solution-generated configuration items, for example tools or intel deployment.

You can apply this permission to a user account, and based on the content set, it bypasses approval for user-generated configuration items.

2 2

1 This permission is provided to a solution specific role for managing configuration approvals.

2 This permission is not provided by default to any roles.

Table 3:   Provided Endpoint Configuration Micro Admin and Advanced user role permissions
Permission Role Type Content Set for Permission Endpoint Configuration Administrator Endpoint Configuration Service Account
Read Computer Group Micro Admin  
Read Filter Group Micro Admin  
Read Action Group Micro Admin  
Read Action Advanced Endpoint Configuration
Execute Plugin Advanced Endpoint Configuration
Read Plugin Advanced Endpoint Configuration
Write Action Advanced Endpoint Configuration
Write Package Advanced Endpoint Configuration
Read Own Action Advanced Endpoint Configuration
Read Package Advanced Endpoint Configuration
Show Preview Advanced Endpoint Configuration
Read Plugin Advanced Endpoint Configuration